[twitter-dev] [Problem] since date or since_id is too old
This bug wasn't fixed? I have been look around the groups and found this link: http://code.google.com/p/twitter-api/issues/detail?id=742 My service try to execute this link: http://search.twitter.com/search?rpp=100lang=ptto=timtimportimtimsince_id=6566066234 and get this message 403 : since date or since_id is too old So, how I solve this problem? If this id is too old, how i know what id is valid after this? I hope some1 help me. Thank you.
[twitter-dev] API Search
Why the parameter near is not avaible for api search on twitter? What i can't understand is... I can search on search.twitter.com this query:@twitter OR @twitterapi near:Brasil http://search.twitter.com/search...@twitter+or+@twitterapi+near:Brasil If i click on Feed for this query i can get this result for the query above: http://search.twitter.com/search.atom?geocode=-14.235004,-51.92528,2500.0kmlang=enq...@twitter+or+@twitterapi+near:Brasil if i change atom for json, it's ok. but it's not possible to do this: (without geocode parameter) http://search.twitter.com/search.atom?lang=enq...@twitter+or+@twitterapi+near:Brasil So, why i can't just use near with api?? How i get the geocode with api?? How i get this feed with api?? Best Regards.
[twitter-dev] Some1 Can Explain Me This Process?
I was trying to change my old app for the new OAuth authentication. I'm using *.NET C#* I could get my *token* and *tokenSecret*. Ok. So i try to test *verify_credentials.xml* looks like this: http://twitter.com/account/verify_credentials.xml ?*oauth_consumer_key*=xx *oauth_nonce*=xx *oauth_signature_method*=HMAC-SHA1 *oauth_timestamp*=1251398498 *oauth_token*=xx *oauth_signature*=%2bgUJx2ydmVWdoLgdGrFWfwy0efg%3d And i received this message: *errorCould not authenticate you./error* *But...* If i put this link directly on browser some message box appear with: The API requer a login and password Login: Password: If a put my pass and login i can get the right return: user idX/id namepipocadr/name screen_namepipocadr/screen_name location/ description/ - profile_image_url http://a3.twimg.com/profile_images/299177807/3D_normal.png /profile_image_url url/ *This is the basic auth or oauth? I pass my token and tokenSecret and consumerKey etc... So how can i get the result?* Best Regards
[twitter-dev] Re: Inclusion of the source parameter
http://twitter.api.url.method?someParameter=someValue*source=yourSource* On Thu, Mar 26, 2009 at 4:10 PM, Alex Payne a...@twitter.com wrote: It's a URL parameter, so part of the URL. On Thu, Mar 26, 2009 at 12:07, Brother obran...@gmail.com wrote: Hi, I got the confirmation from twitter regarding the acceptance of my source parameter to show the application name in the footer of the Tweets. Should this source parameter be part of the HTTP body section or part of the URL? Thanks Olivier -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x -- Analista Desenvolvedor www.espacodj.com
[twitter-dev] Wrong reference on http://apiwiki.twitter.com/REST+API+Documentation
Hey Matt and Alex, Some reference links (using #) to redirect to the rigth location on page are wrong, cuz they had the same reference *#destroy* Example. If you click on *destroy* from *Direct Message Methods* will redirect to * destroy* method for *Status Method*s cuz he comes first: Direct Message Methodshttp://apiwiki.twitter.com/REST+API+Documentation#DirectMessageMethods 1. direct_messageshttp://apiwiki.twitter.com/REST+API+Documentation#directmessages 2. sent http://apiwiki.twitter.com/REST+API+Documentation#sent 3. new http://apiwiki.twitter.com/REST+API+Documentation#new 4. destroy http://apiwiki.twitter.com/REST+API+Documentation#destroy This is not good for us... i always get the wrong url, and lost some time. Best Regards. -- Analista Desenvolvedor www.espacodj.com
Re: Help with If-Modified-Since and C#
I try this too: HttpWebRequest http = (HttpWebRequest)WebRequest.Create(url); http.IfModifiedSince = DateTime.Now; This code will give to me only replies that was new on 24 hours behind? In this case too, return all (all days) replies that i had. On Mon, Feb 9, 2009 at 2:57 PM, Gustavo Melo pipoc...@gmail.com wrote: Hello Guys,Som1 had some code snippets using If-Modified-Since in C#? Whatever, header or parameter... I want to get only replies TODAY starting of my parameter with some HOUR Example: I had 10 replies today (1 am - 10 am) and i want only (5 am - 10 am) I'm trying this: string url = http://twitter.com/statuses/replies.xml?If-Modified-Since=; + HttpUtility.UrlEncode(True, 09 Feb 2009 14:00:00 GMT) -- Analista Desenvolvedor www.espacodj.com -- Analista Desenvolvedor www.espacodj.com
Help with If-Modified-Since and C#
Hello Guys,Som1 had some code snippets using If-Modified-Since in C#? Whatever, header or parameter... I want to get only replies TODAY starting of my parameter with some HOUR Example: I had 10 replies today (1 am - 10 am) and i want only (5 am - 10 am) I'm trying this: string url = http://twitter.com/statuses/replies.xml?If-Modified-Since=; + HttpUtility.UrlEncode(True, 09 Feb 2009 14:00:00 GMT) -- Analista Desenvolvedor www.espacodj.com
Re: How API will works after OAuth?
Guys, We all know that base-auth is a gold for our app and when we think about another way like OAuth we get mad BUT If the Toke had infinit life time (probabily will do), so the big poblem transform in a little problem with 3 steps: 1-Your Webapp redirect the user to Twitter Web Site (Authentication) 2- User put username and password 3- Twitter redirect again the user for your Webapp authenticated. For non-web app it a little different but easy any way... It's not a big deal... The most important point is the life time of token... bring OAuth and let's made this happen !!! On Thu, Feb 5, 2009 at 2:48 PM, Stuart stut...@gmail.com wrote: 2009/2/5 jstrellner jstrell...@urltrends.com: I was just thinking this, and then I read your post. It would be good to see a trusted apps section somewhere on your site, and those application could use Basic Auth. If they don't want to go through the process of being a trusted app, then they can use OAuth. Just something to think about. Could earn twitter some $$$ too. Could also land them in a world of pain. I wouldn't want Twitter to endorse any product that wasn't theirs, and I doubt they would want to either. Too risky. -Stuart On Feb 4, 8:57 pm, Alex Payne a...@twitter.com wrote: Thanks for the feedback, guys. We'll consider extending Basic Auth's life, or maybe granting a stay of execution to known-good apps. At the very least, we'll try not to pull the rug out from under anyone. funkatron wrote: Agreed. I do believe that the use of HTTP Basic Auth was key to the quick growth of the 3rd-party app community of Twitter, as the auth scheme is so well-understood and supported. This may or may not be as important at this point business-wise, as I suspect the Twitter userbase is large enough to overcome a fair bit of lazy user intertia. I wonder if we will see a lot less interesting API hacking (the good kind), though, and I think that would be a shame. While OAuth makes a ton of sense for website-based apps, it's kind of another kettle of fish for locally-hosted apps (desktop and mobile). Moving to OAuth-only is problematic for us for these reasons: 1. it complicates (and confuses) the process for users: instead of entering a username and password -- a well-understood, common process -- now the app has to push the user to a web site which hopefully explains what's going on decently. This works okay for web dorks like us, but I guarantee your avg user is going to find this confusing. Maybe not as confusing as OpenID, though. 2. updating locally-hosted apps to use a new authentication system is an issue of getting thousands (or higher orders) of users to upgrade. 6 months may not be enough, even for currently active applications. Stuff in development *cough*like mine*cough* now could find themselves having to toss out a ton of code they're knee-deep in right now. Yucky. My preference would be to *not* see HTTP Basic Auth go away in the foreseeable future. If that's not reasonable or possible, the 6-month window (even given that the countdown may not start for a few months) is pretty tight for comfort, and extending it would be much preferred. Note: One might wonder why I only mention these issues in the context of local apps rather than web apps. I think the expectations and user behavior tendencies are fairly different in the desktop and mobile app space, and there are a number of ways malware is detected and contained in this area. The web app space is a lot more open and easy to exploit, and likely will be unless the whole paradigm changes. -- Ed Finkler http://funkatron.com AIM: funka7ron ICQ: 3922133 Skype: funka7ron On Feb 4, 10:03 pm, Cameron Kaiserspec...@floodgap.com wrote: I'm still (softly) repeating the hope that this will be extended, even if the Basic Auth API remains deprecated and static. An OAuth workflow is constrained for desktop apps, and for apps that aren't or can't use a web browser (in my case, text-mode twitter clients; other cases include all those little curl scripts posting monitoring information, task status, etc.), OAuth won't work at all. I fully support OAuth, but where appropriate. I think Ed Finkler said it best when he said the breadth of Twitter applications currently extant wouldn't exist were it not for a low barrier to entry. OAuth makes sense in many places, but it doesn't make sense everywhere, and I hope alternate methods of authentication remain possible even if they are intentionally limited to steer preferred traffic to an OAuth workflow. Otherwise I suspect the ecosystem outside the browser will be greatly reduced. -- personal: http://www.cameronkaiser.com/-- Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com --
Re: How API will works after OAuth?
So, what happen if this third party expose to others app this generated key? They will acess your account too? If this key can be just used for one app (maybe lock for one IP) the user will need generated always a new key for one app? (Go to twitter page, log in, acess New Keys, generate a new key, and give to the app) On Thu, Feb 5, 2009 at 10:37 AM, Ninjamonk dar...@stuartmedia.co.uk wrote: Have you guys considered maybe tweaking the basic auth system to something like what friendfeed has. Each user could be given a third party system generated key to use instead of a password and then basic auth could still be used and not tired to the system password. If the user felt their account had been compromised by an app they could just generate a new code and also this would protect the users account from hijacking. I know you don't want to have 2 different systems for auth but this could be used for legacy apps and for use cases like funkatron mentioned earlier in the thread. Cheers -- -- Analista Desenvolvedor www.espacodj.com
Re: How API will works after OAuth?
Hi Matt, Thx for answer... OAuth isn't hard ;) A couple of days i have learned some about it and put this on my TestApp to see how works. I'm glad to see that You guys worrie about the final user. Let's bring it on... We had just to generate our api_key and secret, and sort all parameters of the method (including api_key and secret) to creat a signature... (basically of course) So... don't worrie with us (developers) On Thu, Feb 5, 2009 at 4:33 PM, Matt Sanford m...@twitter.com wrote: Hi Gustavo et al, This is the problem with re-use systems like both Basic Auth and the FriendFeed token system. Every application uses the same token so you turn them all off at once (like a password change). Even if we give out one key per application (like OAuth) your requests can be intercepted and the credentials re-used (unless SSL is required). This sort of re-use is not a problem in OAuth where requests are signed using a secret and include a time stamp and a random value (nonce). Since the nonce can't be re-used this even guards against replay attacks.I know OAuth is hard. I've implemented the server side, a Scala test library and a sample Rails app (blog post coming soon). Having said that, all of the times I've wondered why it has to be so difficult I've come up with an attack scenario that means that part can't be dropped. I want to try and keep up Basic Auth as long as it's needed, but on the other hand I don't want to be like Microsoft who keep around LANMAN as an attack vector for years on end. It's a tough balance between encouraging developers and protecting our users. Thanks; — Matt On Feb 5, 2009, at 10:13 AM, Gustavo Melo wrote: So, what happen if this third party expose to others app this generated key? They will acess your account too? If this key can be just used for one app (maybe lock for one IP) the user will need generated always a new key for one app? (Go to twitter page, log in, acess New Keys, generate a new key, and give to the app) On Thu, Feb 5, 2009 at 10:37 AM, Ninjamonk dar...@stuartmedia.co.ukwrote: Have you guys considered maybe tweaking the basic auth system to something like what friendfeed has. Each user could be given a third party system generated key to use instead of a password and then basic auth could still be used and not tired to the system password. If the user felt their account had been compromised by an app they could just generate a new code and also this would protect the users account from hijacking. I know you don't want to have 2 different systems for auth but this could be used for legacy apps and for use cases like funkatron mentioned earlier in the thread. Cheers -- -- Analista Desenvolvedor www.espacodj.com -- -- Analista Desenvolvedor www.espacodj.com
How API will works after OAuth?
Hello Guys, Matt and Alex... We need to understand how OAuth will affect ours app's... Twitter authentication with username and password will totaly stop work? How many days we will have to change our app's? And for me the most important question is, OAuth before copmleted authentication for user, return to my app some Token Auth... This Token had some time o live right? What time is it? One day? One Week? One Month? This is really important for my app that was based on MO/SMS ! Once the user made the full process to authentication, i think will be better for us (developers) to receive a token with bigger time of life! Best Regards and sry my bad english. -- Analista Desenvolvedor www.espacodj.com
Change Originate Name
Hello Guys...Sry if this question had been awnsered... How I change the from web to myApp ? This was update for me from my APP One More Test Using API Twitter... Let's see some caracteres @#$%!* http://twitter.com/pipocadr/status/1162745303 menos de 10 segundos ago http://twitter.com/pipocadr/status/1162745303 from web Thanks and sry for my bad english. -- -- Analista Desenvolvedor www.espacodj.com
Authentication is Safe ?
Hey Guys, Alex and Matt, Let's imagine that I'm a bad person and have depevoped a very attractive application for Twitter and a lot of people like to use it. For authentication the users have to type their login and password, right? I'm able to store those logins and passwords and make bad use of them. I've read that exists the OAuth, is it already working? How does the Twitter's process of authentication works? Is it free? Best Regards