Developer Policy

Set yourself up for success

You can avoid many potential pitfalls while using the Twitter API by ensuring that your service has been built the right way from day 1. This section of the Developer Policy contains rules that all developers must follow before using the Twitter API or Twitter Content.

We review all proposed uses of the Twitter developer platform to verify policy compliance — so you’re required to disclose (and update, as applicable) your planned use of the Twitter API and Twitter Content in order to be granted and to maintain access. All new developers must apply for a developer account to access the Twitter API. Current developers without an approved developer account must apply for one as directed to do so by Twitter. As part of this process, you’ll need to provide us with a written description of your intended uses of the Twitter API and Twitter Content.

Your use case description is binding on you, and any substantive deviation from it may constitute a violation of our rules and result in enforcement action. You must notify us of any substantive modification to your use case and receive approval before you may begin using Twitter Content for that new purpose. Failure to do so may result in suspension and termination of your API and data access. You can update your use case by visiting our API Policy Support form, selecting I need to update my developer use case, or as otherwise agreed by Twitter.

By building on the Twitter API or accessing Twitter Content, you must comply with ALL Twitter policies. These include this Developer Policy, the Automation Rules, the Display Requirements, the API Restricted Uses Rules, the Twitter Rules, the Twitter Brand Resources, the Periscope Community Guidelines, and the Periscope Trademark Guidelines, as well as any other agreements you enter into with Twitter relating to your use of the Twitter API or Twitter Content, including but not limited to the Developer Agreement or a Master Licensing Agreement or Order (as applicable). You must also comply with any modifications to these policies and any new policies launched by Twitter. It is your responsibility to monitor the use of your service and to design your service to prevent violations of Twitter policy by people who use it. Failure to do so may result in suspension or termination of your API and Twitter Content access.

You may not register multiple applications for a single use case or substantially similar or overlapping use cases. In this context, a “use case” is a consistent set of analyses, displays, or actions performed via an application. Please note that providing the same service or application to different people (including “white label” versions of a tool or service) counts as a single use case.

As a single exception to these rules, you may create and use a maximum of 3 applications for development, staging, and production instances of the same service. These apps must be registered to a single account, and should be clearly identified (in the name and description) as dev, staging, and prod instances of a single service. You may not use development or staging applications for production purposes.

You must keep all API keys or other access credentials private. You may not use, and may not encourage or facilitate others to use, API keys or other access credentials owned by others.

Your license agreement with Twitter limits your use of the Twitter API and Twitter Content. Among other things, the Twitter API has rate limits which help to ensure fair data usage and to combat spam on the platform. You may not exceed or circumvent rate limits, or any other limitations or restrictions described in this Policy or your agreement with Twitter, listed on the Developer Site, or communicated to you by Twitter.

You may not remove or alter any proprietary notices or marks on Twitter Content received via the Twitter API. This helps to make sure that people know where Twitter Content is coming from, and who it belongs to.

For data integrity and platform health reasons, you may not interfere with, intercept, disrupt, or disable any features of the Twitter API or the Twitter service. In other words, use the APIs as intended and documented on developer.twitter.com. Refer to our HackerOne guidelines for more details about acceptable use.

Privacy and control are essential

Twitter takes privacy seriously, and we expect everyone using Twitter Content and the Twitter API to do the same. Any use of the Twitter developer platform, Twitter API, or Twitter Content in a manner that is inconsistent with peoples’ reasonable expectations of privacy may be subject to enforcement action, which can include suspension and termination of API and Twitter Content access.

Your commitment to privacy and control must extend to all uses of Twitter Content and all aspects of the service that you build using our API. To that end, the people using your service must understand and consent to how you use their data, and how you access Twitter on their behalf. This can be accomplished through providing people with a clear, comprehensive, and transparent privacy policy, as well as ensuring that you get express and informed consent from each person using your service before taking any action on their behalf. Please note that a person authenticating into your service does not by itself constitute consent.

Consent & permissions

In particular, you must get express and informed consent from people before doing any of the following:

• Taking any actions on their behalf. This includes (but is not limited to): 

  • Posting content to Twitter

  • Following/unfollowing accounts

  • Modifying profile or account information

  • Starting a Periscope Broadcast

  • Adding hashtags or any other content to Tweets
     

• Republishing content accessed by means other than via the Twitter API or other Twitter tools

• Using someone’s Twitter Content to promote a product or service

• Storing non-public content such as Direct Messages (DMs), or any other private or confidential information

• Sharing or publishing protected content, or any other private or confidential information

If your service allows people to post content to Twitter you must do the following before publishing:

• Show exactly what will be published

• Make it clear to people using your service what geo information (if any) will be added to the content

If your service allows people to post content to both your service and Twitter, you must do the following before publishing:

• Obtain permission to post the content

• Explain where you will post the content

You must respect the protected and blocked status of all Twitter Content. You may not serve content obtained using one person’s authentication token to a different person who is not authorized to view that content.

• Protected accounts: A protected account’s content is only available to people who have been approved by the owner to follow that account. So, if you run a service that accesses protected accounts, you may only do so to serve such content to the specific people with permission to view that content.

• Blocked accounts: People on Twitter are able to block access to their accounts for any reason they choose. Commingling information obtained from tokens (or any other API-based action) to bypass this choice is not permitted.

As Direct Messages (DMs) are non-public in nature, services that provide DM features must take extra steps to safeguard personal privacy. You may not serve DM content to people who are not authorized to view that content. If your service provides DM functionality you must also:

• Notify people if you send read receipt events for DMs. You can do this by providing a notice directly in your service, or by displaying read receipts from other participants in a conversation.

• Get consent before configuring media to be sent in a DM as "shared" (i.e. reusable across multiple DMs). If you do allow media in a DM to be “shared,” you must provide a clear notice that this content will be accessible to anyone with the media’s URL.

Content compliance

If you store Twitter Content offline, you must keep it up to date with the current state of that content on Twitter. Specifically, you must delete or modify any content you have if it is deleted or modified on Twitter. This must be done as soon as reasonably possible, or within 24 hours after receiving a request to do so by Twitter or the applicable Twitter account owner, or as otherwise required by your agreement with Twitter or applicable law. This must be done unless otherwise prohibited by law, and only then with the express written permission of Twitter.

Modified content can take various forms. This includes (but is not limited to): 

• Content that has been made private or gained protected status
  

• Content that has been suspended from the platform

• Content that has had geotags removed from it

• Content that has been withheld or removed from Twitter

Off-Twitter matching

We limit the circumstances under which you may match a person on Twitter to information obtained or stored off-Twitter. Off-Twitter matching involves associating Twitter Content, including a Twitter @handle or user ID, with a person, household, device, browser, or other off-Twitter identifier. You may only do this if you have express opt-in consent from the person before making the association, or as described below.

In situations in which you don’t have a person’s express, opt-in consent to link their Twitter identity to an off-Twitter identifier, we require that any connection you draw be based only on information that someone would reasonably expect to be used for that purpose. In addition, absent a person’s express opt-in consent you may only attempt to match your records about someone to a Twitter identity based on:

• Information provided directly to you by the person. Note that records about individuals with whom you have no prior relationship, including data about individuals obtained from third parties, do not meet this standard; and/or

• Public data. “Public data” in this context refers to:

  • Information about a person that you obtained from a public, generally-available resource (such as a directory of members of a professional association)

  • Information on Twitter about a person that is publicly available, including:

    • Tweets

    • Profile information, including an account bio and publicly-stated location

    • Display name and @handle

Your privacy policy

You must display your service’s privacy policy to people before they are permitted to download, install, or sign up to your service. It must disclose at least the following information:

• The information that you collect from people who use your service

• How you use and share that information (including with Twitter)

• How people can contact you with inquiries and requests regarding their information

Your privacy policy must be consistent with all applicable laws, and be no less protective of people than Twitter’s Privacy Policy and the privacy policy of our other services and corporate affiliates. You must cease your access to the Twitter API and the use of all Twitter Content if you are unable to comply with your and/or Twitter’s Privacy Policy.

Using geo-data

Use of geo data comes with additional restrictions due to the sensitive nature of this information. If your service adds location information to Tweets or Periscope Broadcasts, you must disclose to people:

• When you add location information

• Whether you add location information as a geotag or annotations data

• Whether your location information is listed as a place, or as geographic coordinates

If your application allows people to Tweet with their location you must comply with Twitter’s geo guidelines in full. 

Any use of location data or geographic information on a standalone basis is prohibited. You may not (and may not permit others to) store, aggregate, or cache location data and other geographic information contained in Twitter Content, except as part of a Tweet or Periscope Broadcast. For example, you may not separate location data or geographic information out from Tweets to show where individuals have been over time. Heat maps and related tools that show aggregated geo activity (e.g.: the number of people in a city using a hashtag) are permitted.

Twitter passwords

You may not store Twitter passwords, or request that people provide their Twitter password, account credentials, or developer application information (including consumer key) to you directly. We suggest the use of Sign-in with Twitter as the authentication tool to link your service and people on Twitter.

Platform usage guidelines

Have you taken care to review Twitter’s policies and set up your API access the right way? Does your service follow Twitter’s privacy and control guidelines? If you can answer yes to these two questions, then you are ready to start using the Twitter API and Twitter Content. Twitter’s Platform Usage Guidelines provide the assistance needed to ensure that your use of Twitter Content is compliant from day 1 throughout the lifecycle of your service. We suggest reviewing these rules on a regular basis to make sure that your integration is operating in a way that is safe and beneficial to people on Twitter and the Twitter platform as a whole.

Spam, bots, and automation

The use of the Twitter API and developer products to create spam, or engage in any form of platform manipulation, is prohibited. You should review the Twitter Rules on platform manipulation and spam, and ensure that your service does not, and does not enable people to, violate our policies.

Services that perform write actions, including posting Tweets, following accounts, or sending Direct Messages, must follow the Automation Rules. In particular, you should: 

• Always get explicit consent before sending people automated replies or Direct Messages

• Immediately respect requests to opt-out of being contacted by you

• Never perform bulk, aggressive, or spammy actions, including bulk following

• Never post identical or substantially similar content across multiple accounts

If you’re operating an API-based bot account you must clearly indicate what the account is and who is responsible for it. You should never mislead or confuse people about whether your account is or is not a bot. A good way to do this is by including a statement that the account is a bot in the profile bio.

Twitter performance benchmarking

You may not use the Twitter API to measure the availability, performance, functionality, or usage of Twitter for benchmarking, competitive, or commercial purposes. For example, you should never use the Twitter API to:

• Calculate aggregate Twitter metrics, such as the total number of Monthly Actives (MAs) or Daily Actives (DAs)

• Calculate aggregate Periscope metrics, such as total number of broadcast views

• Calculate aggregate Twitter Tweet metrics, such as the total number of Tweets posted per day, or the number of account engagements

• Measure or analyze the responsiveness of Twitter

• Measure or analyze spam or security on Twitter, except as permitted below

We support research that helps improve conversational health on Twitter. You may use the Twitter API and Twitter Content to measure and analyze topics like spam, abuse, or other platform health-related topics for non-commercial research purposes. You may not develop, create, or offer commercial services using the Twitter API or Twitter Content that measure, analyze, or attempt to identify behaviors or content which violate Twitter policies without express written permission from Twitter.

If you have questions about whether your use case qualifies as non-commercial research for this purpose please submit a request via the API Policy Support form.

Public display of Tweets

You must maintain the integrity of all Twitter Content that you display publicly or to people who use your service. If you don’t use Twitter for Websites to display content, then you must use the Twitter API to retrieve the most current version available for display. If displayed content ceases to be available through the Twitter API, then you must remove it from your service as soon as reasonably possible, or within 24 hours after the receipt of a removal request from Twitter, or the applicable Twitter account owner, or as otherwise required by applicable law.

There are specific rules you must follow if you display Twitter Content offline.  Follow the guidelines for using Tweets in broadcast if you display Tweets offline. Follow the guidelines for using Periscope Broadcasts if you display Periscope Broadcasts offline.

If you embed or display Tweets, you must contact us about your Twitter API access if your site exceeds 10 million daily impressions. Twitter reserves the right to require additional terms as a condition to your use of the Twitter API.  Additional restrictions on Twitter for Websites developer use include:

• Embedded Tweets and/or embedded timelines
  
  
  • You must provide people with legally sufficient notice that fully discloses Twitter’s collection and use of data about browsing activities on your website, including for interest-based advertising and personalization. You must also obtain legally sufficient consent from people for such collection and use
    
  • You must provide legally sufficient instructions on how people can opt out of Twitter’s interest-based advertising and personalization as described here
     
• Twitter for Websites widgets
  
  
  • You must ensure that people are provided with clear and comprehensive information about, and consent to, the storing and accessing of cookies or other information on their devices as described in Twitter’s cookie use, where providing such information and obtaining such consent is required by law
     
• Services targeted to children under 13
  
  
  • Services targeted to children under 13 must opt out of tailoring Twitter in any embedded Tweet and/or embedded timelines by setting the opt-out parameter to be ‘true’ as described here

Content redistribution

The best place to get Twitter Content is directly from Twitter. Consequently, we restrict the redistribution of Twitter Content to third parties.  If you provide Twitter Content to third parties, including downloadable datasets or via an API, you may only distribute Tweet IDs, Direct Message IDs, and/or User IDs (except as described below). We also grant special permissions to academic researchers sharing Tweet IDs and User IDs for non-commercial research purposes.

In total, you may not distribute more than 1,500,000 Tweet IDs to any entity (inclusive of multiple individuals associated with a single entity) within any 30 day period unless you have received written permission from Twitter. In addition, all developers may provide up to 50,000 public Tweets Objects and/or User Objects to each person who uses your service on a daily basis if this is done via non-automated means (e.g., download of spreadsheets or PDFs).

Academic researchers are permitted to distribute an unlimited number of Tweet IDs and/or User IDs if they are doing so on behalf of an academic institution and for the sole purpose of non-commercial research. For example, you are permitted to share an unlimited number of Tweet IDs for the purpose of enabling peer review or validation of your research. If you have questions about whether your use case qualifies under this category please submit a request via the API Policy Support form.

Any Twitter Content provided to third parties remains subject to this Policy, and those third parties must agree to the Twitter Terms of Service, Privacy Policy, Developer Agreement, and Developer Policy before receiving such downloads. You may not enable any entity to circumvent any other limitations or restrictions on the distribution of Twitter Content as contained in this Policy, the Developer Agreement, or any other agreement with Twitter.

Replicating the Twitter experience

The best place to experience Twitter is on Twitter owned and operated (TOO) products. As such, we discourage developers from building services that replicate Twitter’s core experience or features.

If you create a service that replicates Twitter’s core experience or features you will be subject to additional rules beyond what is already included in the Developer Policy. In particular, you must:

• Obtain our permission to have more than 100,000 tokens. You may be subject to additional terms if this request is approved

• Use the Twitter API for functionalities in your service that are substantially similar to Twitter features. This includes, but is not limited to, Tweets, follows, unfollows, retweets, likes, comments, and replies.

• Display a prominent link or button in your service that directs new people to Twitter’s account creation page

If you create a service that replicates Twitter’s core experience or features you may not do any of the following:

• Pay, or offer to pay, third parties for distribution. This includes offering compensation for downloads (other than transactional fees) or other mechanisms of traffic acquisition

• Arrange for your service to be pre-installed on any other device, promoted as a "zero-rated" service, or marketed as part of a specialized data plan

• Use Twitter Content or other data collected from people to create or maintain a separate conversational platform, social network, status update, private messaging or live broadcasting database or service

Pay to Engage

Your service shouldn’t compensate people to take actions on Twitter, as that results in inauthentic engagement that degrades the health of the platform. As you use the Twitter API you may not sell or receive monetary or virtual compensation for any Twitter or Periscope actions. This includes, but is not limited to, Tweets, follows, unfollows, retweets, likes, comments, and replies.

Service authenticity

You must clearly identify your service so that people can understand its source and purpose. Don’t use names, logos, or URLs that mask your service’s identity and features, or that falsely imply an affiliation with Twitter or third parties. Note that creating applications for the purpose of selling names, or to prevent others from using names, is prohibited.

You may not use any URL (including shortened URLs) for your service that directs people to:

• A site that is unrelated to your service

• A spam or malware site

• A site that encourages people to violate Twitter policy

Twitter name, logo, and likeness

You may only use and display the Twitter name and logo to identify Twitter as the source of Twitter Content. You should never use the Twitter name and logo, the Twitter Official Partner Program badge, or any other similar marks or names in a manner that creates a false sense of endorsement, sponsorship, or association with Twitter. The Twitter Brand Resources contain detailed information to help you use the Twitter brand in the right way.

You may only use the Twitter Verified Account badge and any other enhanced account categorization as it is reported to you by Twitter through the API. This helps people know that the content your service displays is equivalent to that shown on Twitter.

Advertising on Twitter

There are restrictions regarding how and where you are allowed to advertise around Twitter Content. To start, your advertisements can’t resemble or reasonably be confused by people as a Tweet or Periscope Broadcast. Other rules on advertising include:

• There must be a clear separation between Twitter Content and your advertisements. You may not place any advertisements within the Twitter timeline or on or within Periscope Broadcasts on your service other than Twitter Ads or advertisements made available through the official Twitter Kit integration with MoPub.

• Twitter reserves the right to serve advertising via the Twitter API. If you decide to serve Twitter Ads once we start delivering them via the API, we will share a portion of advertising revenue with you in accordance with the relevant terms and conditions.

• You may not use Twitter Content, or information obtained from the Twitter API to target people with advertising outside of the Twitter platform.

You must contact us if you find that your service will require more than 1 million tokens. Services that require more than 1 million tokens may be subject to additional terms regarding Twitter API access.

The following additional rules apply for any use of the Twitter services or features listed below:

Twitter Login

You must present people with easy to find options to log into and out of Twitter, for example via the OAuth protocol. The Sign in with Twitter option must be displayed at least as prominently as any other sign-up or sign-in feature on your service. You must also provide people without a Twitter account the opportunity to create one via Twitter.

Once someone on your service authenticates via Sign in with Twitter you must clearly display their Twitter identity. Twitter identity includes the person’s current Twitter @handle, avatar, and Twitter logo. Any display of someone’s Twitter followers on your service must clearly show that the relationship is associated with Twitter.

Twitter Cards

To ensure a quality experience you must develop your Card to render across all platforms where Cards are displayed. Additional rules that you must follow when using Cards include:

• You must mark your Tweet as ‘true’ for sensitive media if you plan to display such media within a Card

• You must use HTTPS for hosting all assets within your Card. Your Card should never generate active mixed content browser warnings

• Audio and video content should include stop or pause controls, and default to ‘sound off’ for videos that automatically play content

You may not exceed or circumvent Twitter’s limitations placed on any Cards, including the Card’s intended use. Additional restrictions on Cards use include:

• You may not place third-party sponsored content within Cards without Twitter’s approval

• You may not attach monetary incentives (including virtual currency) within your Card or on Twitter from your Card

• You may not include content or actions within your Card that are misleading or not contextually relevant, such as URLs and media.

• You may only attach an App Card to a Tweet when someone is explicitly promoting or referring to the app in the Tweet

Periscope Producer

You must contact us about your Twitter API access if you expect your service to exceed 10 million daily broadcasts. You may be subject to additional terms if you exceed this threshold. Additional restrictions on Periscope developer use include:

• You must provide a reasonable user-agent, as described in the Periscope Producer technical documentation, for your service when accessing the Periscope API

• You must honor requests from people to log out of their Periscope account on your service

• You may not provide tools in your service to allow people to circumvent technological protection measures

Definitions

1. Twitter Content ‒ Tweets, Tweet IDs, Twitter end user profile information, Periscope Broadcasts, Broadcast IDs and any other data and information made available to you through the Twitter API or by any other means authorized by Twitter, and any copies and derivative works thereof.

2. Developer Site ‒ Twitter’s developer site located at https://developer.twitter.com.

3. Periscope Broadcast - A live or on-demand video stream that is publicly displayed on Twitter Applications and is generated by a user via Twitter’s Periscope Producer feature (as set forth at https://help.periscope.tv/customer/en/portal/articles/2600293).

4. Services ‒ Your websites, applications and other offerings that display Twitter Content or otherwise use the Licensed Material as explicitly approved by Twitter.

5. Tweet ID ‒ A unique identification number generated for each Tweet.

6. Tweet ‒ a posting made on Twitter Applications.

7. “Twitter” means Twitter, Inc., with an office located at 1355 Market Street, Suite 900, San Francisco, CA, 94103, USA.  If you enter into this Agreement or an Order outside of the United States, Canada or Latin America, Twitter International Company with its registered offices at One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“TIC”) is the contracting entity. 

8. Direct Message - A message  that is privately sent on Twitter Applications by one end user to one or more specific end user(s) using Twitter’s Direct Message function.

9. Twitter API ‒ The Twitter Application Programming Interface (“API”), Software Development Kit (“SDK”) and/or the related documentation, data, code, and other materials provided by Twitter with the API, as updated from time to time, including without limitation through the Developer Site.

10. Twitter Applications ‒ Twitter’s consumer facing products, services, applications, websites, web pages, platforms, and other offerings, including without limitation, those offered via https://twitter.com and Twitter’s mobile applications.