Lee, TwitPic and TweetPhoto use Basic Auth for this; if you post a photo to TwitPic via the API, you've got to pass the Twitter username and the password. It works for those APIs, so it should work for yours. OAuth don't (yet) provide a good solution for the scenario you describe; until they do, Basic Auth is fine.
My recommendation is that you -never- store those login credentials that are passed and require them on every API method call; you're just safer that way for obvious reasons. On Nov 30, 6:19 pm, "LeeS - @semel" <[email protected]> wrote: > Here's the situation: > > My app lets users OAuth via Twitter as their login. Simple and > standard. > > Now, I've created an API for my app. I want other apps, say Twitter > clients, to be able to use my app, as if they are one of my app's > users. What's the best way to let the user authorize that app to use > my app? Do I have to implement OAuth myself, and then have the user > OAuth twice, once into my app and once into Twitter via my app to let > my app access Twitter? That's a lot of screens for the user to go > through. > > I'm curious how you'd handle this, and if there's a simpler solution. > > Lee
