Hi Andrew,

If you're distributing your plugin for WordPress, you would want to ensure
that it doesn't contain any OAuth consumer keys (API keys) or secrets within
the source code. You'd instruct implementors to come to
http://dev.twitter.com/apps to create an application and give them a UI or
configuration file to enter their consumer key and consumer secret in a safe
place resistant to tampering.

In short, your analysis is correct. There are cases where you might more
tightly control the distribution of your plugin and the hosts that utilize
it where these best practices might be a bit more flexible.

Taylor Singletary
Developer Advocate, Twitter

On Wed, Apr 28, 2010 at 10:54 AM, Andrew <tweetligh...@gmail.com> wrote:

> I am in the process of creating a plugin for wordpress.  I was told
> that when using oauth with a plugin I can't actually make the plugin
> act natively because each time that the plugin is installed each user
> has to have their own api credentials is this correct?
> Thanks in advance!

Reply via email to