[twitter-dev] [Problem] since date or since_id is too old
This bug wasn't fixed? I have been look around the groups and found this link: http://code.google.com/p/twitter-api/issues/detail?id=742 My service try to execute this link: http://search.twitter.com/search?rpp=100lang=ptto=timtimportimtimsince_id=6566066234 and get this message 403 : since date or since_id is too old So, how I solve this problem? If this id is too old, how i know what id is valid after this? I hope some1 help me. Thank you.
[twitter-dev] API Search
Why the parameter near is not avaible for api search on twitter? What i can't understand is... I can search on search.twitter.com this query:@twitter OR @twitterapi near:Brasil http://search.twitter.com/search...@twitter+or+@twitterapi+near:Brasil If i click on Feed for this query i can get this result for the query above: http://search.twitter.com/search.atom?geocode=-14.235004,-51.92528,2500.0kmlang=enq...@twitter+or+@twitterapi+near:Brasil if i change atom for json, it's ok. but it's not possible to do this: (without geocode parameter) http://search.twitter.com/search.atom?lang=enq...@twitter+or+@twitterapi+near:Brasil So, why i can't just use near with api?? How i get the geocode with api?? How i get this feed with api?? Best Regards.
[twitter-dev] Some1 Can Explain Me This Process?
I was trying to change my old app for the new OAuth authentication. I'm using *.NET C#* I could get my *token* and *tokenSecret*. Ok. So i try to test *verify_credentials.xml* looks like this: http://twitter.com/account/verify_credentials.xml ?*oauth_consumer_key*=xx *oauth_nonce*=xx *oauth_signature_method*=HMAC-SHA1 *oauth_timestamp*=1251398498 *oauth_token*=xx *oauth_signature*=%2bgUJx2ydmVWdoLgdGrFWfwy0efg%3d And i received this message: *errorCould not authenticate you./error* *But...* If i put this link directly on browser some message box appear with: The API requer a login and password Login: Password: If a put my pass and login i can get the right return: user idX/id namepipocadr/name screen_namepipocadr/screen_name location/ description/ - profile_image_url http://a3.twimg.com/profile_images/299177807/3D_normal.png /profile_image_url url/ *This is the basic auth or oauth? I pass my token and tokenSecret and consumerKey etc... So how can i get the result?* Best Regards
[twitter-dev] Re: Inclusion of the source parameter
http://twitter.api.url.method?someParameter=someValue*source=yourSource* On Thu, Mar 26, 2009 at 4:10 PM, Alex Payne a...@twitter.com wrote: It's a URL parameter, so part of the URL. On Thu, Mar 26, 2009 at 12:07, Brother obran...@gmail.com wrote: Hi, I got the confirmation from twitter regarding the acceptance of my source parameter to show the application name in the footer of the Tweets. Should this source parameter be part of the HTTP body section or part of the URL? Thanks Olivier -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x -- Analista Desenvolvedor www.espacodj.com
[twitter-dev] Wrong reference on http://apiwiki.twitter.com/REST+API+Documentation
Hey Matt and Alex, Some reference links (using #) to redirect to the rigth location on page are wrong, cuz they had the same reference *#destroy* Example. If you click on *destroy* from *Direct Message Methods* will redirect to * destroy* method for *Status Method*s cuz he comes first: Direct Message Methodshttp://apiwiki.twitter.com/REST+API+Documentation#DirectMessageMethods 1. direct_messageshttp://apiwiki.twitter.com/REST+API+Documentation#directmessages 2. sent http://apiwiki.twitter.com/REST+API+Documentation#sent 3. new http://apiwiki.twitter.com/REST+API+Documentation#new 4. destroy http://apiwiki.twitter.com/REST+API+Documentation#destroy This is not good for us... i always get the wrong url, and lost some time. Best Regards. -- Analista Desenvolvedor www.espacodj.com
Re: Help with If-Modified-Since and C#
I try this too: HttpWebRequest http = (HttpWebRequest)WebRequest.Create(url); http.IfModifiedSince = DateTime.Now; This code will give to me only replies that was new on 24 hours behind? In this case too, return all (all days) replies that i had. On Mon, Feb 9, 2009 at 2:57 PM, Gustavo Melo pipoc...@gmail.com wrote: Hello Guys,Som1 had some code snippets using If-Modified-Since in C#? Whatever, header or parameter... I want to get only replies TODAY starting of my parameter with some HOUR Example: I had 10 replies today (1 am - 10 am) and i want only (5 am - 10 am) I'm trying this: string url = http://twitter.com/statuses/replies.xml?If-Modified-Since=; + HttpUtility.UrlEncode(True, 09 Feb 2009 14:00:00 GMT) -- Analista Desenvolvedor www.espacodj.com -- Analista Desenvolvedor www.espacodj.com
Help with If-Modified-Since and C#
Hello Guys,Som1 had some code snippets using If-Modified-Since in C#? Whatever, header or parameter... I want to get only replies TODAY starting of my parameter with some HOUR Example: I had 10 replies today (1 am - 10 am) and i want only (5 am - 10 am) I'm trying this: string url = http://twitter.com/statuses/replies.xml?If-Modified-Since=; + HttpUtility.UrlEncode(True, 09 Feb 2009 14:00:00 GMT) -- Analista Desenvolvedor www.espacodj.com
Re: How API will works after OAuth?
Guys,
We all know that base-auth is a gold for our app and when we think about
another way like OAuth we get mad
BUT
If the Toke had infinit life time (probabily will do), so the big poblem
transform in a little problem with 3 steps:
1-Your Webapp redirect the user to Twitter Web Site (Authentication)
2- User put username and password
3- Twitter redirect again the user for your Webapp authenticated.
For non-web app it a little different but easy any way...
It's not a big deal...
The most important point is the life time of token... bring OAuth and let's
made this happen !!!
On Thu, Feb 5, 2009 at 2:48 PM, Stuart stut...@gmail.com wrote:
2009/2/5 jstrellner jstrell...@urltrends.com:
I was just thinking this, and then I read your post. It would be good
to see a trusted apps section somewhere on your site, and those
application could use Basic Auth. If they don't want to go through
the process of being a trusted app, then they can use OAuth.
Just something to think about. Could earn twitter some $$$ too.
Could also land them in a world of pain. I wouldn't want Twitter to
endorse any product that wasn't theirs, and I doubt they would want to
either. Too risky.
-Stuart
On Feb 4, 8:57 pm, Alex Payne a...@twitter.com wrote:
Thanks for the feedback, guys. We'll consider extending Basic Auth's
life, or maybe granting a stay of execution to known-good apps. At the
very least, we'll try not to pull the rug out from under anyone.
funkatron wrote:
Agreed. I do believe that the use of HTTP Basic Auth was key to the
quick growth of the 3rd-party app community of Twitter, as the auth
scheme is so well-understood and supported. This may or may not be as
important at this point business-wise, as I suspect the Twitter
userbase is large enough to overcome a fair bit of lazy user intertia.
I wonder if we will see a lot less interesting API hacking (the good
kind), though, and I think that would be a shame.
While OAuth makes a ton of sense for website-based apps, it's kind of
another kettle of fish for locally-hosted apps (desktop and mobile).
Moving to OAuth-only is problematic for us for these reasons:
1. it complicates (and confuses) the process for users: instead of
entering a username and password -- a well-understood, common process
-- now the app has to push the user to a web site which hopefully
explains what's going on decently. This works okay for web dorks like
us, but I guarantee your avg user is going to find this confusing.
Maybe not as confusing as OpenID, though.
2. updating locally-hosted apps to use a new authentication system is
an issue of getting thousands (or higher orders) of users to upgrade.
6 months may not be enough, even for currently active applications.
Stuff in development *cough*like mine*cough* now could find themselves
having to toss out a ton of code they're knee-deep in right now.
Yucky.
My preference would be to *not* see HTTP Basic Auth go away in the
foreseeable future. If that's not reasonable or possible, the 6-month
window (even given that the countdown may not start for a few
months) is pretty tight for comfort, and extending it would be much
preferred.
Note: One might wonder why I only mention these issues in the context
of local apps rather than web apps. I think the expectations and user
behavior tendencies are fairly different in the desktop and mobile app
space, and there are a number of ways malware is detected and
contained in this area. The web app space is a lot more open and easy
to exploit, and likely will be unless the whole paradigm changes.
--
Ed Finkler
http://funkatron.com
AIM: funka7ron
ICQ: 3922133
Skype: funka7ron
On Feb 4, 10:03 pm, Cameron Kaiserspec...@floodgap.com wrote:
I'm still (softly) repeating the hope that this will be extended,
even if
the Basic Auth API remains deprecated and static. An OAuth workflow
is
constrained for desktop apps, and for apps that aren't or can't use a
web
browser (in my case, text-mode twitter clients; other cases include
all those
little curl scripts posting monitoring information, task status,
etc.), OAuth
won't work at all.
I fully support OAuth, but where appropriate. I think Ed Finkler said
it
best when he said the breadth of Twitter applications currently
extant
wouldn't exist were it not for a low barrier to entry. OAuth makes
sense
in many places, but it doesn't make sense everywhere, and I hope
alternate
methods of authentication remain possible even if they are
intentionally
limited to steer preferred traffic to an OAuth workflow. Otherwise I
suspect
the ecosystem outside the browser will be greatly reduced.
--
personal:
http://www.cameronkaiser.com/--
Cameron Kaiser * Floodgap Systems *www.floodgap.com*
ckai...@floodgap.com
--
Re: How API will works after OAuth?
So, what happen if this third party expose to others app this generated key? They will acess your account too? If this key can be just used for one app (maybe lock for one IP) the user will need generated always a new key for one app? (Go to twitter page, log in, acess New Keys, generate a new key, and give to the app) On Thu, Feb 5, 2009 at 10:37 AM, Ninjamonk dar...@stuartmedia.co.uk wrote: Have you guys considered maybe tweaking the basic auth system to something like what friendfeed has. Each user could be given a third party system generated key to use instead of a password and then basic auth could still be used and not tired to the system password. If the user felt their account had been compromised by an app they could just generate a new code and also this would protect the users account from hijacking. I know you don't want to have 2 different systems for auth but this could be used for legacy apps and for use cases like funkatron mentioned earlier in the thread. Cheers -- -- Analista Desenvolvedor www.espacodj.com
Re: How API will works after OAuth?
Hi Matt, Thx for answer... OAuth isn't hard ;) A couple of days i have learned some about it and put this on my TestApp to see how works. I'm glad to see that You guys worrie about the final user. Let's bring it on... We had just to generate our api_key and secret, and sort all parameters of the method (including api_key and secret) to creat a signature... (basically of course) So... don't worrie with us (developers) On Thu, Feb 5, 2009 at 4:33 PM, Matt Sanford m...@twitter.com wrote: Hi Gustavo et al, This is the problem with re-use systems like both Basic Auth and the FriendFeed token system. Every application uses the same token so you turn them all off at once (like a password change). Even if we give out one key per application (like OAuth) your requests can be intercepted and the credentials re-used (unless SSL is required). This sort of re-use is not a problem in OAuth where requests are signed using a secret and include a time stamp and a random value (nonce). Since the nonce can't be re-used this even guards against replay attacks.I know OAuth is hard. I've implemented the server side, a Scala test library and a sample Rails app (blog post coming soon). Having said that, all of the times I've wondered why it has to be so difficult I've come up with an attack scenario that means that part can't be dropped. I want to try and keep up Basic Auth as long as it's needed, but on the other hand I don't want to be like Microsoft who keep around LANMAN as an attack vector for years on end. It's a tough balance between encouraging developers and protecting our users. Thanks; — Matt On Feb 5, 2009, at 10:13 AM, Gustavo Melo wrote: So, what happen if this third party expose to others app this generated key? They will acess your account too? If this key can be just used for one app (maybe lock for one IP) the user will need generated always a new key for one app? (Go to twitter page, log in, acess New Keys, generate a new key, and give to the app) On Thu, Feb 5, 2009 at 10:37 AM, Ninjamonk dar...@stuartmedia.co.ukwrote: Have you guys considered maybe tweaking the basic auth system to something like what friendfeed has. Each user could be given a third party system generated key to use instead of a password and then basic auth could still be used and not tired to the system password. If the user felt their account had been compromised by an app they could just generate a new code and also this would protect the users account from hijacking. I know you don't want to have 2 different systems for auth but this could be used for legacy apps and for use cases like funkatron mentioned earlier in the thread. Cheers -- -- Analista Desenvolvedor www.espacodj.com -- -- Analista Desenvolvedor www.espacodj.com
How API will works after OAuth?
Hello Guys, Matt and Alex... We need to understand how OAuth will affect ours app's... Twitter authentication with username and password will totaly stop work? How many days we will have to change our app's? And for me the most important question is, OAuth before copmleted authentication for user, return to my app some Token Auth... This Token had some time o live right? What time is it? One day? One Week? One Month? This is really important for my app that was based on MO/SMS ! Once the user made the full process to authentication, i think will be better for us (developers) to receive a token with bigger time of life! Best Regards and sry my bad english. -- Analista Desenvolvedor www.espacodj.com
Change Originate Name
Hello Guys...Sry if this question had been awnsered... How I change the from web to myApp ? This was update for me from my APP One More Test Using API Twitter... Let's see some caracteres @#$%!* http://twitter.com/pipocadr/status/1162745303 menos de 10 segundos ago http://twitter.com/pipocadr/status/1162745303 from web Thanks and sry for my bad english. -- -- Analista Desenvolvedor www.espacodj.com
Authentication is Safe ?
Hey Guys, Alex and Matt, Let's imagine that I'm a bad person and have depevoped a very attractive application for Twitter and a lot of people like to use it. For authentication the users have to type their login and password, right? I'm able to store those logins and passwords and make bad use of them. I've read that exists the OAuth, is it already working? How does the Twitter's process of authentication works? Is it free? Best Regards
