user streams, right now, uses basic auth. user streams are in a preliminary
/ experimental stage - we do not recommend (john would use stronger words)
using them in production.  we will be implementing oauth on the streaming
api soon-ish.

On Wed, Apr 28, 2010 at 4:10 PM, Aral Balkan <> wrote:

> A question on this and how it relates to User Streams. Unless I'm
> mistaken (only took a cursory look/played around with User Streams),
> User Streams uses Basic Auth. So if my app uses both the User Streams
> API and the REST API, I have to both use xAuth for the REST calls and
> store the username/password to use for User Streams.
> Am I missing something?
> Thanks,
> Aral
> On Tue, Apr 27, 2010 at 11:48 PM, John Meyer <>
> wrote:
> > On 4/27/2010 4:38 PM, Taylor Singletary wrote:
> >>
> >> The twitter screen name is less of a concern, yes John. But a Twitter
> >> username can take an email address also, which isn't information
> >> otherwise provided by the API and is personally identifiable and
> >> especially dangerous when stored in conjunction with a password. A
> >> screen name, in context with data we return to you falls under our
> >> rather liberal caching policies -- you get the screen name along with
> >> the user id as a response to a valid access token request.
> <snip>

Raffi Krikorian
Twitter Platform Team

Reply via email to