We're committed to supporting the developers who are contributing to the growing Twitter ecosystem. We've been growing too, and now have dedicated staff working with the developer community. Unfortunately, as Twitter grows, we also become a more visible target for spammers, hackers, and other malicious parties.
These malicious parties sometimes use legitimate third-party applications to more easily spread spam, and abuse other people on Twitter. This help page has information on how to protect your application from becoming a target, and it also outlines our policy and process when we discover abuse or spam coming from a particular program or application.
Security for your application
Our Security best practices section in our developers site has detailed information on developing secure applications. You can also view our API documentation for helpful links to Twitter API resources.
Each application is registered to a specific Twitter account. For the Twitter account associated with your application, we strongly recommend that you use an email address on your company's domain. This will help us assist you if you need to transfer your application or recover access to the account. Please also be sure that your account has a very strong password to protect both your application and your users. Please visit our Account safety help page for tips on keeping your account secure.
If your application operates on multiple platforms, we strongly recommend registering a different application on Twitter for each one. While we don't prohibit the use of one consumer key and secret across multiple platforms, doing so can cause user confusion.
If you've discovered a security issue that directly affects Twitter, please email: email@example.com.
Preventing spam and abuse through your application
We assume you don't want your application used for abuse, and we're here to work with developers to prevent spammers from targeting your application. If we start to notice (or receive reports) of spam coming from your program, we'll reach out to you to try and remedy the situation. Often, developers are able to make minor changes to a feature that will make their service less attractive to hackers or spammers, without impacting their legitimate users.
If you're unwilling or unable to control the abuse coming into the Twitter system, or are disingenuous in your attempts to make a more secure application, we may request specific feature changes. If you can't, or are unwilling, to make feature adjustments to prevent abuse on Twitter, we reserve the right to revoke your OAuth token or ban your application from the Twitter ecosystem. Developers can appeal revocation of OAuth tokens; please see this help page for more information.
We absolutely want to work with authentic developers to find a solution to prevent abuse and spam without impacting the legitimate users of their applications. If you've disabled a feature in the past because of abuse, and would like to help finding ways to reintroduce the feature without attracting spammers, please contact us via our support form.
Reporting spam and abuse to Twitter
If you're seeing spam and abuse coming through your application, you should alert our Support team. We can investigate mass-created spam and help relieve the efforts of your team. Please contact us via our support form.
Developing features that are unattractive to spammers
While building your application be sure to review and follow our Developer Agreement and Policy. Also ensure that your application does not violate, and does not facilitate users to violate the Twitter Rules. Finally, Twitter has traditionally experienced a higher level of abuse from apps that violate our Automation Rules. Some automation is completely prohibited, while other automated behavior is restricted by our anti-spam systems. You must follow our Automation Rules in full to avoid having your app restricted from accessing our API.
Contacting Twitter's API support team
If you have a specific question about your application, please contact us via our support form.