Difference between user and app-only auth?
UPDATE Dec, 2020: Twitter recently launched API v2 and rate limits related to user or app auth are better described in twitter official docs.
This means you can access this API function with an app auth or a user auth tokens. In some requests you only can access with user auth token.
App Auth number: Is the highest number of requests your app can do in a 15min window, with 'app auth' token.
User Auth number: Is the highest number of requests your app can do in a 15min window, with 'user auth' token.
You need to know how your library/module is getting auth. Source
Edit: App Auth and User Auth are the two ways API twitter can manage OAuth. You can do with this python example using Twython module:
from twython import Twython
# App Auth
tw_auth = Twython(APP_KEY, APP_SECRET, oauth_version=2)
token = tw_auth.obtain_access_token()
twitter = Twython(APP_KEY, access_token=token)
By other way, if you want to authenticate with User Tokens:
from twython import Twython
# User Auth
tw_auth = Twython(APP_KEY, APP_SECRET)
token = tw_auth.get_authentication_tokens()
twitter = Twython(APP_KEY, APP_SECRET, auth['oauth_token'],
auth['oauth_token_secret'])
(...this last method is a bit longer, because with the authentication tokens you need to .get_authorized_tokens(prompted_pin)
to make a new Twython method call. This is only an example to show you need 4 keys/tokens instead 2)
Now, if you make a request, the counter for your 15min window depends on how you are authenticated:
# Now you are authenticated with *App Auth* or *User Auth*
# Limits will be 450 for AppAuth and 180 for UserAuth in 15min window
results = twitter.search(q='StackOverflow',result_type='recent', count='10')
These differences exists because not all API methods support application-only authentication. Some methods require a user context.
Edit:
I could do with real world scenarios where you would use one over the other?
Of course! look this chart about Twitter rate limits and compare. Sometimes you can't make requests with appAuth-only, for example user related actions. Limits are different for each auth, if you want GET statuses/user_timeline maybe you prefer AppAuth, but if you want GET lists/members maybe you would prefer UserAuth, because it has some advantage with rate limits.