Re: [twitter-dev] Callback URL not authorized issue

[Dana Contreras]

Hi Steve,

Our OAuth implementation is very strict about host names and will not
authorize callbacks unless the host name matches exactly. In your
case, the www subdomain is the difference.

You can make your @Anywhere app work on both host names by adding
mymobileplanet.co.uk (without the www) to your list of authorized
domains. Go to http://dev.twitter.com/apps, click on the name of your
@Anywhere app, and then click on Manage Domains in the right sidebar.
Enter mymobileplanet.co.uk into the form field and click Authorize.

On Fri, Aug 6, 2010 at 10:56 AM, Steve atif-nas...@hotmail.com wrote:
 I have implemented @Anywhere on a web-page. I have registered an app
 with Twitter and inserted the API key in the head section and both
 modules in the body section of my page.

 I am getting the following error:

 The provided callback url http://mymobileplanet.co.uk/iPhone.html is
 not authorized for the client registered to 'http://
 www.mymobileplanet.co.uk'.

 I have tried several methods to somehow make it work but all in vain.

 I would appreciate if someone can visit my pages and see what the
 problem is or guide me how I can make it work.




-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger

Re: [twitter-dev] Adding and removing from Lists does not appear to be working

[Dana Contreras]

Hi Alex,

Can you tell me specifically which lists and users you're seeing this
problem with? Feel free to email me off-list if you prefer.

On Wed, Jul 28, 2010 at 12:54 AM, Alex B alex.boswo...@gmail.com wrote:

 Adding and Deleting members from lists appears to be silently failing.
 This issue also appears to impact the Twitter web interface.

 Is it just me seeing this bug? Is there any information on the issue?




-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger

Re: [twitter-dev] Favorites/:id/create.json returns not found

[Dana Contreras]

Hi Jim,

Change the URL to
https://api.twitter.com/1/favorites/create/15738870223.json and it should
work.

On Tue, Jun 8, 2010 at 5:04 PM, Jim Cortez j...@jimcortez.com wrote:

 Hi all,
I am having trouble with setting favorites through the oAuth API (with
 xAuth). Must other api's work (exception being blocks/exists, see previous
 emails).

 Here is an example request:

 location: https://api.twitter.com/1/favorites/15738870223/create.json
 authorizationHeader: OAuth oauth_consumer_key=snip,
 oauth_nonce=snip, oauth_signature=snip,
 oauth_signature_method=HMAC-SHA1, oauth_timestamp=1276041800,
 oauth_token=snip, oauth_version=1.0,
 postData: id=15738870223

 responseData:
 {request:/1/favorites/15738870223/create.json,error:Not found}

 Now on the web, this is fine:
 http://twitter.com/twitterapi/status/15738870223

 I tried removing the id as post data, but then I got an invalid signature
 error. Any ideas?
 Thanks,
 Jim Cortez




-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger

Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.

[Dana Contreras]

When you're constructing your signature base string, don't include the
query parameters in the URL. The query parameters do need to be
included in the next part of the signature base string though. Here's
what the base string in your example should look like:

GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D***%26oauth_nonce%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**%26oauth_version%3D1.0

%3Fcount%3D200 has been removed, and count%3D200%26 has been
inserted after the second ampersand.

On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
miguel.de.ic...@gmail.com wrote:
 Hello folks,

    I have my client speaking OAuth to twitter for the entire initial
 dance up to getting my access token.

    But once I try using the access token to call:
 http://api.twitter.com/1/statuses/mentions.json?count=200

    All I get from twitter is a 401 with the following body:

 {request:/1/statuses/mentions.json?count=200,error:Incorrect
 signature}

    I followed the steps described here:http://dev.twitter.com/pages/
 auth and just assumed that since there is no content, the value for
 computing the signature is not needed.

 GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
 %3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
 %3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
 SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
 %26oauth_version%3D1.0

 My composite signature is made of my consumer secret (from the twitter
 app page) and the oauth_token_secret returned by the acquire access
 token process

 This is what ends up in the HTTP traffic, when I  append the
 oauth_signature:
 GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
 authorization: OAuth
 oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC-
 SHA1,oauth_timestamp=1274461098,oauth_token=823083-
 ***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
 %3D
 Connection: keep-alive
 Host: api.twitter.com


 Any ideas on what I am doing wrong?





-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger

Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.

[Dana Contreras]

...and I see Taylor beat me to it. ;)

On Fri, May 21, 2010 at 10:34 AM, Dana Contreras d...@twitter.com wrote:
 When you're constructing your signature base string, don't include the
 query parameters in the URL. The query parameters do need to be
 included in the next part of the signature base string though. Here's
 what the base string in your example should look like:

 GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D***%26oauth_nonce%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**%26oauth_version%3D1.0

 %3Fcount%3D200 has been removed, and count%3D200%26 has been
 inserted after the second ampersand.

 On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
 miguel.de.ic...@gmail.com wrote:
 Hello folks,

    I have my client speaking OAuth to twitter for the entire initial
 dance up to getting my access token.

    But once I try using the access token to call:
 http://api.twitter.com/1/statuses/mentions.json?count=200

    All I get from twitter is a 401 with the following body:

 {request:/1/statuses/mentions.json?count=200,error:Incorrect
 signature}

    I followed the steps described here:http://dev.twitter.com/pages/
 auth and just assumed that since there is no content, the value for
 computing the signature is not needed.

 GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
 %3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
 %3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
 SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
 %26oauth_version%3D1.0

 My composite signature is made of my consumer secret (from the twitter
 app page) and the oauth_token_secret returned by the acquire access
 token process

 This is what ends up in the HTTP traffic, when I  append the
 oauth_signature:
 GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
 authorization: OAuth
 oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC-
 SHA1,oauth_timestamp=1274461098,oauth_token=823083-
 ***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
 %3D
 Connection: keep-alive
 Host: api.twitter.com


 Any ideas on what I am doing wrong?





 --
 Dana Contreras
 Twitter Platform Team
 http://twitter.com/DanaDanger




-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger

Re: [twitter-dev] 'unix way' Twitter scripts - will they still work?

[Dana Contreras]

Net::Twitter has an OAuth role that you can use:

http://search.cpan.org/dist/Net-Twitter/lib/Net/Twitter/Role/OAuth.pm

Take a look at the examples section on that page. The first example
demonstrates a typical pattern for authorizing the client and storing
the access token on disk.

One complication you're going to run into is that people who use your
client will need to generate their own consumer key/secret pairs,
because you can't distribute your secret in the open. Take a look at
the authorize command in Marcel and Raffi's twurl client
(http://github.com/marcel/twurl) for a good example of how to handle
this.

Dana


On Mon, May 17, 2010 at 6:34 AM, Neal Rauhauser nrauhau...@gmail.com wrote:

  I've published a handful of 'unix way' scripts written in perl and
 based on Marc Mims' Net::Twitter library. The basic idea was to lower
 the barrier of entry for folks who want some simple thing done - say a
 unix admin who wants a system to be able to tweet/DM. There are a lot
 of things that could be done with this - I've played a bit with
 integrating Nagios alerts using this, with making Request Tracker able
 to send messages via Twitter, etc.


 http://github.com/StrandedWind/Simple-Perl-Scripts-For-Twitter


    These are little things, as they should be, and made to run from
 the command line, which is the right way to handle lots of text data.
 I'm seeing this stuff on Oauth, I'm absolutely not a web developer in
 any sense of the word, and I'm wondering how I preserve the
 functionality of these tools across the pending changes.


    Any thoughts on how to provide a construction kit for command line/
 daemon users would be appreciated.




-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger

[twitter-dev] New methods for pending follow requests

[Dana Contreras]

We've deployed two new methods for retrieving pending follow requests for
protected users:

* /friendships/incoming
* /friendships/outgoing

The incoming method returns a list of users who have pending requests to
follow the authenticating user. The outgoing method returns a list of
protected users for whom the authenticating user has pending follow
requests.

Both methods return 5000 user IDs per page. Cursors are provided in the
unlikely event that you need to page through a list of more than 5000
pending follow requests.

Full documentation is here:
https://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships-incoming
https://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships-outgoing

Enjoy!

-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger

[twitter-dev] New rate limit headers for users/search

[Dana Contreras]

We've added a new set of HTTP response headers to users/search to document
its secondary rate limit:

* X-FeatureRateLimit-Limit
* X-FeatureRateLimit-Remaining
* X-FeatureRateLimit-Reset
* X-FeatureRateLimit-Class

Calls to users/search are rate limited by the standard REST API rate limit,
as well as by a secondary rate limit that applies only to users/search (60
calls per hour). If either of these limits is exceeded, access to
users/search is restricted until the limits reset.

The new headers provide information about the secondary rate limit in the
same way that the existing X-RateLimit headers document the standard REST
API rate limit. Both sets of headers will be sent in response to calls to
users/search.

You can find more information about this update here:
https://apiwiki.twitter.com/Rate-limiting

-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger


-- 
To unsubscribe, reply using remove me as the subject.

Re: [twitter-dev] Re: New methods for pending follow requests

[Dana Contreras]

Allow/deny/cancel endpoints would certainly be the next logical step.

As for user objects, you can pass the array of user IDs to users/lookup:
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-users-lookup


On Tue, Apr 13, 2010 at 5:13 PM, Naveen Ayyagari
nav...@getsocialscope.comwrote:

 Is there API endpoints planned to accept/reject incoming and cancel
 outgoing pending requests?

 I am curious, what the use case is for a list of ids for pending
 requests? Without APIs to interact with pending requests, what would
 this information be used for?

 For a mobile client, exposing this type of information is valuable to
 the user, but user objects (not ids) would be required to create a UI
 for someone to view and then interact with such requests.

 --Naveen Ayyagari
 @knight9
 @SocialScope


 On Apr 13, 7:32 pm, Dana Contreras d...@twitter.com wrote:
  We've deployed two new methods for retrieving pending follow requests for
  protected users:
 
  * /friendships/incoming
  * /friendships/outgoing
 
  The incoming method returns a list of users who have pending requests to
  follow the authenticating user. The outgoing method returns a list of
  protected users for whom the authenticating user has pending follow
  requests.
 
  Both methods return 5000 user IDs per page. Cursors are provided in the
  unlikely event that you need to page through a list of more than 5000
  pending follow requests.
 
  Full documentation is here:
 https://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships-in...https://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships-ou.
 ..
 
  Enjoy!
 
  --
  Dana Contreras
  Twitter Platform Teamhttp://twitter.com/DanaDanger


 --
 To unsubscribe, reply using remove me as the subject.




-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger