Help Center

API developers: abuse prevention and security

We're committed to supporting the developers who are contributing to the growing Twitter ecosystem. We've been growing too, and now have dedicated staff working with the developer community. Unfortunately, as Twitter grows, we also become a more visible target for spammers, hackers, and other malicious parties.

These ne'er-do-wells sometimes use legitimate third-party applications to more easily spread spam, and abuse other Twitter users. This help page has information on how to protect your application from becoming a target of malicious folks. It also outlines our policy and process when we discover abuse or spam coming from a particular program or application.

Security for your Application

Our Security Best Practices section in our developers site has detailed information on developing secure applications. You can also view our API Documentation for helpful links to Twitter API resources.

Each application is registered to a specific user account. For the Twitter account associated with your application, we strongly recommend that you use an email address on your company's domain. This will help us assist you if you need to transfer your application or recover access to the account. Please also be sure that your account has a very strong password to protect both your application and your users. Please visit our Account Safety help page for tips on keeping your account secure.

If your application operates on multiple platforms, we strongly recommend registering a different application on Twitter for each one. While we don't prohibit the use of one consumer key and secret across multiple platforms, doing so can cause user confusion.

If you've discovered a security issue that directly affects Twitter, please email:

Preventing Spam and Abuse Through your Application

We assume you don't want your application used for abuse, and we're here to work with developers to prevent spammers from targeting your application. If we start to notice (or receive user reports) of spam coming from your program, we'll reach out to you to try and remedy the situation. Often, developers are able to make minor changes to a feature that will make their service less attractive to hackers or spammers, without impacting their legitimate users.

If you're unwilling or unable to control the abuse coming into the Twitter system, or are disingenuous in your attempts to make a more secure application, we may request specific feature changes. If you can't, or are unwilling, to make feature adjustments to prevent abuse on Twitter, we reserve the right to revoke your OAuth token or ban your application from the Twitter ecosystem. Developers can appeal revocation of OAuth tokens; please see this help page for more information.

We absolutely want to work with authentic developers to find a solution to prevent abuse and spam without impacting the legitimate users of their applications. If you've disabled a feature in the past because of abuse, and would like to help finding ways to reintroduce the feature without attracting spammers, please contact us via our support forms:

Reporting Spam and Abuse to Twitter

If you're seeing spam and abuse coming through your application, you should alert our Support team. We can investigate mass-created spam and help relieve the efforts of your team. Please contact us via our support forms:

Note: If you're building a Twitter client, you can also empower the end-users of your application to block and report spam profiles using the API. The Twitter API Documentation has information in the section on Spam Reporting Methods.

Developing Features that are Unattractive to Spammers

When building your application, you'll want to make sure you're familiar with the API Terms of Service, the Twitter Rules, and our Automation Guidelines and Best Practices.

Traditionally, we've experienced a higher level of abuse coming from particular sets of features, such as:

  • Recurring or Scheduled Tweets
  • Automated Following and Unfollowing
  • Automated @replies
  • Automated affiliate advertising

Twitter's Guidelines on Automation provides a detailed discussion of allowed automation for our end-users. To avoid becoming a target of abuse, or having the legitimate users of your application suspended for rules violations, please be careful to avoid building features that allow users to easily violate these guidelines. If you have any questions or would like any feedback on planned features, please feel free to contact us!

Contacting Twitter's API Support Team

If you have a specific question about your application, please contact us via our support forms: