Re: [twitter-dev] Problem with Removing Members from Lists

[Arnaud Meunier]

Hey there,

You shouldn't get this message if you're using the user_id & list_id
parameters. Just to be sure, could you please share the full HTTP Request &
Response?

Arnaud / @rno 



On Thu, May 5, 2011 at 3:55 PM, Canadaka  wrote:

> I am having trouble removing members from lists with PHP using the
> Twitter API.
> I am using "lists/members/destroy"
> http://dev.twitter.com/doc/post/lists/members/destroy
>
> I am providing the 'user_id' as a POST variable, but the response says
> "You must specify a target user".
>
> $id = '972905';
> $user_id = '14538949';
> $result = $to->OAuthRequest('http://api.twitter.com/1/lists/members/
> destroy.xml ',
> array('list_id' => $id, 'user_id' => $user_id), 'POST');
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Twitter - ATOM - tag

[Arnaud Meunier]

Hey Pavithra,

Assuming you're using PHP SimpleXML, you could get the "location" element
from the "google" Namespace with something like:

$namespaces = $result->getNameSpaces(true);
$google = $result->children($namespaces['google']);
echo $google->location;

Arnaud / @rno 



On Thu, May 5, 2011 at 12:17 PM, Pavithra  wrote:

> Hello,
>
> My friend and I are working on an app that extracts tweets in and
> around a location and displays the tweets as text as well as on the
> map. We are getting tweets with geo location but are wondering how to
> extract the data in the  tag. We are using PHP to
> display the tweets. Along with the tweets I'd like to display the
> location too (and then later on mark it on the map.
>
> Here is an entry of the tweet in ATOM format:
>
>  
>tag:search.twitter.com,2005:66218119324123136
>2011-05-05T19:10:04Z
>http://twitter.com/kath/statuses/
> 66218119324123136" rel="alternate"/>
>Dazzling video: Plan of the City by Joshua Frankel, with
> music by @juddgreenstein and @NOWEnsemble. http://bit.ly/kHXzAZ
>Dazzling video: Plan of the City by Joshua
> Frankel, with music by @juddgreenstein and  href="http://twitter.com/NOWEnsemble">@NOWEnsemble a>. http://bit.ly/
> kHXzAZ
>2011-05-05T19:10:04Z
>http://a1.twimg.com/profile_images/
> 185321700/Kath_normal.jpg" rel="image"/>
>New York
>
>
>
>  recent
>
>web
>en
>
>  kath (Kath)
>  http://twitter.com/kath
>
>  
>
> Here is the code that we use to display the details of a Tweet.
>
> foreach( $results->entry as $result )   // for ATOM
> {
>
> echo "author->uri ."\">". $result->author-
> >name ."link[1]->attributes()-
> >href ."\" style=\"float: left;\">". $result->content." style=\"clear:both;\"> ";
> }
>
> I was thinking more on the lines of $result->google:location Tried
> all combinations. Nothing worked. Could not find anything on when
> searching the Internet about this.
>
> Would be great if anyone could answer this for us.
>
> Thanks,
> Pavithra
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Site Streams beta update

[Charles]

Hi Taylor,

I wanted to ask about the possibility of finding out about the status
of our application to the Site Streams beta.  We submitted it on March
24th and have heard nothing back.  If you require more information
we're happy to provide it, but since we've heard nothing back at all
after more than a month we thought we should at least check in.  The
company is Evri and I believe our application was submitted by David
Kellum.  Please let me know, thank you.

Best,
Chuck

On Apr 19, 11:54 am, Taylor Singletary 
wrote:
> Hi Developers,
>
> We know a lot of you are excited to get started with Site Streams 
> (http://dev.twitter.com/pages/site_streams), but the API will continue to be
> in beta for at least the next few months as we continue preparing it for
> wider release. During the beta, the criteria we're looking for and
> applications we're interested in will change as needs & criteria evolve.
>
> Before applying for the Site Streams beta, we ask that you've developed your
> application far enough along with User Streams and that you've already built
> the necessary status & event consumption routines for a single-user
> scenario. This will prepare you to work with Site Streams at a faster clip
> when access is provided. Site Streams does not support any of the
> search/track features of the User Streams, so if your application requires
> these capabilities, Site Streams may not be the right fit. Some developers
> have asked for Site Streams access with the misunderstanding that it can
> provide a greater percentage of the firehose than the self-serve options
> available to them today -- this is also not the case.
>
> If you're a developer who has hoped for early access to this beta program
> but has been unable to join and are looking for alternate implementation
> options in the meantime, our team is happy to discuss alternate strategies
> on this mailing list with you.
>
> Thanks for your continued patience as we continue productionizing this new
> platform feature.
>
> Taylor Singletary

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Another question : OAuth fails with "Woah there!" obtaining a Request Token from Excel VBA

[ari_endo]

Hello,

Thank you for your advice. I will never include consumer secret in my
message.

By the way, in the "OAuth at Twitter" in http://dev.twitter.com/pages/auth
page,
just above the diagram "OAUTH AUTHENTICATION FLOW", it says:
"The flow varies slightly when using a desktop application with what's
called the "PIN-mode flow" or exchanging login credentials using
xAuth."

I appreciate if anyone tells me the flow when using desktop
application.
I am trying to increase twitter users in Japan by developing Excel VBA
application.

Thank you in advance,
Sincerely,
Ari Endo

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: status/update in_reply_to ignored

[Colt Frederickson]

I appreciate it.  I really just wanted to make sure it works as
designed.

Thank you.

Colt

On May 5, 6:18 pm, "Orian Marx (@orian)"  wrote:
> Yes you need both the in_reply_to information to be set as well as the
> @username to appear within the tweet. And yes, this could be
> documented better.
>
> @orian
>
> On May 5, 2:29 pm, Colt Fred  wrote:
>
>
>
>
>
>
>
> > Greetings community,
>
> > I've experienced a problem recently that I can't find an "official"
> > answer to.  I'm attempting to use the update rest api and I'm passing
> > in "in_reply_to=XX", but it's being ignored.  If I include a
> > "@user" where user is the owner of the tweet id I passed in, it works
> > fine.
>
> > The official api documentation makes no note of this and I see that
> > there was talk of not requiring the @user here(http://
> > groups.google.com/group/twitter-development-talk/browse_thread/thread/
> > f009c76d17199084?pli=1) but I also see someone complaining about the
> > same problem here (http://groups.google.com/group/twitter-development-
> > talk/browse_thread/thread/4ed686abbf59164b).
>
> > What's twitter's official stance?  If it is required to make the "in
> > reply to link", it should be noted in the api documentation.
>
> > Thanks!
>
> > Colt

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: status/update in_reply_to ignored

[Colt Frederickson]

I appreciate it.  I really just wanted to make sure it works as
designed.

Thank you.

Colt

On May 5, 6:18 pm, "Orian Marx (@orian)"  wrote:
> Yes you need both the in_reply_to information to be set as well as the
> @username to appear within the tweet. And yes, this could be
> documented better.
>
> @orian
>
> On May 5, 2:29 pm, Colt Fred  wrote:
>
>
>
>
>
>
>
> > Greetings community,
>
> > I've experienced a problem recently that I can't find an "official"
> > answer to.  I'm attempting to use the update rest api and I'm passing
> > in "in_reply_to=XX", but it's being ignored.  If I include a
> > "@user" where user is the owner of the tweet id I passed in, it works
> > fine.
>
> > The official api documentation makes no note of this and I see that
> > there was talk of not requiring the @user here(http://
> > groups.google.com/group/twitter-development-talk/browse_thread/thread/
> > f009c76d17199084?pli=1) but I also see someone complaining about the
> > same problem here (http://groups.google.com/group/twitter-development-
> > talk/browse_thread/thread/4ed686abbf59164b).
>
> > What's twitter's official stance?  If it is required to make the "in
> > reply to link", it should be noted in the api documentation.
>
> > Thanks!
>
> > Colt

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: New oAuth Authenticate Page

[Jorgesys]

Hi you can achieve the signout from twitter just sendin user_token and
user_secret as null values, the same for Iphone & Blackberry
implementations...

On May 3, 4:00 am, Varun Airon  wrote:
> Hi Guys,
>
> I am using Twitter OAuth authentication on Android and it shows a new popup
> window.
>
> Guys I am facing one Issue using Twitter OAuth authentication. Once logged
> in, I am not able to log out from my twitter account. I am using Signpost
> api. I am using oauth/authorize still not able to enter my another
> credentials.
>
> Is there any way to get logout from Twitter ??
>
> Any Help would be appreciated.
>
> Thanks,
>
> On Tue, May 3, 2011 at 2:22 PM, Tom van der Woerdt  wrote:
>
> > I don't know whether it's the only working solution, but it is the only
> > proper OAuth procedure and as far as I'm aware, also the recommended one.
>
> > Tom
>
> > On 5/3/11 4:50 AM, Bess wrote:
>
> >> I'd like to confirm the all the developers here on this mailing list.
> >> Does the new OAuth redesign page prevent you from using OAuth in a new
> >> popup window?
>
> >> This OAuth hack is officially not going to work going forward?
>
> >> Hi Tom van der Woerdt,
>
> >> Your recommend using the workaround launching OAuth in a safari
> >> browser outside the app? Your suggested approach will require user to
> >> quit and exit app and authenticate with OAuth using device mobile
> >> browser. Then ask user to go back to the app again. Is this the only
> >> working solution?
>
> >> On Apr 30, 9:09 am, Tom van der Woerdt  wrote:
>
> >>> I've heard this before.
>
> >>> It sounds like all UIWebView, WebBrowser and probably Android's WebView
> >>> are blocked. This is definitely a *good* thing for security reasons.
>
> >>> The "workaround" I recommend: launch the actual browser, using a
> >>> :// link (something like myapplication://tokenDone) as the
> >>> return URL. This is a LOT safer for the users.
>
> >>> Tom
>
> >>> On 4/30/11 8:55 AM, Bob12345 wrote:
>
> >>>  I'm having this problem too. My login browser inside the phone app is
>  now rendered useless, it doesn't even scroll.
>  On Apr 28, 1:41 pm, Shannon Whitley
>   wrote:
>
> > I was surprised to see a newly formatted oAuth Authenticate Page.  The
> > new page doesn't account for the scores of oAuth implementations that
> > popup a new window.
> > There is an ad-hoc standard for the window height and width that makes
> > for a decent user experience.  The new format will cause issues for
> > the user since it results in page scrolling.
> > Can we discuss this new page format and determine if it can be changed
> > or if we can have alternate formats?
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk
>
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Problem with Removing Members from Lists

[Canadaka]

I am having trouble removing members from lists with PHP using the
Twitter API.
I am using "lists/members/destroy"
http://dev.twitter.com/doc/post/lists/members/destroy

I am providing the 'user_id' as a POST variable, but the response says
"You must specify a target user".

$id = '972905';
$user_id = '14538949';
$result = $to->OAuthRequest('http://api.twitter.com/1/lists/members/
destroy.xml', array('list_id' => $id, 'user_id' => $user_id), 'POST');

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Commas (even double encoded) causing "invalid authorization header" errors

[Taylor Singletary]

Great, I'm glad that you were able to spot the part of the pipeline where
things came apart.

The strictness with these encoding issues is a pain, but the alternative of
processing authorization requests in every possible permutation and looking
for a matching signature would be a nightmare and encourage some bad
practices...

Let us know if you run into any other issues.

@episod  - Taylor Singletary


On Thu, May 5, 2011 at 5:12 PM, TheMouth  wrote:

> HI once more,
>
> I reread your response, had a few more cups of coffee and found a semantic
> issue in our code that was causing the issue.
> I feel a post mortem may be in order just in case any unfortunate soul
> stumbles upon the same issue and starts googling.
>
> We're using PHP and CURL to make the request.  What was happening was that
> while we were properly encoding the parameters to generate the oauth
> signature and when we set the POST status using CURLOPT_POSTFIELDS, we had
> failed to encode the status when generating the (comma separated) http
> headers set using CURLOPT_HTTPHEADER.  The unencoded comma in the header of
> course made the headers invalid.
>
> Thanks Taylor. Without your nudging me in the right direction I'd probably
> still be banging my head against the wall on this one.
>
>
>  --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Loading twitter javascript using https

[Chris Teso]

@anywhere currently does not support https. As a work around you could
download http://platform.twitter.com/anywhere.js locally and pull it
off your server via https.

This comes with it's own challenges, as you'll need to manually update
when Twitter decides to update their codebase, but it will work.

On May 5, 5:02 pm, Ahmed Aly  wrote:
> Hi everyone,
>
> I want to load twitter javascript (http://platform.twitter.com/anywhere.js)
> but using https.
> How can I do this?
>
> Thanks!

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: What's the best practices when creating a mobile app as an extension to a web app in regards to oauth?

[Bess]

Hi Brian,

Could you explain and clarify the policy on web/mobile?

Use case:
Build iOS app first. Depot to Android. Add web app after both iOS and
Android app are released

How many Twitter apps do I have to create? Can I keep them the same
name for the same startup?

On May 5, 11:45 am, Brian Sutorius  wrote:
> We recommend separate application registrations for each platform
> (http://support.twitter.com/articles/79901) and this is the approach
> we take (web, Twitter for iPhone, Twitter for Android, and so on). You
> may not use the exact same name across multiple applications, however.
>
> Brian Sutorius
> Twitter API Policy
>
> On May 5, 9:01 am, YCBM  wrote:
>
> > Hi All,
>
> > When an existing web app that is setup and registered on Twitter
> > decides to launch a mobile extension, what are the best practices
> > involved here with oauth?
>
> > Are there may be benefits of registering a new app on Twitter with all
> > new API key & Consumer Secret/Key than what you are using for the web
> > app?  Does it provide any more security in any way to have both the
> > web app and mobile app using separate keys?
>
> > If so, can you register a mobile app with the same name as one that
> > exists (assuming you own both)?  We'd like the source name of status
> > updates to come from the same name as our web app/brand if possible.
> > That may not be possible, not sure.
>
> > Any guidance is greatly appreciated.
>
> > Best,
> > YCB

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: status/update in_reply_to ignored

[Orian Marx (@orian)]

Yes you need both the in_reply_to information to be set as well as the
@username to appear within the tweet. And yes, this could be
documented better.

@orian

On May 5, 2:29 pm, Colt Fred  wrote:
> Greetings community,
>
> I've experienced a problem recently that I can't find an "official"
> answer to.  I'm attempting to use the update rest api and I'm passing
> in "in_reply_to=XX", but it's being ignored.  If I include a
> "@user" where user is the owner of the tweet id I passed in, it works
> fine.
>
> The official api documentation makes no note of this and I see that
> there was talk of not requiring the @user here(http://
> groups.google.com/group/twitter-development-talk/browse_thread/thread/
> f009c76d17199084?pli=1) but I also see someone complaining about the
> same problem here (http://groups.google.com/group/twitter-development-
> talk/browse_thread/thread/4ed686abbf59164b).
>
> What's twitter's official stance?  If it is required to make the "in
> reply to link", it should be noted in the api documentation.
>
> Thanks!
>
> Colt

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Commas (even double encoded) causing "invalid authorization header" errors

[TheMouth]

HI once more,

I reread your response, had a few more cups of coffee and found a semantic 
issue in our code that was causing the issue.  
I feel a post mortem may be in order just in case any unfortunate soul 
stumbles upon the same issue and starts googling.  

We're using PHP and CURL to make the request.  What was happening was that 
while we were properly encoding the parameters to generate the oauth 
signature and when we set the POST status using CURLOPT_POSTFIELDS, we had 
failed to encode the status when generating the (comma separated) http 
headers set using CURLOPT_HTTPHEADER.  The unencoded comma in the header of 
course made the headers invalid. 

Thanks Taylor. Without your nudging me in the right direction I'd probably 
still be banging my head against the wall on this one.


-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Loading twitter javascript using https

[Ahmed Aly]

Hi everyone,

I want to load twitter javascript (http://platform.twitter.com/anywhere.js) 
but using https.
How can I do this?

Thanks!

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Commas (even double encoded) causing "invalid authorization header" errors

[TheMouth]

Hi again.  Sorry my eyes had glazed over during the last posting and I 
pasted the wrong post body (obviously), so here you go:

POST body:

status=I%20am%20a%20comma%2C%20whoops

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Commas (even double encoded) causing "invalid authorization header" errors

[TheMouth]

Hi Taylor, thanks for reply, here's the data from a sample post:


POST body:
   
oauth_consumer_key=4pz4gWpqMjSNTanmpefA&oauth_nonce=275336ce620ac83993bc6b60147830bae9eec07e&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1304636817&oauth_token=286191427-8jpzSLy6Hx4opWxh5yzJLs49RnrWxyLpgytdT3p7&oauth_version=1.0&status=I%20am%20a%20comma%2C%20whoops


Signature Base String

POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.json&oauth_consumer_key%3D4pz4gWpqMjSNTanmpefA%26oauth_nonce%3D275336ce620ac83993bc6b60147830bae9eec07e%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1304636817%26oauth_token%3D286191427-8jpzSLy6Hx4opWxh5yzJLs49RnrWxyLpgytdT3p7%26oauth_version%3D1.0%26status%3DI%2520am%2520a%2520comma%252C%2520whoops


This returns the same error as previously mentioned.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] "Does user X follow user Y?"

[TjL]

http://doesfollow.com/rid00z/dmethvin doesn't say that he is either.
Sounds like a glitch.



On Thu, May 5, 2011 at 3:20 PM, Dave Methvin  wrote:
> Thanks, that sounds like exactly the functionality I want. However, it does
> not seem to show the relationship correctly. For example:
>
> http://api.twitter.com/1/friendships/show.xml?target_screen_name=rid00z&source_screen_name=dmethvin
>
> The result says rid00z is not following me but my profile page says he is.
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Is the verifier pin required in OOB?

[Taylor Singletary]

Apologies for the lack OOB explicit documentation -- it's heavily documented
elsewhere on the web and for the most part follows the exact same OAuth 1.0A
flow, with the exception of the callback step.

oauth_callback=oob should ONLY be passed to the request_token step of OAuth
-- it's invalid to send it to any other end points of OAuth (as of OAuth
1.0A) -- it's not accepted on the authenticate or authorize pages because
there's no way to validate the application set the callback (versus a
malicious man in the middle).

Brief instructions:
1. set your app to desktop mode.
2. issue a request for a request token, including oauth_callback=oob as one
of your parameters
3. once you have the request token, build your link to the authorize page,
including only the oauth_token parameter (corresponding to the request
token)
4. the user will be shown the oauth_verifier / PIN code.
5. ask your user to enter the PIN code, collect and store it temporarily in
your app
6. submit a request for access token, including the PIN code the user gave
you as the value for oauth_verifier

In non-out of band flow, the only difference here is that the value for
oauth_callback is an explicit URL instead and the oauth_verifier is given to
the application on the callback phase rather than being collected by the
end-user.

Hope this clears up the flow for you.

You can keep your application marked as a client mode and still use
oauth_callback=oob, but you can't use dynamic callback URIs with
mode=desktop. Even if you've stored a default callback URL or implicitly
want to do OOB OAuth, I recommend to always always always send an explicit
oauth_callback on the request token step and never rely on any implicit
value that may be stored in your client record.

Taylor

@episod  - Taylor Singletary


On Thu, May 5, 2011 at 3:00 PM, Dave Florek  wrote:

>
> Thanks for bringing this up, Ali.
>
> As far as the link for more #oob info, documentation on the OOB flow
> has apparently been "in the works" for almost two years now (I found
> it mentioned in a post from June 2009), so I naturally have some
> concerns as to how big a priority it is at Twitter.
>
> I'm trying to integrate the OOB flow into a desktop client as well,
> and running into a situation where, now that our company has
> registered a browser-based app with a default oauth_callback url, the
> OOB pincode flow does not appear to be honored at all.  With the
> limited amount of information available, I would expect the following:
>
>
> https://api.twitter.com/oauth/authorize?oauth_token=o1hiPRbH7pYeWuVAV3D0JlcZikr9NshjXXX&oauth_callback=oob
>
> to produce a twitter-hosted page displaying the pincode, even though
> our company has registered a browser-based flow with a default
> callback.  I.e., it seems like the provided oauth_callback value
> should override the default one.  For what it's worth, we have brower-
> based functionality and a related desktop-application, and would
> prefer not to have to register both as separate "applications", if
> instead we could have each of them interact with the Twitter API in
> the manner best suited to it.  Is this even remotely possible?
>
> Thanks,
> Dave
>
>
> On Apr 21, 10:57 pm, Ali  wrote:
> > Full OAuth is not possible for desktop/mobile apps which is what I am
> > implementing.
> > The issue is this. After authenticating a request token a verifier is
> > supplied by Twitter to verify that the user allowed access. There are
> > a couple ways to send this verifier code back to the app.
> >
> > 1. For web apps, Twitter redirects to a developer supplied URL with
> > the verifier added in the query string. The app can easily grab the
> > verifier and use it in the request to exchange the request token for
> > an access token.
> >
> > 2. For desktop/mobile apps, there is really no good way to send it
> > back. Twitter offers theooboption which gives the user a pin number
> > that they would have to enter into the app. This pin acts like the
> > verifier.
> >
> > What I am seeing is that this last step of getting the verifier is not
> > necessary. I am able to exchange the the request token for an access
> > token after it has been authorized by the resource owner without
> > passing the verifier pin.
> >
> > What I want to know is whether this is a bug or temporary behavior or
> > this is the expected behavior. The verifier is really not that
> > essential because Twitter already knows the user has authorized the
> > app. The verifier more allows the app to continue with the process of
> > authentication.
> >
> > I would like to hear from the Twitter dev team on what the long term
> > plans are in regards to the verifier. Is it okay to ignore the
> > verifier for desktop/mobile apps? It is working without it anyway.
> >
> > Thanks,
> > @talrahem
> >
> > On Apr 21, 8:35 am, Arnaud Meunier  wrote:
> >
> >
> >
> >
> >
> >
> >
> > > Hey Ali,
> >
> > > Out of band / PIN code authentication is just one of the OAu

[twitter-dev] Re: Is the verifier pin required in OOB?

[Dave Florek]

Thanks for bringing this up, Ali.

As far as the link for more #oob info, documentation on the OOB flow
has apparently been "in the works" for almost two years now (I found
it mentioned in a post from June 2009), so I naturally have some
concerns as to how big a priority it is at Twitter.

I'm trying to integrate the OOB flow into a desktop client as well,
and running into a situation where, now that our company has
registered a browser-based app with a default oauth_callback url, the
OOB pincode flow does not appear to be honored at all.  With the
limited amount of information available, I would expect the following:

https://api.twitter.com/oauth/authorize?oauth_token=o1hiPRbH7pYeWuVAV3D0JlcZikr9NshjXXX&oauth_callback=oob

to produce a twitter-hosted page displaying the pincode, even though
our company has registered a browser-based flow with a default
callback.  I.e., it seems like the provided oauth_callback value
should override the default one.  For what it's worth, we have brower-
based functionality and a related desktop-application, and would
prefer not to have to register both as separate "applications", if
instead we could have each of them interact with the Twitter API in
the manner best suited to it.  Is this even remotely possible?

Thanks,
Dave


On Apr 21, 10:57 pm, Ali  wrote:
> Full OAuth is not possible for desktop/mobile apps which is what I am
> implementing.
> The issue is this. After authenticating a request token a verifier is
> supplied by Twitter to verify that the user allowed access. There are
> a couple ways to send this verifier code back to the app.
>
> 1. For web apps, Twitter redirects to a developer supplied URL with
> the verifier added in the query string. The app can easily grab the
> verifier and use it in the request to exchange the request token for
> an access token.
>
> 2. For desktop/mobile apps, there is really no good way to send it
> back. Twitter offers theooboption which gives the user a pin number
> that they would have to enter into the app. This pin acts like the
> verifier.
>
> What I am seeing is that this last step of getting the verifier is not
> necessary. I am able to exchange the the request token for an access
> token after it has been authorized by the resource owner without
> passing the verifier pin.
>
> What I want to know is whether this is a bug or temporary behavior or
> this is the expected behavior. The verifier is really not that
> essential because Twitter already knows the user has authorized the
> app. The verifier more allows the app to continue with the process of
> authentication.
>
> I would like to hear from the Twitter dev team on what the long term
> plans are in regards to the verifier. Is it okay to ignore the
> verifier for desktop/mobile apps? It is working without it anyway.
>
> Thanks,
> @talrahem
>
> On Apr 21, 8:35 am, Arnaud Meunier  wrote:
>
>
>
>
>
>
>
> > Hey Ali,
>
> > Out of band / PIN code authentication is just one of the OAuth
> > authentication flows we are supporting. 
> > Cfhttp://dev.twitter.com/pages/auth_overview
>
> > If your app can handle the full OAuth process, stick to it and forget about
> >OOB:)
>
> > Arnaud / @rno 
>
> > On Wed, Apr 20, 2011 at 10:23 PM, Ali  wrote:
> > > Hi,
>
> > > I've been experimenting with OAuth authentication with the Twitter API
> > > for desktop/mobile apps and found out that the verifier pin is not
> > > necessary. Once the the request token is authorized, I am able to
> > > exchange it for an access token without providing the pin code.
>
> > > Is this the official expected behavior? I couldn't find any info on
> > >OOBin the API documentation. It is just barely mentioned and the link
> > > for more info doesn't work.
>
> > > Is there any documented behavior regarding the verifier pin and
> > > whether requiring the user to enter the pin is recommended or
> > > required?
>
> > > Thanks
>
> > > --
> > > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > > API updates via Twitter:http://twitter.com/twitterapi
> > > Issues/Enhancements Tracker:
> > >http://code.google.com/p/twitter-api/issues/list
> > > Change your membership to this group:
> > >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Twitter - ATOM - tag

[Pavithra]

Hello,

My friend and I are working on an app that extracts tweets in and
around a location and displays the tweets as text as well as on the
map. We are getting tweets with geo location but are wondering how to
extract the data in the  tag. We are using PHP to
display the tweets. Along with the tweets I'd like to display the
location too (and then later on mark it on the map.

Here is an entry of the tweet in ATOM format:

 
tag:search.twitter.com,2005:66218119324123136
2011-05-05T19:10:04Z
http://twitter.com/kath/statuses/
66218119324123136" rel="alternate"/>
Dazzling video: Plan of the City by Joshua Frankel, with
music by @juddgreenstein and @NOWEnsemble. http://bit.ly/kHXzAZ
Dazzling video: Plan of the City by Joshua
Frankel, with music by @juddgreenstein and @NOWEnsemble. http://bit.ly/
kHXzAZ
2011-05-05T19:10:04Z
http://a1.twimg.com/profile_images/
185321700/Kath_normal.jpg" rel="image"/>
New York



  recent

web
en

  kath (Kath)
  http://twitter.com/kath

  

Here is the code that we use to display the details of a Tweet.

foreach( $results->entry as $result )   // for ATOM
{

echo "author->uri ."\">". $result->author-
>name ."link[1]->attributes()-
>href ."\" style=\"float: left;\">". $result->content." ";
}

I was thinking more on the lines of $result->google:location Tried
all combinations. Nothing worked. Could not find anything on when
searching the Internet about this.

Would be great if anyone could answer this for us.

Thanks,
Pavithra

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] status/update in_reply_to ignored

[Colt Fred]

Greetings community,

I've experienced a problem recently that I can't find an "official"
answer to.  I'm attempting to use the update rest api and I'm passing
in "in_reply_to=XX", but it's being ignored.  If I include a
"@user" where user is the owner of the tweet id I passed in, it works
fine.

The official api documentation makes no note of this and I see that
there was talk of not requiring the @user here(http://
groups.google.com/group/twitter-development-talk/browse_thread/thread/
f009c76d17199084?pli=1) but I also see someone complaining about the
same problem here (http://groups.google.com/group/twitter-development-
talk/browse_thread/thread/4ed686abbf59164b).

What's twitter's official stance?  If it is required to make the "in
reply to link", it should be noted in the api documentation.

Thanks!

Colt

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] "Does user X follow user Y?"

[Dave Methvin]

Thanks, that sounds like exactly the functionality I want. However, it does 
not seem to show the relationship correctly. For example:

http://api.twitter.com/1/friendships/show.xml?target_screen_name=rid00z&source_screen_name=dmethvin

The result says rid00z is not following me but my profile page says he is. 

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: At Reply Spam

[hax0rsteve]

+1

It is Twitter's ball.


On 5 May 2011, at 20:04, TjL wrote:

> On Thu, May 5, 2011 at 2:56 PM, Dewald Pretorius  wrote:
>> If not, then you may have de facto invalidated that section of your
>> rules and by implication exempted all developers and applications from
>> it.
> 
> HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA.
> 
> Um… Yeah.
> 
> Here's the thing: it's Twitter's playground.
> 
> They can do whatever they want with it.
> 
> Just because they do it, doesn't mean you can do it.
> 
> I don't know what sort of universal, "nature law" you think applies
> here, but it doesn't.
> 
> TjL
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: At Reply Spam

[TjL]

On Thu, May 5, 2011 at 2:56 PM, Dewald Pretorius  wrote:
> If not, then you may have de facto invalidated that section of your
> rules and by implication exempted all developers and applications from
> it.

HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA.

Um… Yeah.

Here's the thing: it's Twitter's playground.

They can do whatever they want with it.

Just because they do it, doesn't mean you can do it.

I don't know what sort of universal, "nature law" you think applies
here, but it doesn't.

TjL

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: At Reply Spam

[Dewald Pretorius]

Arnaud,

That's comforting to know. With that being the case, can you please
enlighten us as to why Twitter is apparently violating its own rules,
which, as you said, are still in force and we all still are apparently
expected to adhere to?

Let me help you and quote from your rules the appropriate text: "If
you are automatically sending @reply messages or Mentions to a bunch
of users, the recipients must request or approve this action in
advance."

Have any of the users targeted by @twittersuggests, which is sending
automated @reply messages "to a bunch of users", explicitly requested
or approved this action in advance?

If not, then you may have de facto invalidated that section of your
rules and by implication exempted all developers and applications from
it.

On May 5, 12:45 pm, Arnaud Meunier  wrote:
> Hey Dewald,
>
> Neither our TOS nor our Automation Rules & Best Practices 
> (http://support.twitter.com/articles/76915) have changed since the launch
> of @twittersuggests experimental feature :)
>
> Arnaud / @rno 
>
>
>
>
>
>
>
> On Thu, May 5, 2011 at 6:00 AM, TjL  wrote:
> > On Thu, May 5, 2011 at 8:31 AM, Dewald Pretorius  wrote:
> > > With reference to @twittersuggests, is other unsolicited @reply spam
> > > now also officially sanctioned by Twitter?
>
> > When has Twitter ever given you the idea that they were playing by the
> > same rules as everyone else?
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: What's the best practices when creating a mobile app as an extension to a web app in regards to oauth?

[Brian Sutorius]

We recommend separate application registrations for each platform
(http://support.twitter.com/articles/79901) and this is the approach
we take (web, Twitter for iPhone, Twitter for Android, and so on). You
may not use the exact same name across multiple applications, however.

Brian Sutorius
Twitter API Policy

On May 5, 9:01 am, YCBM  wrote:
> Hi All,
>
> When an existing web app that is setup and registered on Twitter
> decides to launch a mobile extension, what are the best practices
> involved here with oauth?
>
> Are there may be benefits of registering a new app on Twitter with all
> new API key & Consumer Secret/Key than what you are using for the web
> app?  Does it provide any more security in any way to have both the
> web app and mobile app using separate keys?
>
> If so, can you register a mobile app with the same name as one that
> exists (assuming you own both)?  We'd like the source name of status
> updates to come from the same name as our web app/brand if possible.
> That may not be possible, not sure.
>
> Any guidance is greatly appreciated.
>
> Best,
> YCB

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Commas (even double encoded) causing "invalid authorization header" errors

[Taylor Singletary]

Can you share an example of your POST body and the accompanying OAuth
signature base string?

Here's a quick example of a successful POST with commas and spaces, tweeting
the phrase "I like commas, but don't understand their syntax."

My POST body:
status=I%20like%20commas%2c%20but%20don%27t%20understand%20their%20syntax.

My Signature Base string:
POST&http%3A%2F%2Fapi.twitter.com
%2F1%2Fstatuses%2Fupdate.xml&oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DO6OYWbaeCxndCffIa5HYwSmxXufoICIoGvuqwpACc%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1304618104%26oauth_token%3D119476949-gF0B5O1Wwa2UqqIwopAhQtQVTzmfSIOSiHQS7Vf8%26oauth_version%3D1.0%26status%3DI%2520like%2520commas%252C%2520but%2520don%2527t%2520understand%2520their%2520syntax.

You only want to encode the comma once within your POST body, but twice
within your oauth signature base string (because you're escaping the already
escaped value).

Resultant status:
https://twitter.com/#!/oauth_dancer/status/66199246407344128

@episod  - Taylor Singletary


On Thu, May 5, 2011 at 10:17 AM, TheMouth  wrote:

> Hi Guys,
>
> I'm working on a web application that includes posting to twitter as part
> of it's functionality.  This works flawlessly until someone enters a comma
> in the status.
>
>- I've done the googling on this and double checked that the status
>text is being double-encoded, confirming that the commas are being sent as
>%252C .
>- The response error that I'm getting back from twitter is "invalid
>authorization headers". However the same tweet without the commas doesn't
>generate this error
>- I can debug the application and check the params against
>http://oauth.googlecode.com/svn/code/javascript/example/signature.htmland 
> the signature that we're sending matches the one generated there.
>
>
> Any ideas on why a comma would cause this even though it's double-encoded
> and the signature is valid?  I'm willing to pastebin some code of it would
> help.
>
> Thanks
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Commas (even double encoded) causing "invalid authorization header" errors

[TheMouth]

Hi Guys,

I'm working on a web application that includes posting to twitter as part of 
it's functionality.  This works flawlessly until someone enters a comma in 
the status.  

   - I've done the googling on this and double checked that the status text 
   is being double-encoded, confirming that the commas are being sent as %252C 
   .  
   - The response error that I'm getting back from twitter is "invalid 
   authorization headers". However the same tweet without the commas doesn't 
   generate this error
   - I can debug the application and check the params 
   against 
http://oauth.googlecode.com/svn/code/javascript/example/signature.html 
   and the signature that we're sending matches the one generated there.  
   

Any ideas on why a comma would cause this even though it's double-encoded 
and the signature is valid?  I'm willing to pastebin some code of it would 
help. 

Thanks

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] "Does user X follow user Y?"

[TjL]

On Thu, May 5, 2011 at 1:06 PM, Dave Methvin  wrote:
> The Twitter API lets me get the followers of Y but it seems wasteful and
> slow to request what could be a list of hundreds of followers in the social
> graph and look for X on the client side. Is there a better and faster way?
>

http://dev.twitter.com/doc/get/friendships/show

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] "Does user X follow user Y?"

[Dave Methvin]

The Twitter API lets me get the followers of Y but it seems wasteful and 
slow to request what could be a list of hundreds of followers in the social 
graph and look for X on the client side. Is there a better and faster way?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] At Reply Spam

[M. Edward (Ed) Borasky]

Twitter is supposed to be entertaining and informative. I don't know
about all of you, but I got a good belly laugh from discovering this
on Louis Gray's blog last night, following the links to some NSFW
tweets and then reading the ReadWriteWeb post Marshall Kirkpatrick
made on the subject. ;-)

Yeah, it's a bad idea IMHO but I did need a good laugh.

On Thu, May 5, 2011 at 9:07 AM, TjL  wrote:
> On Thu, May 5, 2011 at 11:45 AM, Arnaud Meunier  wrote:
>> Neither our TOS nor our Automation Rules & Best Practices
>> (http://support.twitter.com/articles/76915) have changed since the launch
>> of @twittersuggests experimental feature :)
>
> I think that's pretty much what I said :)
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk
>



-- 
http://twitter.com/znmeb http://borasky-research.net

"A mathematician is a device for turning coffee into theorems." -- Paul Erdős

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] At Reply Spam

[TjL]

On Thu, May 5, 2011 at 11:45 AM, Arnaud Meunier  wrote:
> Neither our TOS nor our Automation Rules & Best Practices
> (http://support.twitter.com/articles/76915) have changed since the launch
> of @twittersuggests experimental feature :)

I think that's pretty much what I said :)

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] What's the best practices when creating a mobile app as an extension to a web app in regards to oauth?

[YCBM]

Hi All,

When an existing web app that is setup and registered on Twitter
decides to launch a mobile extension, what are the best practices
involved here with oauth?

Are there may be benefits of registering a new app on Twitter with all
new API key & Consumer Secret/Key than what you are using for the web
app?  Does it provide any more security in any way to have both the
web app and mobile app using separate keys?

If so, can you register a mobile app with the same name as one that
exists (assuming you own both)?  We'd like the source name of status
updates to come from the same name as our web app/brand if possible.
That may not be possible, not sure.

Any guidance is greatly appreciated.

Best,
YCB

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] window.open() and OAuth

[Corey Ballou]

Your new OAuth authentication handler does a check to determine if the
window has been opened in a new window and triggers a resize.

I'll preface this message by saying that I have a high res monitor at
1920x1600. I currently have handling to center the window. Your new
JavaScript is essentially resizing the window outside of the viewport,
giving no consideration to the end user's window height or current
window position.

Is this something that can be resolved? It's kind of a nuisance. I'll
repost in the tracker.

- Corey

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] At Reply Spam

[Arnaud Meunier]

Hey Dewald,

Neither our TOS nor our Automation Rules & Best Practices (
http://support.twitter.com/articles/76915) have changed since the launch
of @twittersuggests experimental feature :)

Arnaud / @rno 



On Thu, May 5, 2011 at 6:00 AM, TjL  wrote:

> On Thu, May 5, 2011 at 8:31 AM, Dewald Pretorius  wrote:
> > With reference to @twittersuggests, is other unsolicited @reply spam
> > now also officially sanctioned by Twitter?
>
> When has Twitter ever given you the idea that they were playing by the
> same rules as everyone else?
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] On posting a status update: Where to go after acquiring an oauth_access_token?

[kneet]

So, I'm trying to do a Twitter status update from within a Javascript
project for PhoneGap*.

So far I have:

- the oauth_access_token that's been given to me by twitter in the
querystring of the postback URL (i thought I was nearly there it this
point)
- a url to post the message to (http://api.twitter.com/version/
statuses/update.json)

Can someone clear the following things up for me?

- The oauth documentation speaks of a 'oauth_token' as the final token
you need to act on behalf of the user. However, twitter returns me
'oauth_access_token' instead. Are these the same?
- What does the final request to 
http://api.twitter.com/version/statuses/update.json
looks like exactly? I can;t belief they don't provide an example in
the documentation.

Many, many things if someone can help me!

*on a side note: this is the main reason why I don't use @anywhere.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Displaying Media

[greenz]

Many thanks!

On May 5, 10:28 am, Scott Wilcox  wrote:
> Your best bet is probably contacting a...@twitter.com and taking it from 
> there.
>
> On 5 May 2011, at 15:16, greenz wrote:
>
>
>
>
>
>
>
>
>
> > Thanks Scott, would you happen to know the proper channels one would
> > need to go through in order to allow this kind of access? For new
> > webapps this seems to be an unfair advantage of only allowing select
> > dev's this type of access. I understand I have to play by twitters
> > rules and im welling to abide by them but it would be nice to be on an
> > evening planning field. Thanks!
>
> > greenz
>
> > On May 5, 10:03 am, Scott Wilcox  wrote:
> >> This form of inline media display is only provided via select partners for 
> >> Twitter. At the present time, there are no endpoints for developers to 
> >> interact with this service.
>
> >> On 5 May 2011, at 14:55, greenz wrote:
>
> >>> Hello,
>
> >>>  I am trying to find the correct format to display media in users
> >>> status updates. Just as twitpic and twitvid have their media
> >>> automatically parsed when they tweet updates what would be the correct
> >>> format to allow this from another web app? What media extensions do
> >>> you support mp4 & flv? Does the webapp need to be whitelisted? I
> >>> looked all through the api documentation and found no mention to this
> >>> particular need. Thanks!
>
> >>> greenz
>
> >>> --
> >>> Twitter developer documentation and resources:http://dev.twitter.com/doc
> >>> API updates via Twitter:http://twitter.com/twitterapi
> >>> Issues/Enhancements 
> >>> Tracker:http://code.google.com/p/twitter-api/issues/list
> >>> Change your membership to this 
> >>> group:http://groups.google.com/group/twitter-development-talk
>
> >> --
> >> Scott Wilcox
>
> >> @dordotky | sc...@dor.ky |http://dor.ky
> >> +44 (0) 7538 842418 | +1 (646) 827-0580
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this 
> > group:http://groups.google.com/group/twitter-development-talk
>
> --
> Scott Wilcox
>
> @dordotky | sc...@dor.ky |http://dor.ky
> +44 (0) 7538 842418 | +1 (646) 827-0580

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: Displaying Media

[Scott Wilcox]

Your best bet is probably contacting a...@twitter.com and taking it from there.

On 5 May 2011, at 15:16, greenz wrote:

> Thanks Scott, would you happen to know the proper channels one would
> need to go through in order to allow this kind of access? For new
> webapps this seems to be an unfair advantage of only allowing select
> dev's this type of access. I understand I have to play by twitters
> rules and im welling to abide by them but it would be nice to be on an
> evening planning field. Thanks!
> 
> greenz
> 
> On May 5, 10:03 am, Scott Wilcox  wrote:
>> This form of inline media display is only provided via select partners for 
>> Twitter. At the present time, there are no endpoints for developers to 
>> interact with this service.
>> 
>> On 5 May 2011, at 14:55, greenz wrote:
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>> Hello,
>> 
>>>  I am trying to find the correct format to display media in users
>>> status updates. Just as twitpic and twitvid have their media
>>> automatically parsed when they tweet updates what would be the correct
>>> format to allow this from another web app? What media extensions do
>>> you support mp4 & flv? Does the webapp need to be whitelisted? I
>>> looked all through the api documentation and found no mention to this
>>> particular need. Thanks!
>> 
>>> greenz
>> 
>>> --
>>> Twitter developer documentation and resources:http://dev.twitter.com/doc
>>> API updates via Twitter:http://twitter.com/twitterapi
>>> Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list
>>> Change your membership to this 
>>> group:http://groups.google.com/group/twitter-development-talk
>> 
>> --
>> Scott Wilcox
>> 
>> @dordotky | sc...@dor.ky |http://dor.ky
>> +44 (0) 7538 842418 | +1 (646) 827-0580
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk

--
Scott Wilcox

@dordotky | sc...@dor.ky | http://dor.ky
+44 (0) 7538 842418 | +1 (646) 827-0580



-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: Displaying Media

[greenz]

Thanks Scott, would you happen to know the proper channels one would
need to go through in order to allow this kind of access? For new
webapps this seems to be an unfair advantage of only allowing select
dev's this type of access. I understand I have to play by twitters
rules and im welling to abide by them but it would be nice to be on an
evening planning field. Thanks!

greenz

On May 5, 10:03 am, Scott Wilcox  wrote:
> This form of inline media display is only provided via select partners for 
> Twitter. At the present time, there are no endpoints for developers to 
> interact with this service.
>
> On 5 May 2011, at 14:55, greenz wrote:
>
>
>
>
>
>
>
>
>
> > Hello,
>
> >  I am trying to find the correct format to display media in users
> > status updates. Just as twitpic and twitvid have their media
> > automatically parsed when they tweet updates what would be the correct
> > format to allow this from another web app? What media extensions do
> > you support mp4 & flv? Does the webapp need to be whitelisted? I
> > looked all through the api documentation and found no mention to this
> > particular need. Thanks!
>
> > greenz
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this 
> > group:http://groups.google.com/group/twitter-development-talk
>
> --
> Scott Wilcox
>
> @dordotky | sc...@dor.ky |http://dor.ky
> +44 (0) 7538 842418 | +1 (646) 827-0580

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Displaying Media

[Scott Wilcox]

This form of inline media display is only provided via select partners for 
Twitter. At the present time, there are no endpoints for developers to interact 
with this service.

On 5 May 2011, at 14:55, greenz wrote:

> Hello,
> 
>  I am trying to find the correct format to display media in users
> status updates. Just as twitpic and twitvid have their media
> automatically parsed when they tweet updates what would be the correct
> format to allow this from another web app? What media extensions do
> you support mp4 & flv? Does the webapp need to be whitelisted? I
> looked all through the api documentation and found no mention to this
> particular need. Thanks!
> 
> greenz
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk

--
Scott Wilcox

@dordotky | sc...@dor.ky | http://dor.ky
+44 (0) 7538 842418 | +1 (646) 827-0580



-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Displaying Media

[greenz]

Hello,

  I am trying to find the correct format to display media in users
status updates. Just as twitpic and twitvid have their media
automatically parsed when they tweet updates what would be the correct
format to allow this from another web app? What media extensions do
you support mp4 & flv? Does the webapp need to be whitelisted? I
looked all through the api documentation and found no mention to this
particular need. Thanks!

greenz

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] How application shoud get to know if access token is revoked?

[Scott Wilcox]

If you have existing tokens for a user, make a call to the verify_credentials 
endpoint. If you get an error back, tokens aren't valid.

Twitter doesn't provide 'pings' for when users un-authorise your application.

On 5 May 2011, at 12:01, ss.require wrote:

> Let's consider I have got the access token and works with the API
> successfully during some time. At some point the user restricts the
> access for my App in the twitter's application tab or by some other
> means. It would be a good idea to let my app to know about that so I
> won't send useless requests. How my app shoud be notified if the
> access token is revoked? Maybe during request I will get the special
> error that indicates that or twitter will send me notification about
> that?
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk

--
Scott Wilcox

@dordotky | sc...@dor.ky | http://dor.ky
+44 (0) 7538 842418 | +1 (646) 827-0580



-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Cookies for Tweet Button

[Tony House]

I am a web developer with the Census Bureau.
We are hoping to place the "Tweet" button on some of our pages
(@USCensusBureau the official account for the Census!) Being that we
are government we have rules about cookies on our web pages. I can see
that Twitter sets a total of 14 cookies, 10 of which are persistent. I
am trying to find any information regarding these cookies. I need to
know what those cookies are and what information they are collecting
and who sees that information. (For instance, I don't really care why
__qca needs to exist indefinitely, but I would like to know what __qca
is, what it's recording, who sees this, etc).
Any help would be greatly appreciated.
Thanks.
Tony

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] How application shoud get to know if access token is revoked?

[ss.require]

Let's consider I have got the access token and works with the API
successfully during some time. At some point the user restricts the
access for my App in the twitter's application tab or by some other
means. It would be a good idea to let my app to know about that so I
won't send useless requests. How my app shoud be notified if the
access token is revoked? Maybe during request I will get the special
error that indicates that or twitter will send me notification about
that?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: API requests redirect my server to /suspended

[Thomas Feron]

Hey Arnaud,

Thank you a lot for your help, I was missing something.

Thomas Feron.

On 2 mai, 05:41, Arnaud Meunier  wrote:
> Hey Thomas,
>
> "/statuses" is not a valid API endpoint, and our routing system assumes
> you're trying to reach the "statuses" account, which is suspended 
> (cfhttp://twitter.com/statuses).
>
> Take a look on our timeline resources onhttp://dev.twitter.com/docand use
> one of these endpoints (for example "/1/statuses/public_timeline.json")
> instead.
>
> Arnaud / @rno 
>
>
>
>
>
>
>
> On Sun, May 1, 2011 at 7:23 AM, Thomas Feron  wrote:
> > Hello,
>
> > My application currently gets an access token and save it to a
> > database for each member of my website. I checked the access tokens
> > saved for my account and the ones in Your Apps > MyApp > My Access
> > Token and they are correct. My account is not suspended and there is
> > nothing on my application's page which says that it is suspended
> > neither.
>
> > I don't understand why I am redirected to /suspended when I request a
> > page like /statuses while both of my account and my app are accepted.
>
> > Is there anybody who can explain my problem ?
>
> > I'm developing in Ruby using the OAuth gem. I do something like :
> > OAuth::AccessToken.new(MyApp::Application.twitter_consumer, db_token,
> > db_token_secret).get('/statuses')
> > with the MyApp::Application.twitter_consumer method returning :
> > OAuth::Consumer.new(consumer_key, consumer_secret, { :site => 'https://
> > api.twitter.com' })
>
> > Thank you,
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] At Reply Spam

[TjL]

On Thu, May 5, 2011 at 8:31 AM, Dewald Pretorius  wrote:
> With reference to @twittersuggests, is other unsolicited @reply spam
> now also officially sanctioned by Twitter?

When has Twitter ever given you the idea that they were playing by the
same rules as everyone else?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] At Reply Spam

[Dewald Pretorius]

With reference to @twittersuggests, is other unsolicited @reply spam
now also officially sanctioned by Twitter?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Getting past the rate-limiting confusion

[Scott Wilcox]

Each OAuth user you're making requests on behalf of gets 350 calls. So, in 
total you do have 350*100 calls, but only a maximum of 350 for each user. You 
can check the headers being returned from the API to see what class of 
rate-limting is being enforced. What action are you performing when you're 
hitting the rate-limiting?

On 5 May 2011, at 02:12, Bizzy User wrote:

> I have ran into a problem recently when my app (less than a 100 active
> users) started giving me rate-limiting exceptions. Reading about rate-
> limiting on Twitter and on many threads on this group have completely
> confused me by now. Could someone please succinctly describe how rate-
> limiting works? I am making authenticated requests for rate-limited
> REST methods. Should I be able to make 350 calls per authenticated
> user per hour (350*100 per hour at most if that is the case) or should
> I expect to be rate-limited based on my application's origin-IP (which
> seems to be the behavior we've observed so far) limiting me to only
> 350 calls per hour? It would be really great to get a clear picture
> about this so we know whether or not the time spent in building
> applications around the Twitter ecosystem is even worthwhile.
> 
> Thanks,
> Ravi Giroti
> Data Architect
> Bizzy Inc.
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk

--
Scott Wilcox

@dordotky | sc...@dor.ky | http://dor.ky
+44 (0) 7538 842418 | +1 (646) 827-0580



-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk