[twitter-dev] tco crawler details
If tco is to be the new three-letter agency and gatekeeper, we would like to treat it nice and whitelist its crawler. If tco is inadvertantly blocked, what happens? I do not know if we have already been checked by tco as I have not sent or received a dm with one of our own URLs. What are the user-agent and IP addresses used by this crawler? Does it check robots.txt? And since, for some, a tco thumbsdown could be a problem, is there a (speedy) appeals process?
Re: [twitter-dev] share on twitter button
You can use the @Anywhere TweetBox: http://dev.twitter.com/anywhere/begin#tweetbox Or send them to https://twitter.com/?status=text+goes+here Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Thu, Jun 10, 2010 at 16:18, mcmmike m...@mustcodemore.com wrote: how do i go about creating a button that would allow a user on MY website to post a custom message like: this is a amazing website http://blah.com; on their twitter feed? I have seen tools like ShareThis or whatever but we want a bare bones type of link. Do we have to interface with the API and on first time use do the authentication process with twitter? or is there a way to fill in the message box without that. WE are not looking to actually post the message - just take the user to their twitter page and display the message in the box. thanks in advance,
Re: [twitter-dev] tco crawler details
t.co is not a crawler; Are you referring to the URL unpacking process or something else? -john On Thu, Jun 10, 2010 at 11:46 PM, Ken k...@cimas.ch wrote: If tco is to be the new three-letter agency and gatekeeper, we would like to treat it nice and whitelist its crawler. If tco is inadvertantly blocked, what happens? I do not know if we have already been checked by tco as I have not sent or received a dm with one of our own URLs. What are the user-agent and IP addresses used by this crawler? Does it check robots.txt? And since, for some, a tco thumbsdown could be a problem, is there a (speedy) appeals process?
[twitter-dev] Re: tco crawler details
Presumably, in order to check that a URL is not malicious, it would have to be accessed and analysed by tco. In his post Raffi said, Twitter will redirect them to the original URL after first confirming with our database that that URL is not malicious. So it's not by domain, but by URL. One of our Twitter apps is built in to our CMS workflow and tweets new content that an editor has selected. Now, I guess - unless domains can be whitelisted - Twitter will have to crawl and approve the newly minted content page... before publishing the Tweet ?? On Jun 11, 12:00 pm, John Adams j...@twitter.com wrote: t.co is not a crawler; Are you referring to the URL unpacking process or something else? -john On Thu, Jun 10, 2010 at 11:46 PM, Ken k...@cimas.ch wrote: If tco is to be the new three-letter agency and gatekeeper, we would like to treat it nice and whitelist its crawler. If tco is inadvertantly blocked, what happens? I do not know if we have already been checked by tco as I have not sent or received a dm with one of our own URLs. What are the user-agent and IP addresses used by this crawler? Does it check robots.txt? And since, for some, a tco thumbsdown could be a problem, is there a (speedy) appeals process?
[twitter-dev] Re: Pagination limits lowered on home timeline?
I'm experiencing a similar problem. I'm trying to download all my own statuses (for rdhyee) via the API but have only been able to get 728. For example http://api.twitter.com/1/statuses/user_timeline.json?screen_name=rdhyeecount=200page=5 (http://bit.ly/b0s8gE) is the last page of 200 statuses I can get but http://api.twitter.com/1/statuses/user_timeline.json?screen_name=rdhyeecount=200page=6 (http://bit.ly/aU4TYT) returns no tweets. I have over 2000 tweets, so the latter call should still return statuses. Has the 3200 limit changed? Or is that an upper limit -- that is, you're guaranteed that you will never get more than 3200 but you might get fewer? -Raymond On Jun 2, 5:26 am, Andrej kov...@googlemail.com wrote: Hello, based on API doc there is a limit of3,200statuses for home timeline: 'Clients may access up to3,200statuses via the page and count parameters for timeline REST API methods' I noticed today that I can only fetch last 800 statuses only. Anyone else experiencing same issue? Thanks
RE: [twitter-dev] tco crawler details
Of course it is. Twitter were asked what defines a bad site on the second day but I haven't seen a reply apart from more questions about who is making the choice, eg will pornography be classed as bad, will religious free speech be classed as bad. I don't think the Twitheads thought through what it means to now offer an aol version of the web and the long term responsibilities that this entails through implicit guarantees to their users. Of course Ken you don't expect them to publish their ip address list do youotherwise some smartass would route this ip address to a clean site and everyone else to the bad content. Regards, Dean Collins Cognation Inc d...@cognation.net mailto:d...@cognation.net +1-212-203-4357 New York +61-2-9016-5642 (Sydney in-dial). +44-20-3129-6001 (London in-dial). From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of John Adams Sent: Friday, 11 June 2010 6:00 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] tco crawler details t.co is not a crawler; Are you referring to the URL unpacking process or something else? -john On Thu, Jun 10, 2010 at 11:46 PM, Ken k...@cimas.ch wrote: If tco is to be the new three-letter agency and gatekeeper, we would like to treat it nice and whitelist its crawler. If tco is inadvertantly blocked, what happens? I do not know if we have already been checked by tco as I have not sent or received a dm with one of our own URLs. What are the user-agent and IP addresses used by this crawler? Does it check robots.txt? And since, for some, a tco thumbsdown could be a problem, is there a (speedy) appeals process?
[twitter-dev] Re: tco crawler details
Dean - I meant the IP of the crawler - we have lots of DENY ACLs in place to curb rogue bots. On Jun 11, 3:21 pm, Dean Collins d...@cognation.net wrote: Of course it is. Twitter were asked what defines a bad site on the second day but I haven't seen a reply apart from more questions about who is making the choice, eg will pornography be classed as bad, will religious free speech be classed as bad. I don't think the Twitheads thought through what it means to now offer an aol version of the web and the long term responsibilities that this entails through implicit guarantees to their users. Of course Ken you don't expect them to publish their ip address list do youotherwise some smartass would route this ip address to a clean site and everyone else to the bad content. Regards, Dean Collins Cognation Inc d...@cognation.net mailto:d...@cognation.net +1-212-203-4357 New York +61-2-9016-5642 (Sydney in-dial). +44-20-3129-6001 (London in-dial). From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of John Adams Sent: Friday, 11 June 2010 6:00 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] tco crawler details t.co is not a crawler; Are you referring to the URL unpacking process or something else? -john On Thu, Jun 10, 2010 at 11:46 PM, Ken k...@cimas.ch wrote: If tco is to be the new three-letter agency and gatekeeper, we would like to treat it nice and whitelist its crawler. If tco is inadvertantly blocked, what happens? I do not know if we have already been checked by tco as I have not sent or received a dm with one of our own URLs. What are the user-agent and IP addresses used by this crawler? Does it check robots.txt? And since, for some, a tco thumbsdown could be a problem, is there a (speedy) appeals process?
Re: [twitter-dev] tco crawler details
We've already been checking for bad links now for at least a year, if not 18 months. It's been so long, I can't remember when it went into production. Link checking seems to work very well. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. On Fri, Jun 11, 2010 at 6:21 AM, Dean Collins d...@cognation.net wrote: Of course it is. Twitter were asked what “defines” a “bad” site on the second day but I haven’t seen a reply apart from more questions about who is making the choice, eg will pornography be classed as “bad”, will religious free speech be classed as “bad”. I don’t think the Twitheads thought through what it means to now offer an “aol” version of the web and the long term responsibilities that this entails through implicit guarantees to their users. Of course Ken you don’t expect them to publish their ip address list do you….otherwise some smartass would route this ip address to a “clean” site and everyone else to the “bad” content. Regards, Dean Collins Cognation Inc d...@cognation.net +1-212-203-4357 New York +61-2-9016-5642 (Sydney in-dial). +44-20-3129-6001 (London in-dial). From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of John Adams Sent: Friday, 11 June 2010 6:00 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] tco crawler details t.co is not a crawler; Are you referring to the URL unpacking process or something else? -john On Thu, Jun 10, 2010 at 11:46 PM, Ken k...@cimas.ch wrote: If tco is to be the new three-letter agency and gatekeeper, we would like to treat it nice and whitelist its crawler. If tco is inadvertantly blocked, what happens? I do not know if we have already been checked by tco as I have not sent or received a dm with one of our own URLs. What are the user-agent and IP addresses used by this crawler? Does it check robots.txt? And since, for some, a tco thumbsdown could be a problem, is there a (speedy) appeals process?
[twitter-dev] OAuth Base String generation
Hi, I've been trying to work through the OAuth steps presented at http://dev.twitter.com/pages/auth#signing-requests . The psuedo-code for base-string generation is given as httpMethod + + url_encode( base_uri ) + + sorted_query_params.each { | k, v | url_encode ( k ) + %3D + url_encode ( v ) }.join(%26) But, this doesn't seem to work with the params on the example. The example has baseString = POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Frequest_tokenoauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0 With the above algorithm, wouldn't the baseString end up as ...oauth_callback%3Dhttp%3A%2F%2Flocalhost...%26oauth_consumer_key%3D...? The %3A seems to be getting encoded somehow to %253A in the example. I have been able to get my result to match the example result by modifying the algorithm to be httpMethod + + url_encode( base_uri ) + + url_encode(sorted_query_params.each { | k, v | url_encode ( k ) + = + url_encode ( v ) }.join()) Reading the comments at http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/, it seems we should be doing a double url-encode? Is that right or am I missing something (and this workaround is just working in this example)? Regards George
[twitter-dev] Problems with oauth request_token
Hello gentlemans, I'm working on a client twitter that uses HTTP proxy in Java. I struggling with the OAuth request_token that returns me HTTP 401 Unauthorized. Consumer key=3P1dah6urSdAo9voKDJDA Consumer secret=kMYprvWb0UQ0L8oAin2dQJArUQfMcjuVSjOjyHzTv8E -- I already added the in the end of it twitterURL=[https://api.twitter.com/oauth/request_token] authorizationData=[OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=901dc12600ac1cdbc082d57d4aef7bfc, oauth_signature_method=HMAC-SHA1, oaut h_timestamp=1276235403668, oauth_version=1.0, oauth_signature=5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D] basedata=[POSThttps%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] And it returns the error: errorStream=[Failed to validate oauth signature and token] In order to check what I'm sending, I create a HttpListener and redirected the api.twitter.com to localhost:8000 and here is the header. Any suggestion is very welcome. POST /oauth/request_token HTTP/1.1 Authorization: OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=2c449ca3c5a8637a8a9152d896c6d8bd, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276236145594, oauth_version=1.0, oauth_signature=y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D User-Agent: Java/1.6.0_20 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 266 POSThttp%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau th_version%3D1.0. Best regards, Leo Meirelles
[twitter-dev] OAuth statuses/followers
I hope somebody could help me with my problem regarding the Twitter OAuth If I use $oauth-get('statuses/followers'); I get the first 100 followers. If I use $oauth-get('statuses/followers', array('cursor' = $cursor)); I have to use this code: ?php $cursor = -1; $followers = $oauth-get('statuses/followers', array('cursor' = $cursor)); $totaal = count($followers); while ($totaal 1) { for($x=0; $x$totaal; $x++) { if(preg_match(/^.date('D M d'). 0([3-9]{1}):([0-9]{2}):([0-9] {2}) \+([0-9]{4}) .date('Y')./,$followers[$x]-status-created_at) || $followers[$x]-protected) { } } $cursor++; $followers = $oauth-get('statuses/followers', array('cursor' = $cursor)); $totaal = count($followers); ? But that seems not to get working. And without the cursor idea, I get only the first 100 followers. Is there a easy solution for this?
[twitter-dev] Geo-caching Without Lat/Long
Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks.
Re: [twitter-dev] OAuth statuses/followers
Hi Rick, Depending on what you are trying to obtain we recommend using the friends/ids [1] and followers/ids [2] methods in combination with the user/lookup [3] if you need more information about them. Also, you want to make sure you're client is using the api.twitter.comdomain and not twitter.com. Hope that helps, Matt 1. http://dev.twitter.com/doc/get/friends/ids 2. http://dev.twitter.com/doc/get/followers/ids 3. http://dev.twitter.com/doc/get/users/lookup On Fri, Jun 11, 2010 at 3:46 AM, Rick rickstuivenb...@gmail.com wrote: I hope somebody could help me with my problem regarding the Twitter OAuth If I use $oauth-get('statuses/followers'); I get the first 100 followers. If I use $oauth-get('statuses/followers', array('cursor' = $cursor)); I have to use this code: ?php $cursor = -1; $followers = $oauth-get('statuses/followers', array('cursor' = $cursor)); $totaal = count($followers); while ($totaal 1) { for($x=0; $x$totaal; $x++) { if(preg_match(/^.date('D M d'). 0([3-9]{1}):([0-9]{2}):([0-9] {2}) \+([0-9]{4}) .date('Y')./,$followers[$x]-status-created_at) || $followers[$x]-protected) { } } $cursor++; $followers = $oauth-get('statuses/followers', array('cursor' = $cursor)); $totaal = count($followers); ? But that seems not to get working. And without the cursor idea, I get only the first 100 followers. Is there a easy solution for this? -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
Re: [twitter-dev] OAuth Base String generation
It kind of depends on how you tilt your head and look at it sometimes. One way of looking at it is that POST body elements already are URL-encoded (at least when we're talking about application/x-www-form-urlencoded type bodies). When you send a POST request, you already must URL encode the body. This algorithm begins from the assumption that you've already prepared your POST body. I'll try to make that distinction clearer. Taylor On Thu, Jun 10, 2010 at 7:31 PM, Malayil George georg...@gmail.com wrote: Hi, I've been trying to work through the OAuth steps presented at http://dev.twitter.com/pages/auth#signing-requests . The psuedo-code for base-string generation is given as httpMethod + + url_encode( base_uri ) + + sorted_query_params.each { | k, v | url_encode ( k ) + %3D + url_encode ( v ) }.join(%26) But, this doesn't seem to work with the params on the example. The example has baseString = POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Frequest_tokenoauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0 With the above algorithm, wouldn't the baseString end up as ...oauth_callback%3Dhttp%3A%2F%2Flocalhost...%26oauth_consumer_key%3D...? The %3A seems to be getting encoded somehow to %253A in the example. I have been able to get my result to match the example result by modifying the algorithm to be httpMethod + + url_encode( base_uri ) + + url_encode(sorted_query_params.each { | k, v | url_encode ( k ) + = + url_encode ( v ) }.join()) Reading the comments at http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/, it seems we should be doing a double url-encode? Is that right or am I missing something (and this workaround is just working in this example)? Regards George
Re: [twitter-dev] Problems with oauth request_token
First Leonardo, If that's your real consumer secret, you're going to want to go and regenerate your API keys *ASAP*. Looking at what you've sent along, it looks like you're pretty close to getting this right. Your timestamp is verbose as far as the OAuth standard is concerned -- it should be in seconds and not in milliseconds. Also ensure that your server time is in sync with Twitter's: we return our current server time in a header on every response. I notice you have your signature base string at the end of the email: is this being sent as a POST body or is it just in your email? It shouldn't be sent, if so. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles pite...@gmail.com wrote: Hello gentlemans, I'm working on a client twitter that uses HTTP proxy in Java. I struggling with the OAuth request_token that returns me HTTP 401 Unauthorized. Consumer key=3P1dah6urSdAo9voKDJDA twitterURL=[https://api.twitter.com/oauth/request_token] authorizationData=[OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=901dc12600ac1cdbc082d57d4aef7bfc, oauth_signature_method=HMAC-SHA1, oaut h_timestamp=1276235403668, oauth_version=1.0, oauth_signature=5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D] basedata=[POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] And it returns the error: errorStream=[Failed to validate oauth signature and token] In order to check what I'm sending, I create a HttpListener and redirected the api.twitter.com to localhost:8000 and here is the header. Any suggestion is very welcome. POST /oauth/request_token HTTP/1.1 Authorization: OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=2c449ca3c5a8637a8a9152d896c6d8bd, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276236145594, oauth_version=1.0, oauth_signature=y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D User-Agent: Java/1.6.0_20 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 266 POSThttp%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau th_version%3D1.0. Best regards, Leo Meirelles
[twitter-dev] List of users who have authorized my application with OAuth
I have a question about OAuth on twitter api. Suppose i have made an pplication in twitter and i used OAuth to authorize users. User Authorize their twitter accounts and give permissions to my app. Is there any way i can get the list of user who have authorize my application. Any pointers are appreciated. Thanks, Rahul
Re: [twitter-dev] Geo-caching Without Lat/Long
Hey Bryan, Status updates only accept lat/long or place_id. There isn't a way of providing plain text locations for these fields. If you wish to display a textual representation of where someone is on your app you would need to carry out a reverse geocode first. I don't know the method you are using to obtain the location but generally we see developers use the lat/long returned by the browser or device. One thing that might be useful to know is that we perform a reverse lookup on the lat/long when we display the tweet, converting it to some textual description like SoMa, San Francisco, or from here as appropriate. Hope that answers your question, Matt On Fri, Jun 11, 2010 at 6:41 AM, Bryan bryan.p...@gmail.com wrote: Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks. -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
Re: [twitter-dev] List of users who have authorized my application with OAuth
No there is not a way at to do at this time. If you're interested in those kind of pieces of information, you can track them yourself after consuming access tokens. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Fri, Jun 11, 2010 at 7:20 AM, Rahul rahul.jun...@gmail.com wrote: I have a question about OAuth on twitter api. Suppose i have made an pplication in twitter and i used OAuth to authorize users. User Authorize their twitter accounts and give permissions to my app. Is there any way i can get the list of user who have authorize my application. Any pointers are appreciated. Thanks, Rahul
Re: [twitter-dev] List of users who have authorized my application with OAuth
On Fri, 11 Jun 2010 07:20:12 -0700 (PDT) Rahul rahul.jun...@gmail.com wrote: I have a question about OAuth on twitter api. Suppose i have made an pplication in twitter and i used OAuth to authorize users. User Authorize their twitter accounts and give permissions to my app. Is there any way i can get the list of user who have authorize my application. Along the same lines: for my case, I don't particularly care about the identity of users, but it could be interesting to just know the number of users. -- Bernd Stramm bernd.str...@gmail.com
[twitter-dev] Re: List of users who have authorized my application with OAuth
Definitely, i can do that, but good to have this feature added to the library so that i don't have to make calls and stuff if creating some plugins for firefox etc. Thanks, Rahul On Jun 11, 10:27 am, Taylor Singletary taylorsinglet...@twitter.com wrote: No there is not a way at to do at this time. If you're interested in those kind of pieces of information, you can track them yourself after consuming access tokens. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Fri, Jun 11, 2010 at 7:20 AM, Rahul rahul.jun...@gmail.com wrote: I have a question about OAuth on twitter api. Suppose i have made an pplication in twitter and i used OAuth to authorize users. User Authorize their twitter accounts and give permissions to my app. Is there any way i can get the list of user who have authorize my application. Any pointers are appreciated. Thanks, Rahul
[twitter-dev] Re: Geo-caching Without Lat/Long
Matt-- Okay thanks for the reply. I'm building a news aggregator so the goal was to enter the location manually. Still, I'm having trouble with the geo-coding method. I'm using Abraham's php library and I do the following: $location = $connection-get('geo/reverse_geocode', array('lat' = '37.75' , 'long' = '122.68')); echo $connection-http_code; Which returns 404. $location-id is empty. Any thoughts as to what I'm doing wrong? On Jun 11, 9:21 am, Matt Harris thematthar...@twitter.com wrote: Hey Bryan, Status updates only accept lat/long or place_id. There isn't a way of providing plain text locations for these fields. If you wish to display a textual representation of where someone is on your app you would need to carry out a reverse geocode first. I don't know the method you are using to obtain the location but generally we see developers use the lat/long returned by the browser or device. One thing that might be useful to know is that we perform a reverse lookup on the lat/long when we display the tweet, converting it to some textual description like SoMa, San Francisco, or from here as appropriate. Hope that answers your question, Matt On Fri, Jun 11, 2010 at 6:41 AM, Bryan bryan.p...@gmail.com wrote: Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks. -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] [HELP!!!] Autologin using PHP + Oauth API
I'm making a PHP script that automatically logs in a given Twitter account. How I can do to make using the new API
Re: [twitter-dev] Re: Geo-caching Without Lat/Long
Hi Bryan The geo/reverse_geocode method only supports json so make sure you are using that and not XML. Also, the method doesn't require authorisation so there is no need to send the oauth tokens. Hope that helps, Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris On Jun 11, 2010, at 15:28, Bryan bryan.p...@gmail.com wrote: Matt-- Okay thanks for the reply. I'm building a news aggregator so the goal was to enter the location manually. Still, I'm having trouble with the geo-coding method. I'm using Abraham's php library and I do the following: $location = $connection-get('geo/reverse_geocode', array('lat' = '37.75' , 'long' = '122.68')); echo $connection-http_code; Which returns 404. $location-id is empty. Any thoughts as to what I'm doing wrong? On Jun 11, 9:21 am, Matt Harris thematthar...@twitter.com wrote: Hey Bryan, Status updates only accept lat/long or place_id. There isn't a way of providing plain text locations for these fields. If you wish to display a textual representation of where someone is on your app you would need to carry out a reverse geocode first. I don't know the method you are using to obtain the location but generally we see developers use the lat/long returned by the browser or device. One thing that might be useful to know is that we perform a reverse lookup on the lat/long when we display the tweet, converting it to some textual description like SoMa, San Francisco, or from here as appropriate. Hope that answers your question, Matt On Fri, Jun 11, 2010 at 6:41 AM, Bryan bryan.p...@gmail.com wrote: Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks. -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] Re: tco crawler details
My guess is that Twitter uses the Google SafeBrowsing API, in addition to other blacklist APIs. http://code.google.com/apis/safebrowsing/ Google SafeBrowsing is basically two databases, which you can host locally, and are constantly updated by Google. One database consists of potential phishing addresses and the other one contains potential malware addresses. You do lookups against these databases. You don't visit the actual destination site. The same applies to other blacklist databases. That's why there is no need to check for a tco user agent or IP address. Tco never visits or crawls your site. It simply redirects the user's browser to your site.
Re: [twitter-dev] [HELP!!!] Autologin using PHP + Oauth API
We don't provide a way to log a user into twitter.com through the API but you can, through OAuth, request permission to interact with a users account or perform actions on their behalf. What is it you need to log the user into Twitter for? Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris On Jun 11, 2010, at 16:54, lu5ceh ignacio.santo...@gmail.com wrote: I'm making a PHP script that automatically logs in a given Twitter account. How I can do to make using the new API
[twitter-dev] Re: Geo-caching Without Lat/Long
Ahh I see. Thank you. I hope you don't mind the barrage of questions but I have 2 more. For starters, max_results=1 doesn't appear to work. When I append it to any valid url, I get a 404 status return. Second, I'm having no luck with UTF encoding. I wish to encode my string to take advantage of the ellipsis (...) as a single character to save my precious 140. Now, when I use php's built in utf8_encode function as such: utf8_encode($title...$url);, only the url gets tweeted. I know I wrote ... here, but I used the ellipsis character in my php source. Also, the old documentation says that utf encoded tweets are escaped with two additional characters that DO take away from the 140 limit. The new documentation hints at the opposite. What's the verdict? Thanks Matt! On Jun 11, 10:56 am, Matt Harris mhar...@twitter.com wrote: Hi Bryan The geo/reverse_geocode method only supports json so make sure you are using that and not XML. Also, the method doesn't require authorisation so there is no need to send the oauth tokens. Hope that helps, Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris On Jun 11, 2010, at 15:28, Bryan bryan.p...@gmail.com wrote: Matt-- Okay thanks for the reply. I'm building a news aggregator so the goal was to enter the location manually. Still, I'm having trouble with the geo-coding method. I'm using Abraham's php library and I do the following: $location = $connection-get('geo/reverse_geocode', array('lat' = '37.75' , 'long' = '122.68')); echo $connection-http_code; Which returns 404. $location-id is empty. Any thoughts as to what I'm doing wrong? On Jun 11, 9:21 am, Matt Harris thematthar...@twitter.com wrote: Hey Bryan, Status updates only accept lat/long or place_id. There isn't a way of providing plain text locations for these fields. If you wish to display a textual representation of where someone is on your app you would need to carry out a reverse geocode first. I don't know the method you are using to obtain the location but generally we see developers use the lat/long returned by the browser or device. One thing that might be useful to know is that we perform a reverse lookup on the lat/long when we display the tweet, converting it to some textual description like SoMa, San Francisco, or from here as appropriate. Hope that answers your question, Matt On Fri, Jun 11, 2010 at 6:41 AM, Bryan bryan.p...@gmail.com wrote: Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks. -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] Re: What tools do you use?
I created http://JustUnfollow.com It's built on Java and hosted on the Google App Engine. Twitter4j is the twitter API for java that I make use of ( http://twitter4j.org ) -Nischal On Jun 11, 1:06 am, @IDisposable idisposa...@gmail.com wrote: Using: ASP.Net 3.5 with MVC 2.0 http://asp.net/mvc C# Microsoft SQL Server 2008 Twitter LinqToTwitterhttp://linqtotwitter.codeplex.com(thanks @JoeMayo) dotNetOAuth for oAuthhttp://code.google.com/p/dotnetoauth/(thanks @AArnott) Newtonsoft JSON.Net for JSONhttp://james.newtonking.com/projects/json-net.aspx ( Framework xUnit unit-text platformhttp://xunit.codeplex.com/(thanks @bradwilson) nInject dependency injectionhttp://ninject.org(thanks @nhokari) Log4Net for logginghttp://logging.apache.org/log4net/ MOQ for mockinghttp://code.google.com/p/moq/(thanks @kzu) Automapper for DTO to VM mappinghttp://automapper.codeplex.com/ (thanks @ehexter) UI jQuery for WebUI magichttp://jquery.com/ Link Scraping / MetaData HTML Agility Pack for metadatahttp://htmlagilitypack.codeplex.com/' Flickr REST API for photohttp://www.flickr.com/services/api/ OEmbed REST API for embeddinghttp://oembed.com/ TweetPhoto REST API for photohttp://tweetphotoapi.com/ TwitPic REST API for photohttp://twitpic.com/api.do YFrog REST API for photo/videohttp://code.google.com/p/imageshackapi/ Vimeo REST API for videohttp://www.vimeo.com/api Google DATA API for YouTube metadatahttp://code.google.com/apis/gdata/ (inhouse tons of special logic for frame-busting, etc) Link Canonicalization Bit.Ly REST APIhttp://code.google.com/p/bitly-api/wiki/ApiDocumentation Digg REST APIhttp://apidoc.digg.com/ IS.GD REST APIhttp://is.gd/api_info.php Owl.Ly REST APIhttp://ow.ly/url/shorten-url(apply at bottom) Snurl/SnipUrl REST APIhttp://snipurl.com/site/help?go=api Twurl .NL/.CC Tweetburner REST APIhttp://tweetburner.com/api StumbleUpon SU.PR REST [good luck, sorry] Untiny.Me REST API for [all others]http://untiny.me/api/(thanks @alzaid @untiny) Marc Brooks Hack Prime @Infuzhttp://infuz.comhttp://stltweets.comhttp://buzzradius.comhttp://musingmarc.blogspot.com
[twitter-dev] oAuth and Direct Message
I am having trouble sending a direct message with: http://api.twitter.com/1/direct_messages/new.xml I have been able to successfully post status updates with my code using oAuth. I have a java based custom application that is working fine for these updates. When trying to post a direct message I get 402 errors with incorrect signature. Basically I am using the same signature generation as update except I replace status with text and add user at the bottom of signature generation. Just like the oAuth example page on twitter. Then I pass the two parameters in the request body. I also tried moving everything to url parameters but got the same error. Is there anything special about parameters for direct message when using oAuth? Does it sound like I am doing this correctly with my post/body method? Thanks, ...Dave
Re: [twitter-dev] Re: Geo-caching Without Lat/Long
The lat/long you are passing to the API are in the Yellow Sea so Twitter is 404ing as it does not have any places near there. http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b260053e31ce25c46a87d56ced51f8583b43 Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 07:28, Bryan bryan.p...@gmail.com wrote: Matt-- Okay thanks for the reply. I'm building a news aggregator so the goal was to enter the location manually. Still, I'm having trouble with the geo-coding method. I'm using Abraham's php library and I do the following: $location = $connection-get('geo/reverse_geocode', array('lat' = '37.75' , 'long' = '122.68')); echo $connection-http_code; Which returns 404. $location-id is empty. Any thoughts as to what I'm doing wrong? On Jun 11, 9:21 am, Matt Harris thematthar...@twitter.com wrote: Hey Bryan, Status updates only accept lat/long or place_id. There isn't a way of providing plain text locations for these fields. If you wish to display a textual representation of where someone is on your app you would need to carry out a reverse geocode first. I don't know the method you are using to obtain the location but generally we see developers use the lat/long returned by the browser or device. One thing that might be useful to know is that we perform a reverse lookup on the lat/long when we display the tweet, converting it to some textual description like SoMa, San Francisco, or from here as appropriate. Hope that answers your question, Matt On Fri, Jun 11, 2010 at 6:41 AM, Bryan bryan.p...@gmail.com wrote: Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks. -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] Re: Geo-caching Without Lat/Long
Hey Abraham. The above example is dated. My point is appending max_result=1 onto any verified result results in a 404: http://hurl.it/hurls/08a6b684b494cab6138754d7b7470d9895968d59/88bbdc8743d17b7f3feb78094aba93098c592240 is okay, but with max_results=1: http://hurl.it/hurls/df8773b96e453cfd5426123c3ba4354fc2d96769/6d952eaf331c0ecac3d8ec7d7fc9dc76d18e62d6 returns a 404 Thanks for the link; that's a very useful tool! On Jun 11, 11:40 am, Abraham Williams 4bra...@gmail.com wrote: The lat/long you are passing to the API are in the Yellow Sea so Twitter is 404ing as it does not have any places near there. http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b26... Abraham - Abraham Williams | Hacker Advocate |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 07:28, Bryan bryan.p...@gmail.com wrote: Matt-- Okay thanks for the reply. I'm building a news aggregator so the goal was to enter the location manually. Still, I'm having trouble with the geo-coding method. I'm using Abraham's php library and I do the following: $location = $connection-get('geo/reverse_geocode', array('lat' = '37.75' , 'long' = '122.68')); echo $connection-http_code; Which returns 404. $location-id is empty. Any thoughts as to what I'm doing wrong? On Jun 11, 9:21 am, Matt Harris thematthar...@twitter.com wrote: Hey Bryan, Status updates only accept lat/long or place_id. There isn't a way of providing plain text locations for these fields. If you wish to display a textual representation of where someone is on your app you would need to carry out a reverse geocode first. I don't know the method you are using to obtain the location but generally we see developers use the lat/long returned by the browser or device. One thing that might be useful to know is that we perform a reverse lookup on the lat/long when we display the tweet, converting it to some textual description like SoMa, San Francisco, or from here as appropriate. Hope that answers your question, Matt On Fri, Jun 11, 2010 at 6:41 AM, Bryan bryan.p...@gmail.com wrote: Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks. -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] What happens on July 1?
I have two apps on the App Store that had been implemented using Basic Auth, and I'm naturally updating them to make use of OAuth. I've submitted an update for one, but it's still waiting for review; the other I hope to submit in the next few days. Here's the question: If those updates don't get approved before the OAuth deadline, what happens? Do the Basic Auth versions completely stop working for the users that currently have them installed? Will calls authenticated with Basic Auth throw a certain error code? Will there be some sort of grace period? Especially with the iPhone 4 launch later this month, I'm worried that queue times for approval may be an issue, and I haven't seen any solid word on what happens when Basic Auth becomes unsupported. Thanks!
Re: [twitter-dev] Re: Geo-caching Without Lat/Long
Interestingly max_resuls=2 works: http://hurl.it/hurls/6521ca0d04a03b5c340682f275d8d013834b8518/8020ff7c547eab6c510b5f368375e8b01c1684b7 Might as well file a bug report: http://code.google.com/p/twitter-api/issues/list Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 09:48, Bryan bryan.p...@gmail.com wrote: Hey Abraham. The above example is dated. My point is appending max_result=1 onto any verified result results in a 404: http://hurl.it/hurls/08a6b684b494cab6138754d7b7470d9895968d59/88bbdc8743d17b7f3feb78094aba93098c592240 is okay, but with max_results=1: http://hurl.it/hurls/df8773b96e453cfd5426123c3ba4354fc2d96769/6d952eaf331c0ecac3d8ec7d7fc9dc76d18e62d6 returns a 404 Thanks for the link; that's a very useful tool! On Jun 11, 11:40 am, Abraham Williams 4bra...@gmail.com wrote: The lat/long you are passing to the API are in the Yellow Sea so Twitter is 404ing as it does not have any places near there. http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b26... Abraham - Abraham Williams | Hacker Advocate |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 07:28, Bryan bryan.p...@gmail.com wrote: Matt-- Okay thanks for the reply. I'm building a news aggregator so the goal was to enter the location manually. Still, I'm having trouble with the geo-coding method. I'm using Abraham's php library and I do the following: $location = $connection-get('geo/reverse_geocode', array('lat' = '37.75' , 'long' = '122.68')); echo $connection-http_code; Which returns 404. $location-id is empty. Any thoughts as to what I'm doing wrong? On Jun 11, 9:21 am, Matt Harris thematthar...@twitter.com wrote: Hey Bryan, Status updates only accept lat/long or place_id. There isn't a way of providing plain text locations for these fields. If you wish to display a textual representation of where someone is on your app you would need to carry out a reverse geocode first. I don't know the method you are using to obtain the location but generally we see developers use the lat/long returned by the browser or device. One thing that might be useful to know is that we perform a reverse lookup on the lat/long when we display the tweet, converting it to some textual description like SoMa, San Francisco, or from here as appropriate. Hope that answers your question, Matt On Fri, Jun 11, 2010 at 6:41 AM, Bryan bryan.p...@gmail.com wrote: Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks. -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] Re: Geo-caching Without Lat/Long
Done. Any suggestions for the UTF encoding? On Jun 11, 11:57 am, Abraham Williams 4bra...@gmail.com wrote: Interestingly max_resuls=2 works:http://hurl.it/hurls/6521ca0d04a03b5c340682f275d8d013834b8518/8020ff7... Might as well file a bug report:http://code.google.com/p/twitter-api/issues/list Abraham - Abraham Williams | Hacker Advocate |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 09:48, Bryan bryan.p...@gmail.com wrote: Hey Abraham. The above example is dated. My point is appending max_result=1 onto any verified result results in a 404: http://hurl.it/hurls/08a6b684b494cab6138754d7b7470d9895968d59/88bbdc8... is okay, but with max_results=1: http://hurl.it/hurls/df8773b96e453cfd5426123c3ba4354fc2d96769/6d952ea... returns a 404 Thanks for the link; that's a very useful tool! On Jun 11, 11:40 am, Abraham Williams 4bra...@gmail.com wrote: The lat/long you are passing to the API are in the Yellow Sea so Twitter is 404ing as it does not have any places near there. http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b26... Abraham - Abraham Williams | Hacker Advocate |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 07:28, Bryan bryan.p...@gmail.com wrote: Matt-- Okay thanks for the reply. I'm building a news aggregator so the goal was to enter the location manually. Still, I'm having trouble with the geo-coding method. I'm using Abraham's php library and I do the following: $location = $connection-get('geo/reverse_geocode', array('lat' = '37.75' , 'long' = '122.68')); echo $connection-http_code; Which returns 404. $location-id is empty. Any thoughts as to what I'm doing wrong? On Jun 11, 9:21 am, Matt Harris thematthar...@twitter.com wrote: Hey Bryan, Status updates only accept lat/long or place_id. There isn't a way of providing plain text locations for these fields. If you wish to display a textual representation of where someone is on your app you would need to carry out a reverse geocode first. I don't know the method you are using to obtain the location but generally we see developers use the lat/long returned by the browser or device. One thing that might be useful to know is that we perform a reverse lookup on the lat/long when we display the tweet, converting it to some textual description like SoMa, San Francisco, or from here as appropriate. Hope that answers your question, Matt On Fri, Jun 11, 2010 at 6:41 AM, Bryan bryan.p...@gmail.com wrote: Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks. -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
Re: [twitter-dev] OAuth Base String generation
Thanks for the clarification Taylor George On Fri, Jun 11, 2010 at 10:14 AM, Taylor Singletary taylorsinglet...@twitter.com wrote: It kind of depends on how you tilt your head and look at it sometimes. One way of looking at it is that POST body elements already are URL-encoded (at least when we're talking about application/x-www-form-urlencoded type bodies). When you send a POST request, you already must URL encode the body. This algorithm begins from the assumption that you've already prepared your POST body. I'll try to make that distinction clearer. Taylor On Thu, Jun 10, 2010 at 7:31 PM, Malayil George georg...@gmail.comwrote: Hi, I've been trying to work through the OAuth steps presented at http://dev.twitter.com/pages/auth#signing-requests . The psuedo-code for base-string generation is given as httpMethod + + url_encode( base_uri ) + + sorted_query_params.each { | k, v | url_encode ( k ) + %3D + url_encode ( v ) }.join(%26) But, this doesn't seem to work with the params on the example. The example has baseString = POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Frequest_tokenoauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0 With the above algorithm, wouldn't the baseString end up as ...oauth_callback%3Dhttp%3A%2F%2Flocalhost...%26oauth_consumer_key%3D...? The %3A seems to be getting encoded somehow to %253A in the example. I have been able to get my result to match the example result by modifying the algorithm to be httpMethod + + url_encode( base_uri ) + + url_encode(sorted_query_params.each { | k, v | url_encode ( k ) + = + url_encode ( v ) }.join()) Reading the comments at http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/, it seems we should be doing a double url-encode? Is that right or am I missing something (and this workaround is just working in this example)? Regards George
[twitter-dev] Twitter People Search 2010
I've seen the same topic already, but I am just wondering if there's been any update http://groups.google.com/group/twitter-development-talk/browse_thread/thread/1a0b346ddd1a77b9/e6fd311e04558e08?lnk=gstq=people+search#e6fd311e04558e08 We are looking to integrate Twitter Profile results on our People Search site and would like to know if this is currently possible. We would basically pass a name and expect to get results mathing user name or full name for users. It seems supported by the user/search method : http://dev.twitter.com/doc/get/users/search I am just wondering why the previous thread creator was reply that it was not supported. I understand the method requires authentification and would like to know if our client could be authentified and make the query on the user behalf, so this way he would not have to authentify himself to perform a search.
Re: [twitter-dev] Problems with oauth request_token
Yes, I will generate a new pair of keys (I was aware of it when I put it on the email), thanks for the reminder. So far I'm the only real user. You help is really appreciate, I did two mistakes (well pointed out - in case someone else fall in the same problem): timestamp in millis instead of seconds and POST body (I was really send the post data). Thanks a lot Taylor! On Fri, Jun 11, 2010 at 10:19 AM, Taylor Singletary taylorsinglet...@twitter.com wrote: First Leonardo, If that's your real consumer secret, you're going to want to go and regenerate your API keys *ASAP*. Looking at what you've sent along, it looks like you're pretty close to getting this right. Your timestamp is verbose as far as the OAuth standard is concerned -- it should be in seconds and not in milliseconds. Also ensure that your server time is in sync with Twitter's: we return our current server time in a header on every response. I notice you have your signature base string at the end of the email: is this being sent as a POST body or is it just in your email? It shouldn't be sent, if so. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles pite...@gmail.com wrote: Hello gentlemans, I'm working on a client twitter that uses HTTP proxy in Java. I struggling with the OAuth request_token that returns me HTTP 401 Unauthorized. Consumer key=3P1dah6urSdAo9voKDJDA twitterURL=[https://api.twitter.com/oauth/request_token] authorizationData=[OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=901dc12600ac1cdbc082d57d4aef7bfc, oauth_signature_method=HMAC-SHA1, oaut h_timestamp=1276235403668, oauth_version=1.0, oauth_signature=5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D] basedata=[POSThttps%3A%2F%2Fapi.twitter.com %2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0] And it returns the error: errorStream=[Failed to validate oauth signature and token] In order to check what I'm sending, I create a HttpListener and redirected the api.twitter.com to localhost:8000 and here is the header. Any suggestion is very welcome. POST /oauth/request_token HTTP/1.1 Authorization: OAuth realm=api.twitter.com, oauth_callback=oob, oauth_consumer_key=3P1dah6urSdAo9voKDJDA, oauth_nonce=2c449ca3c5a8637a8a9152d896c6d8bd, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276236145594, oauth_version=1.0, oauth_signature=y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D User-Agent: Java/1.6.0_20 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 266 POSThttp%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_tokenoauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau th_version%3D1.0. Best regards, Leo Meirelles -- Do you know the difference between look something amazing and touch it? Think about Jennifer Aniston... (K.V.)
Re: [twitter-dev] Twitter People Search 2010
The thread is old and from before the API method was available. Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 10:15 AM, PhilGo20 gauvin.phili...@gmail.comwrote: I've seen the same topic already, but I am just wondering if there's been any update http://groups.google.com/group/twitter-development-talk/browse_thread/thread/1a0b346ddd1a77b9/e6fd311e04558e08?lnk=gstq=people+search#e6fd311e04558e08 We are looking to integrate Twitter Profile results on our People Search site and would like to know if this is currently possible. We would basically pass a name and expect to get results mathing user name or full name for users. It seems supported by the user/search method : http://dev.twitter.com/doc/get/users/search I am just wondering why the previous thread creator was reply that it was not supported. I understand the method requires authentification and would like to know if our client could be authentified and make the query on the user behalf, so this way he would not have to authentify himself to perform a search.
[twitter-dev] Re: [HELP!!!] Autologin using PHP + Oauth API
I'm doing an application that tracks statuses / home_timeline of users who follow a particular account. The idea would be a PHP script to access that account and get these tweets I USING THAT LIBRARY: http://github.com/abraham/twitteroauth On 11 jun, 13:14, Matt Harris mhar...@twitter.com wrote: We don't provide a way to log a user into twitter.com through the API but you can, through OAuth, request permission to interact with a users account or perform actions on their behalf. What is it you need to log the user into Twitter for? Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris On Jun 11, 2010, at 16:54, lu5ceh ignacio.santo...@gmail.com wrote: I'm making a PHP script that automatically logs in a given Twitter account. How I can do to make using the new API
[twitter-dev] Re: Twitter People Search 2010
Should I undeerstand that what we are trying to achieve is possible with current methods ? On 11 juin, 14:17, Abraham Williams 4bra...@gmail.com wrote: The thread is old and from before the API method was available. Abraham - Abraham Williams | Hacker Advocate |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 10:15 AM, PhilGo20 gauvin.phili...@gmail.comwrote: I've seen the same topic already, but I am just wondering if there's been any update http://groups.google.com/group/twitter-development-talk/browse_thread... We are looking to integrate Twitter Profile results on our People Search site and would like to know if this is currently possible. We would basically pass a name and expect to get results mathing user name or full name for users. It seems supported by the user/search method : http://dev.twitter.com/doc/get/users/search I am just wondering why the previous thread creator was reply that it was not supported. I understand the method requires authentification and would like to know if our client could be authentified and make the query on the user behalf, so this way he would not have to authentify himself to perform a search.
[twitter-dev] tweet source shows 'Via API' for oAuth app???
One of the users of my app has complained that he can see his tweets in my app but cannot post the tweets. The tweets are shown blank and the source as 'via API' in the web. He confirmed that they were not posted from any Basic Auth app (he changed his password and tried my app)and his connections (settings-connection from web) shows my app as the only app he has authorized and it has 'read only access ' . I checked this with a different account which had earlier granted 'read and write' access to my app . i revoked the access and tried to use my oAuth app. Surprisingly twitter oauth login page displayed my app asking for read access (not 'read and update'). I then verified my app's settings in dev.twitter.console and surprised to see that 'read only' option is set. I Changed this to 'read and write' and after that it seemed to work correctly. I have two questions 1) why was my app's setting changed to 'read only' 2) Is it possible (by mistake) that the source parameter for an oAuth app change to' viaAPI' ? Thanks in advance Srikanth
Re: [twitter-dev] Re: Twitter People Search 2010
GET /users/search returns profile search results based on names, screen_names, bios, etc so yes. You can use a single account to authenticate but you might run into rate limit issues. To avoid that you can have your users authenticate using OAuth to do the searches. Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 11:42 AM, PhilGo20 gauvin.phili...@gmail.comwrote: Should I undeerstand that what we are trying to achieve is possible with current methods ? On 11 juin, 14:17, Abraham Williams 4bra...@gmail.com wrote: The thread is old and from before the API method was available. Abraham - Abraham Williams | Hacker Advocate |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 10:15 AM, PhilGo20 gauvin.phili...@gmail.com wrote: I've seen the same topic already, but I am just wondering if there's been any update http://groups.google.com/group/twitter-development-talk/browse_thread. .. We are looking to integrate Twitter Profile results on our People Search site and would like to know if this is currently possible. We would basically pass a name and expect to get results mathing user name or full name for users. It seems supported by the user/search method : http://dev.twitter.com/doc/get/users/search I am just wondering why the previous thread creator was reply that it was not supported. I understand the method requires authentification and would like to know if our client could be authentified and make the query on the user behalf, so this way he would not have to authentify himself to perform a search.
[twitter-dev] Twitter Dictionary
Perhaps not entirely on topic, but this seems like the best place to ask: Where do the dictionary definitions on http://twitter.com/home come from - often defining an app and what it's used for? Examples: Twitter·for·iPhone n. a new official Twitter app for your iPhone. World·Cup n. The largest sporting event in the world. tweetbeat·World·Cup n. a place to follow World Cup tweets.
Re: [twitter-dev] tweet source shows 'Via API' for oAuth app???
On Sat, Jun 12, 2010 at 12:30 AM, srikanth reddy srikanth.yara...@gmail.com wrote: I then verified my app's settings in dev.twitter.console and surprised to see that 'read only' option is set. I Changed this to 'read and write' and after that it seemed to work correctly. Possibly related to this: http://www.mail-archive.com/twitter-development-talk@googlegroups.com/msg21543.html -- Harshad RJ http://hrj.wikidot.com
[twitter-dev] Re: OAuth statuses/followers
Hi Matt, Thanks for your answer. I will use the refers in my script. On the other hand, I got no solution for the cursor problem I currently have, is there a solution for? - Rick On 11 jun, 16:06, Matt Harris thematthar...@twitter.com wrote: Hi Rick, Depending on what you are trying to obtain we recommend using the friends/ids [1] and followers/ids [2] methods in combination with the user/lookup [3] if you need more information about them. Also, you want to make sure you're client is using the api.twitter.comdomain and not twitter.com. Hope that helps, Matt 1.http://dev.twitter.com/doc/get/friends/ids 2.http://dev.twitter.com/doc/get/followers/ids 3.http://dev.twitter.com/doc/get/users/lookup On Fri, Jun 11, 2010 at 3:46 AM, Rick rickstuivenb...@gmail.com wrote: I hope somebody could help me with my problem regarding the Twitter OAuth If I use $oauth-get('statuses/followers'); I get the first 100 followers. If I use $oauth-get('statuses/followers', array('cursor' = $cursor)); I have to use this code: ?php $cursor = -1; $followers = $oauth-get('statuses/followers', array('cursor' = $cursor)); $totaal = count($followers); while ($totaal 1) { for($x=0; $x$totaal; $x++) { if(preg_match(/^.date('D M d'). 0([3-9]{1}):([0-9]{2}):([0-9] {2}) \+([0-9]{4}) .date('Y')./,$followers[$x]-status-created_at) || $followers[$x]-protected) { } } $cursor++; $followers = $oauth-get('statuses/followers', array('cursor' = $cursor)); $totaal = count($followers); ? But that seems not to get working. And without the cursor idea, I get only the first 100 followers. Is there a easy solution for this? -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] oauth status update returning error 401 invalid / used nonce
Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken %26oauth_version%3D1.0%26status%3Dmy%2520tweet Authorization header: OAuth oauth_nonce=397vi5Ug1YHC3UAVUAoB, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276292596, oauth_consumer_key=myconsumerkey, oauth_token=mytoken, oauth_signature=yOh2zQPGDBlVEP5cDWhjddQWTLc%3D, oauth_version=1.0 Content-Type: [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; I can see no reason why this shouldn't work. Any help would be greatly appreciated! Thanks, Craig
Re: [twitter-dev] oauth status update returning error 401 invalid / used nonce
We have a few (difficult to pin down) edge cases where we throw a bad nonce error in an otherwise legit scenario -- often while we are under heavy amounts of load. Is this error consistent for you no matter what nonce you use? Do you know if your timestamp is aligned with the time indicated in an HTTP header of our response to your requests? While others have found complicated nonce values cause issues, your nonce seems relatively tame in comparison to those who ran into those issues. Just the same, I'd recommend you try a different nonce generation scheme, perhaps one with an eye for simplicity. Otherwise, your request seems structurally correct. What does your POST body for this request look like? Do you receive the same error when you replace your %20 space character in your POST body with plus? Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Fri, Jun 11, 2010 at 2:48 PM, Craig chanson9...@gmail.com wrote: Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken %26oauth_version%3D1.0%26status%3Dmy%2520tweet Authorization header: OAuth oauth_nonce=397vi5Ug1YHC3UAVUAoB, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276292596, oauth_consumer_key=myconsumerkey, oauth_token=mytoken, oauth_signature=yOh2zQPGDBlVEP5cDWhjddQWTLc%3D, oauth_version=1.0 Content-Type: [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; I can see no reason why this shouldn't work. Any help would be greatly appreciated! Thanks, Craig
[twitter-dev] Re: Geo-caching Without Lat/Long
We've built a free tool with similar capabilities but including OAuth authentication and contextual links to the full Twitter API, and no login required in order to save API calls. You can see the same lat/long query here: http://app.apigee.com/console/5ffbfabd-04c0-4802-a71d-542c23a1ec0e/rendersnapshotview Hope this is helpful - we are seeking feedback on the tool if you have any. Thanks, Sam On Jun 11, 9:48 am, Bryan bryan.p...@gmail.com wrote: Hey Abraham. The above example is dated. My point is appending max_result=1 onto any verified result results in a 404: http://hurl.it/hurls/08a6b684b494cab6138754d7b7470d9895968d59/88bbdc8... is okay, but with max_results=1: http://hurl.it/hurls/df8773b96e453cfd5426123c3ba4354fc2d96769/6d952ea... returns a 404 Thanks for the link; that's a very useful tool! On Jun 11, 11:40 am, Abraham Williams 4bra...@gmail.com wrote: The lat/long you are passing to the API are in the Yellow Sea so Twitter is 404ing as it does not have any places near there. http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b26... Abraham - Abraham Williams | Hacker Advocate |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 07:28, Bryan bryan.p...@gmail.com wrote: Matt-- Okay thanks for the reply. I'm building a news aggregator so the goal was to enter the location manually. Still, I'm having trouble with the geo-coding method. I'm using Abraham's php library and I do the following: $location = $connection-get('geo/reverse_geocode', array('lat' = '37.75' , 'long' = '122.68')); echo $connection-http_code; Which returns 404. $location-id is empty. Any thoughts as to what I'm doing wrong? On Jun 11, 9:21 am, Matt Harris thematthar...@twitter.com wrote: Hey Bryan, Status updates only accept lat/long or place_id. There isn't a way of providing plain text locations for these fields. If you wish to display a textual representation of where someone is on your app you would need to carry out a reverse geocode first. I don't know the method you are using to obtain the location but generally we see developers use the lat/long returned by the browser or device. One thing that might be useful to know is that we perform a reverse lookup on the lat/long when we display the tweet, converting it to some textual description like SoMa, San Francisco, or from here as appropriate. Hope that answers your question, Matt On Fri, Jun 11, 2010 at 6:41 AM, Bryan bryan.p...@gmail.com wrote: Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks. -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] Coming soon: a solution for Open Source applications using OAuth with the Twitter API
Hi Developers, As has been discussed on the list recently, OAuth and Open Source applications are a difficult combination because token secrets shouldn't be embedded in widely distributed code. We're pleased to announce that we've devised a solution to this problem. Next week, we plan to release a new extension to the Twitter API that will allow Open Source applications to obtain OAuth consumer keys and secrets for their users, without having to distribute an application secret. Approved Open Source client applications will have an easy to implement ability, through dev.twitter.com, to generate new client tokens secrets to be used specifically for each new instance of the application. While completing the process does require the end-user to complete a few extra operations, we think this is a good compromise. The source tag on tweets published by the child applications generated with this approach will be a variation on the originating application's name. For examples, if the name of the parent application was AdventureTweet and the user's screen name was @zork, then the child application's name would be AdventureTweet (zork). The work flow for these applications will be something like this: 1. You store your API Consumer Key in your application distribution (but never your secret!). 2. A user downloads/installs/checks out your open source application and runs it for the first time 3. Your application builds a URL to our key exchange endpoint, using your consumer key. Example: http://dev.twitter.com/apps/key_exchange?oauth_consumer_key=abcdefghijklmnopqrstuvwxyz 4. You send the user to that URL in whatever way makes sense in your environment. 5. That user will have to login using their Twitter credentials (if they aren't already), and then approve your application's request to replicate itself on the user's behalf. 6. The approval will require that the user agrees to our terms of service, as this process results in them having control of their own application 7. The user is presented with a string that they are asked to paste into your application. The string will contain ah API key and secret, in addition to an access token and token secret for the member: everything that's needed to get the user up and running in your application. 8. The user pastes the string into your application, which then consumes and stores it to begin performing API calls using OAuth. The string containing the keys will be x-www-form-urlencoded. To keep the string brief, it will contain abbreviated key names. An example: ck=KIyzzZUM7KvKYOpnst2aOwcs=4PQk1eH4MadmzzEZ1G1KdrWHIFC1IPxv1kXZg0G3Eat=542212-utEhFTv5GZZcc2R4w6thnApKtf1N1eKRedcFJthdeAats=FFdeOEwxOBWPPREd55dKx7AAaI8NfpK7xnibv4Yls Where: ck - consumer key, cs - consumer secret, at - access token, ats - access token secret This kind of key requisition service is new to the Twitter ecosystem, and we're going to be closely monitoring it for abuse. Once we announce its availability, we'll begin taking requests for Open Source applications that would like to offer the feature in their application. We're excited to offer this solution to the open source community. Thanks everyone! Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce
Thanks for your quick reply! This error occurs consistently no matter what nonce I'm using. My timestamp appears to be aligned with the time from your response. I also tried a different nonce scheme and that didn't seem to work either. Here is my post body: status=My%20Tweet I just attempted to use a + instead of the %20 but that did not work. I'm at a loss as to what it could be. Maybe I'll try yet one more nonce scheme? Is the any scheme in particular that you have found to work? Thanks! Craig On Jun 11, 5:56 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: We have a few (difficult to pin down) edge cases where we throw a bad nonce error in an otherwise legit scenario -- often while we are under heavy amounts of load. Is this error consistent for you no matter what nonce you use? Do you know if your timestamp is aligned with the time indicated in an HTTP header of our response to your requests? While others have found complicated nonce values cause issues, your nonce seems relatively tame in comparison to those who ran into those issues. Just the same, I'd recommend you try a different nonce generation scheme, perhaps one with an eye for simplicity. Otherwise, your request seems structurally correct. What does your POST body for this request look like? Do you receive the same error when you replace your %20 space character in your POST body with plus? Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Fri, Jun 11, 2010 at 2:48 PM, Craig chanson9...@gmail.com wrote: Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken %26oauth_version%3D1.0%26status%3Dmy%2520tweet Authorization header: OAuth oauth_nonce=397vi5Ug1YHC3UAVUAoB, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276292596, oauth_consumer_key=myconsumerkey, oauth_token=mytoken, oauth_signature=yOh2zQPGDBlVEP5cDWhjddQWTLc%3D, oauth_version=1.0 Content-Type: [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; I can see no reason why this shouldn't work. Any help would be greatly appreciated! Thanks, Craig
Re: [twitter-dev] oauth status update returning error 401 invalid / used nonce
Based on another bug I've seen come up but have been unable to track consistently, can you try creating a new application and doing the oauth dance and then trying to make the status update again using the new keys and the new access tokens? Thanks! On Friday, June 11, 2010, Craig chanson9...@gmail.com wrote: Thanks for your quick reply! This error occurs consistently no matter what nonce I'm using. My timestamp appears to be aligned with the time from your response. I also tried a different nonce scheme and that didn't seem to work either. Here is my post body: status=My%20Tweet I just attempted to use a + instead of the %20 but that did not work. I'm at a loss as to what it could be. Maybe I'll try yet one more nonce scheme? Is the any scheme in particular that you have found to work? Thanks! Craig On Jun 11, 5:56 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: We have a few (difficult to pin down) edge cases where we throw a bad nonce error in an otherwise legit scenario -- often while we are under heavy amounts of load. Is this error consistent for you no matter what nonce you use? Do you know if your timestamp is aligned with the time indicated in an HTTP header of our response to your requests? While others have found complicated nonce values cause issues, your nonce seems relatively tame in comparison to those who ran into those issues. Just the same, I'd recommend you try a different nonce generation scheme, perhaps one with an eye for simplicity. Otherwise, your request seems structurally correct. What does your POST body for this request look like? Do you receive the same error when you replace your %20 space character in your POST body with plus? Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Fri, Jun 11, 2010 at 2:48 PM, Craig chanson9...@gmail.com wrote: Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken %26oauth_version%3D1.0%26status%3Dmy%2520tweet Authorization header: OAuth oauth_nonce=397vi5Ug1YHC3UAVUAoB, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276292596, oauth_consumer_key=myconsumerkey, oauth_token=mytoken, oauth_signature=yOh2zQPGDBlVEP5cDWhjddQWTLc%3D, oauth_version=1.0 Content-Type: [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; I can see no reason why this shouldn't work. Any help would be greatly appreciated! Thanks, Craig -- Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
[twitter-dev] Re: Coming soon: a solution for Open Source applications using OAuth with the Twitter API
Interesting idea. On Jun 11, 6:56 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Developers, As has been discussed on the list recently, OAuth and Open Source applications are a difficult combination because token secrets shouldn't be embedded in widely distributed code. We're pleased to announce that we've devised a solution to this problem. Next week, we plan to release a new extension to the Twitter API that will allow Open Source applications to obtain OAuth consumer keys and secrets for their users, without having to distribute an application secret. Approved Open Source client applications will have an easy to implement ability, through dev.twitter.com, to generate new client tokens secrets to be used specifically for each new instance of the application. While completing the process does require the end-user to complete a few extra operations, we think this is a good compromise. The source tag on tweets published by the child applications generated with this approach will be a variation on the originating application's name. For examples, if the name of the parent application was AdventureTweet and the user's screen name was @zork, then the child application's name would be AdventureTweet (zork). The work flow for these applications will be something like this: 1. You store your API Consumer Key in your application distribution (but never your secret!). 2. A user downloads/installs/checks out your open source application and runs it for the first time 3. Your application builds a URL to our key exchange endpoint, using your consumer key. Example:http://dev.twitter.com/apps/key_exchange?oauth_consumer_key=abcdefghi... 4. You send the user to that URL in whatever way makes sense in your environment. 5. That user will have to login using their Twitter credentials (if they aren't already), and then approve your application's request to replicate itself on the user's behalf. 6. The approval will require that the user agrees to our terms of service, as this process results in them having control of their own application 7. The user is presented with a string that they are asked to paste into your application. The string will contain ah API key and secret, in addition to an access token and token secret for the member: everything that's needed to get the user up and running in your application. 8. The user pastes the string into your application, which then consumes and stores it to begin performing API calls using OAuth. The string containing the keys will be x-www-form-urlencoded. To keep the string brief, it will contain abbreviated key names. An example: ck=KIyzzZUM7KvKYOpnst2aOwcs=4PQk1eH4MadmzzEZ1G1KdrWHIFC1IPxv1kXZg0G3Eat=542212-utEhFTv5GZZcc2R4w6thnApKtf1N1eKRedcFJthdeAats=FFdeOEwxOBWPPREd55dKx7AAaI8NfpK7xnibv4Yls Where: ck - consumer key, cs - consumer secret, at - access token, ats - access token secret This kind of key requisition service is new to the Twitter ecosystem, and we're going to be closely monitoring it for abuse. Once we announce its availability, we'll begin taking requests for Open Source applications that would like to offer the feature in their application. We're excited to offer this solution to the open source community. Thanks everyone! Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod
[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce
Sure I can do that, althought I'll have to get approved for xAuth on that application as well. Will I have to request xAuth again? Thanks, Craig On Jun 11, 8:10 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Based on another bug I've seen come up but have been unable to track consistently, can you try creating a new application and doing the oauth dance and then trying to make the status update again using the new keys and the new access tokens? Thanks! On Friday, June 11, 2010, Craig chanson9...@gmail.com wrote: Thanks for your quick reply! This error occurs consistently no matter what nonce I'm using. My timestamp appears to be aligned with the time from your response. I also tried a different nonce scheme and that didn't seem to work either. Here is my post body: status=My%20Tweet I just attempted to use a + instead of the %20 but that did not work. I'm at a loss as to what it could be. Maybe I'll try yet one more nonce scheme? Is the any scheme in particular that you have found to work? Thanks! Craig On Jun 11, 5:56 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: We have a few (difficult to pin down) edge cases where we throw a bad nonce error in an otherwise legit scenario -- often while we are under heavy amounts of load. Is this error consistent for you no matter what nonce you use? Do you know if your timestamp is aligned with the time indicated in an HTTP header of our response to your requests? While others have found complicated nonce values cause issues, your nonce seems relatively tame in comparison to those who ran into those issues. Just the same, I'd recommend you try a different nonce generation scheme, perhaps one with an eye for simplicity. Otherwise, your request seems structurally correct. What does your POST body for this request look like? Do you receive the same error when you replace your %20 space character in your POST body with plus? Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Fri, Jun 11, 2010 at 2:48 PM, Craig chanson9...@gmail.com wrote: Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken %26oauth_version%3D1.0%26status%3Dmy%2520tweet Authorization header: OAuth oauth_nonce=397vi5Ug1YHC3UAVUAoB, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276292596, oauth_consumer_key=myconsumerkey, oauth_token=mytoken, oauth_signature=yOh2zQPGDBlVEP5cDWhjddQWTLc%3D, oauth_version=1.0 Content-Type: [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; I can see no reason why this shouldn't work. Any help would be greatly appreciated! Thanks, Craig -- Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod
Re: [twitter-dev] oauth status update returning error 401 invalid / used nonce
xAuth in this case, I think, is unrelated to the issue. If you can use a different key and use the my token feature to get your access token, then try to tweet using that token, it will sufficiently express the problem I think. Taylor On Jun 11, 2010, at 2:48 PM, Craig chanson9...@gmail.com wrote: Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken %26oauth_version%3D1.0%26status%3Dmy%2520tweet Authorization header: OAuth oauth_nonce=397vi5Ug1YHC3UAVUAoB, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276292596, oauth_consumer_key=myconsumerkey, oauth_token=mytoken, oauth_signature=yOh2zQPGDBlVEP5cDWhjddQWTLc%3D, oauth_version=1.0 Content-Type: [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; I can see no reason why this shouldn't work. Any help would be greatly appreciated! Thanks, Craig
[twitter-dev] Re: Coming soon: a solution for Open Source applications using OAuth with the Twitter API
This is excellent news and sounds like a much better user experience than the previously discussed options. I would like to suggest it be taken one step further. Could the encoded string with the keys be returned programatically to the Open Source application instead of asking the user to copy/paste? This way the user experience would be very similar to a standard OAuth transaction. Cheers, --Alex http://alexking.org On Jun 11, 4:56 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Developers, As has been discussed on the list recently, OAuth and Open Source applications are a difficult combination because token secrets shouldn't be embedded in widely distributed code. We're pleased to announce that we've devised a solution to this problem. [...]