TweetStream Security

WebSocket clients authenticate with API-key subprotocols. REST endpoints authenticate with bearer tokens.

TweetStream monitoring is read-oriented. Account management endpoints add or remove tracked handles for your TweetStream workspace.

TweetStream security overview for API keys, WebSocket authentication, REST bearer auth, account management, and read-only monitoring workflows.

Direct answer

TweetStream uses API-key authentication for WebSocket and REST access, with account management handled inside the authenticated product.

TweetStream API access is scoped through generated API keys. Clients should keep keys server-side where possible and rotate them when access changes.

The WebSocket stream is intended for monitored public social signals and enrichment metadata. Do not expose API keys in public front-end code.

For enterprise security reviews, use the contact route so limits, access model, and deployment needs can be documented before rollout.

How are API requests authenticated?

Does TweetStream need my Twitter password?

WebSocket delivery, OCR, and token detection - no infrastructure to build.

From $199/mo · Basic/Elite 3-day trial · OCR + token detection included