The Kapture-Twitter Integration Explained

  • Kapture Config for Twitter

A prominent and well-used medium that customers use these days is Twitter. This is true especially for support related to orders or bookings made online. Businesses receive many tickets via Twitter DMs and it is imperative to better manage their Twitter activities through actionable tickets. At Kapture, Twitter Setup configuration is inbuilt and it allows users to:

  • See Tweets from your timeline (including protected Tweets) as well as your Lists and Collections.
  • See your Twitter profile information and account settings.
  • See accounts you Follow and lists you Subscribe to.
  • Follow and unfollow accounts for you.
  • Update your profile and account settings.
  • Post and delete Tweets for you, and engage with Tweets posted by others (Like, un-Like or Reply to a Tweet, Retweet, etc.) for you.
  • Create, manage and delete Lists and Collections.
  • Mute, Block and Report accounts for you.
  • Send Direct Messages for you and read, manage and delete your DMs.
  • Partner Config for Social Twitter

Kapture’s Partner Configuration page allows the user to handle the configured Twitter account. There are options to view and manage components such as:

  • Page ID
  • Page Name
  • Consumer Key
  • OAuth Access Token
  • SLA

Moreover, this dashboard enables you to set your Twitter page to allow tickets to flow to specific queues and folders. Other options include Search Queries and Merge Tickets.

  • What the Integration entails

Twitter’s Account Activity API integration with Kapture allows you to subscribe to activities in your user account in real-time. This makes it possible for you to receive any kind of activity type update such as:

  • Tweets (by user)
  • Tweet deletes (by user)
  • @mentions (of user)
  • Replies (to or from user)
  • Retweets (by user or of user)
  • Quote Tweets (by user or of user)
  • Likes (by user or of user)
  • Follows (by user or of user)
  • Unfollows (by user)
  • Unblocks (by user)
  • Unmutes (by user)
  • Direct Messages sent (by user)
  • Direct Messages received (by user)
  • Typing indicators (to user)
  • Read receipts (to user)
  • Subscription revokes (by user)
  • Unblocks (by user)
  • Blocks (by user)
  • How the integration was made possible

The process started by applying for and setting up a Developer Account― the primary requirement for Twitter APIs. An app permission was requested for further access. Generating a bearer token (an OAuth 2.0 feature that allows a more secure entry for developers to use Twitter APIs) was the crucial next step which happened after taking a note of the “Customer API Key” and “API Secret”.

The curl command required to generate a bearer token is as given below:

curl -u 'API key:API secret key' \
  --data 'grant_type=client_credentials' \
  'https://api.twitter.com/oauth2/token'

A developer environment was set up after choosing a unique environment name, thereby replacing the :env_name.

  • Webhook-based API

As opposed to Streaming APIs, Twitter provides a combination of REST APIs for setup and Webhooks for delivery of data. To receive communications via webhooks, a web application was created with a custom URL to receive HTTP requests from Twitter. This web application had the same credentials as the developer environment previously set up.

  • Securing Webhooks

Once the web application was coded to create a crc_token, Twitter sent requests for verification of ownership of said URL and credentials. Twitter performed a Challenge-Response Check (CRC), and a response_token was sent to for confirmation. The registered webhook URL finally became the Account Activity API for all account activities.

  • Authentication of API

Twitter API obviously required an authentication request. A 3-legged OAuth flow for the application was followed to obtain an access token by redirecting users to Twitter and then having them authorise our application. 

The steps taken to get it done were:

1. POST OAuth / request_token

The steps taken to get it done were:

The request includes:

oauth_callback="https%3A%2F%2FyourWhitelistedCallbackUrl.com"
oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w" 

The app provides the response:

oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0
oauth_token_secret=veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI
oauth_callback_confirmed=true

2. GET OAuth/authorize

Example URL request: (to redirect users to)

https://api.twitter.com/oauth/authorize?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0

A response containing oauth_token and oauth_verifier marked a successful authentication.

https://yourWhitelistedCallbackUrl.com?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0&oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY

3. POST OAuth / access_token

This step is to convert the request token to an action token.

POST /oauth/access_token
oauth_consumer_key=cChZNFj6T5R0TigYB9yd1w
oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0
oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY

The response includes:

oauth_token=7588892-kagSNqWge8gB1WwE3plnFsJHAZVfxWD7Vb57p0b4
oauth_token_secret=PbKfYqSryyeKDWz4ebtY3o5ogNLG11WJuZBc9fQrQo

This process was implemented in our server-side code, as it enabled us to receive a user’s access tokens.

Leave a Reply

Your email address will not be published. Required fields are marked *