Share this article
You want to use BotWitter's API, but the "Access Level" setting shows "Local Only" and "Public Access" options. Which should you choose? In this guide, you'll learn server access settings, security measures, and proper configuration.
127.0.0.1 vs 0.0.0.0 Explained
| Address | Meaning | Access |
|---|---|---|
| 127.0.0.1 | Localhost (loopback) | This computer only |
| 0.0.0.0 | All network interfaces | Anyone on network |
127.0.0.1 (Local Only):
[This Computer] ↔ [BotWitter API] ✓
[Other Device] ↔ [BotWitter API] ✗
0.0.0.0 (Public Access):
[This Computer] ↔ [BotWitter API] ✓
[Other Device] ↔ [BotWitter API] ✓
[Internet] ↔ [BotWitter API] ✓ (caution!)
[This Computer] ↔ [BotWitter API] ✓
[Other Device] ↔ [BotWitter API] ✗
0.0.0.0 (Public Access):
[This Computer] ↔ [BotWitter API] ✓
[Other Device] ↔ [BotWitter API] ✓
[Internet] ↔ [BotWitter API] ✓ (caution!)
When to Use Which
✓ Use 127.0.0.1 (Local Only)
| Single computer usage | No external access needed |
| Security priority | Minimum attack surface |
| Development/testing | Simple setup |
⚠ Use 0.0.0.0 (Public Access)
| Remote server (VPS) management | Access from other device |
| Mobile app integration | Control from phone |
| Multi-device usage | Laptop + PC |
| Team access | Multiple people |
Security: Public Access Risks
⚠ When using 0.0.0.0, you're exposed to:
- Unauthorized access - Accounts could be stolen
- Brute force attacks - Token guessing
- Data leaks - Account info exposed
- Abuse - Others using your accounts
✓ Mandatory security measures for Public Access:
- Auth Token - Strong, random (32+ characters)
- Require Auth = ON - No access without token
- Firewall - Restrict to specific IPs
- Custom Port - Don't use default 8080
All HTTP Server Settings
| Setting | Type | Default | Description |
|---|---|---|---|
| Access Level | Select | Local Only | 127.0.0.1 or 0.0.0.0 |
| Port | Number | 8080 | Server port (1024-65535) |
| Auth Token | Text | (empty) | API authentication key |
| Enable CORS | Toggle | Off | Cross-origin requests |
| Require Auth | Toggle | Off | Token required for access |
Auth Token Best Practices
❌ Bad Tokens
admin123
mypassword
botwitter2024
mypassword
botwitter2024
✓ Good Tokens
Kx9$mL2#nP5@vQ8&wR3*yT6!
a7b2c9d4e1f8g5h3i6j0k8m2n
xYz123!@#ABCdef456$%^GHI
a7b2c9d4e1f8g5h3i6j0k8m2n
xYz123!@#ABCdef456$%^GHI
Requirements: Minimum 32 characters, mixed case + numbers + special characters
API Authentication Example
Include the token in your API requests:
GET /api/v1/accounts HTTP/1.1
Host: localhost:8080
Authorization: Bearer YOUR_TOKEN_HERE
Host: localhost:8080
Authorization: Bearer YOUR_TOKEN_HERE
// cURL example
curl -X GET "http://localhost:8080/api/v1/accounts" \
-H "Authorization: Bearer xYz123ABCdef456"
curl -X GET "http://localhost:8080/api/v1/accounts" \
-H "Authorization: Bearer xYz123ABCdef456"
Configuration Scenarios
Scenario 1: Local Only (Recommended Default)
Access Level: Local Only
Port: 8080
Auth Token: (optional)
Require Auth: Off
Port: 8080
Auth Token: (optional)
Require Auth: Off
Scenario 2: VPS Remote Management
Access Level: Public (0.0.0.0)
Port: 8847 (random, not default)
Auth Token: Very strong token
Require Auth: ON
+ Firewall IP restriction
Port: 8847 (random, not default)
Auth Token: Very strong token
Require Auth: ON
+ Firewall IP restriction
Scenario 3: Team Access
Access Level: Public (0.0.0.0)
Port: Custom
Auth Token: Strong token
Require Auth: ON
+ VPN required for access
Port: Custom
Auth Token: Strong token
Require Auth: ON
+ VPN required for access
Golden Rule
"Only open as much as needed" - Default to Local Only. If Public is required, always use strong auth token + firewall.