Friendly Twitter Bots and Write Access

One of my favorite things about Twitter is the plethora of automated bots that help produce unique content. Twitter bots can provide anything from emergency alerts, to comics, to currated photos and events. I’ve collected some favorites here.

Recently, if you’ve tried to build your own Twitter App to power an account, you may have noticed the You must add your phone number to your Twitter profile before granting your application write capabilities error when trying to add Read and Write Permissions.

Add your phone number to your Twitter profile

Essentially, Apps needing Write permissions must now be under a Twitter account tied to a real human who can be contacted by a phone number. One of the reasons for this was presumably to discourage spam.

But your phone number is already associated with your personal Twitter account, you say. What phone number should you give your @adorablepenguins bot? You could create some Google voice number or Twilio number, but in many cases the solution is much simpler and cleaner.

Old Way (Deprecated)

Until about 6 months ago, any Twitter account could create apps requesting write permissions from clients. For context, let’s review how that process worked using as an example the @xkcdComic bot I made to monitor the XKCD Atom feed and Tweet new comics.

First, I created a new Twitter account @xkcdComic for the bot. Then, I created an App at apps.twitter.com with the @xkcdComic account.

.. image:: |filename|/images/xkcdcomic-apps.png :alt: XKCDComic Bot Apps list :width: 600px :align: center

Under the App Permissions tab, I configured the App to request Read and Write permissions and under the API Keys tab I created an Access token to make user authenticated requests as the @xkcdComic account. This proviced the app key and secret and the oauth token and token secret. Configuring a Read and Write App under an account without a phone number is no longer allowed.

Bots as Clients

Instead of creating an account and app for each bot, a single ReadWriteBot app can be created under your developer account, which can then be used to authenticate each bot account as a client.

Twitter Bot Authentication Diagram

First, visit apps.twitter.com and create a ReadWriteBot App.

Creating a new app called ReadWriteBot app under the developer

Under the new app’s Permissions tab, select Read and Write permissions. Since the app is under the developer account (which should have your phone number as a developer associated with it) this succeeds. You will only need to create a single App, no matter how many bots (i.e. app ‘clients’) you have.

Selecting read and write permissions under the Permissions tab

Now, for each of your bot accounts requiring read and write permissions, you should grant access to the ReadWriteBot App, through which requests will be performed. The easiest way to do that is with the Twitter twurl command line tool.

$ gem install twurl
# register the ReadWriteBot app
$ twurl authorize --consumer-key "API Key from App console" \
    --consumer-secret "API Secret from App console"

The authorize command will output a unqiue link which you should copy-paste into your browser.

$ Go to https://api.twitt... and paste in the supplied PIN

Authorize ReadWriteBot app to access bot account

Authorize the ReadWriteApp to have read and write access to your bot account (such as @xkcdComic or @adorablepenguins). You will be redirected to a screen showing a PIN, which you should type into the waiting terminal.

Copy pin from authorization screen

$ Go to https://.....
$ *type pin*
$ Authorization successful

You should repeat this process for each of your bot accounts to grant your ReadWriteBot App access.

Now, to write your bot you’ll use credentials that make read/write requests through the ReadWriteBot App. Twurl saved your credentials at ~/.twurlrc.

$ cat ~/.twurlrc
---
profiles:
  xkcdComic:
    App API key:
      username: xkcdComic
      consumer_key: app_api_key
      consumer_secret: app_api_secret
      token: oauth_token
      secret: oauth_secret

Using my favorite Twitter API Python wrapper, Twython <http://twython.readthedocs.org/en/latest/>_, read and write operations might be performed like this:

def main():
    bot_api = Twython(
        app_key="Application API key",
        app_secret="Application API secret",
        oauth_token="Access token",
        oauth_token_secret="Access token secret")

    print('User timeline', bot_api.get_user_timeline())
    print('Home timeline', bot_api.get_home_timeline())
    bot_api.update_status(status="Awesome Twitter bot online")

if __name__ == '__main__':
    main(sys.argv)

If your bot account ever wishes to revoke the ReadWriteBot Apps’s access (your robot is concerned about the things his developer makes him post), that can be done from the bot account’s Twitter Settings <https://twitter.com/settings/account>_.

Revoke ReadWriteBot app's access to the bot account

Phone Number Problems

The solution described works well for individual developers who have a phone number associated with their primary account. There are two cases I haven’t addressed.

  1. Some developers have phones on cellular networks which are not supported and others simply don’t have a phone number. I personally don’t have any advice to offer here, you should read the Twitter developer forums or check with your provider. This topic has been discussed here, here, and here.

  2. Large organizations may be unwilling to assign the phone number of an administrator to their primary account. I am not a large organization or a person who deals with them, so consult the developer forums. At the time of this post, the recommended course of action was to fill out this API Policy Support form.