[twitter-dev] List Issue
Hi Guys, I am seeing something that I can't work out with the Lists API http://api.twitter.com/1/imrobg/lists.json reports no lists {lists:[], next_cursor:0, previous_cursor:0 }, however if you see twitter.com/imrobg he has lists and they are visible. Likewise if you query http://api.twitter.com/1/imrobg/lists/design-links/statuses.json (built from looking that proper twitter page) occasionally it reports a 403, most of the time it simply returns {request:/1/imrobg/lists/design-links/statuses.json,error:Not found}, which makes sense because the previous query reported the user has no lists. Is this an issue? Is it a known issue? Is there anything I can check my end? I have tried it against other users and all seems to work fine. Paul.
[twitter-dev] Re: List creation with oAuth credentials
I thought this too when I first saw the new list api. Is the Twitter team moving away from id/screenname based query parameters and simply using screen names? I suppose the point being that Daniel was making is that screen name is superflous when using authentication especially since all the POST, PUT and DELETE commands will require authentication to work. It would be good to at least know which url structure Twitter intend to support because as it stands now their is a disjoint between this new API and the old ones. P Sent from my iPhone On 8 Nov 2009, at 16:49, Josh Roesslein jroessl...@gmail.com wrote: Twitter API team seems to want to make the API more RESTful. So that is my guess why that end point is /:user/lists.xml POST versus something like /lists/ create.xml Josh On Sun, Nov 8, 2009 at 2:25 AM, Dimebrain daniel.cre...@gmail.com wrote: The current endpoint for creating a new list is: http://api.twitter.com/1/user/lists.format But the user part is meant to be the user's screen name. If your application is oAuth, you don't necessarily know or care about the user's screen name. You can easily get it with a verify_credentials call. However, this is the first time that an API endpoint has required two calls to be useful. Why would the user part of the URL be necessary at all if authentication is required?
[twitter-dev] Re: Suggestion: Ability to just search amongst a user's friends
I agree with Jesse, this feature was key for me in Friendfeed, it is very powerful. You could also search lists (hint hint ;)) Personally I would would be happy with my @PaulKinlan user being put back into search results, it has not been included in any search for several months now - but that is a whole separate issue. P 2009/10/30 Abava dnam...@gmail.com we've managed to search links from friends (just published links): http://tlink.linkstore.ru and hashtags http://tbuzz.linkstore.ru On Oct 28, 6:33 am, Jesse Stay jesses...@gmail.com wrote: I have a project in which it would be tremendously easier if I could just specify a search to take place amongst a particular user's Twitter friends, instead of across the entire site. Is there a way to do this currently? If not, is this something the team could consider? I can make it work by comparing the full results to a list of friends, but that seems like unnecessary work. Thanks, Jesse
[twitter-dev] Re: Automated Tweets
There was some talk recently about Twitter blocking consecutive tweets that are identical. With some of the reasoning that duplicate tweets are a violation of the terms of service. Paul 2009/10/28 Greg gregory.av...@gmail.com Hello, I have an application that sends out a Tweet when a user Authorizes the Application and asks a Question to a particular user. Does Twitter block continous sending out of a Tweet within a time period? I am doing testing of the application and whenever I try to do a Update Status - it returns the ID of the last Tweet that I made from the account. Did my Consumer Key/Consumer Key get blocked, or will Twitter not allow the same tweet to be posted in a certain time period? Greg
[twitter-dev] Twitter Lists Issues
Hi Guys, This isn't technically an API issue but a usage issue of the new to arrive Lists API. Retweets (outside of the API) have had an issue where by it is pretty easy to fake a users tweet, for instance someone could easily produce a tweet as a RT that I have never ever said: RT @PaulKinlan OMG Guess who is standing for parliament http://somelinkto-a-rickroll.com Myself and a colleague have been talking about forgery/defamation through Twitter lists, for instance, if someone didn't like me they could create a new user (or use their user), create a list of Racists and add me to that list, or something similar that would cause me to be associated with. This list is listed in my profile when someone looks at me in the Lists Following me For example: http://twitter.com/PaulKinlan/example-list-of-bad-peeps (I will delete this soon), this will also be in @ev's profile http://twitter.com/ev/lists/memberships So just some quick questions: If I block a person, will they be able to add me to a list? If I block a person will I be removed from their lists they have generated? Without blocking a person, will I be able to remove myself from a list? Through the API we be able to remove ourselves from a lists? Cheers, Paul
[twitter-dev] Re: Search API Rate limiting - App Engine (again)
Hi Chad, I am sorry but that doesn't even help in the slightest. You are essentially saying that we shouldn't develop on the App Engine, since would now have to also buy a proxy. Which is completely unfeasible and defeats the purpose of why people are using the app engine. I understand that this might also be an App Engine issue - for instance they could have reduced the number of IP addresses they pool from to make external requests. This is a very noticeable change in rate limiting in the last few weeks. For instance I could run roughly 2 searches a second, then all of a sudden I would be lucky to run 2 every 15 seconds. User-Agent strings were supposed to allievate this issue. There are more than enough pieces of meta data on an App Engine request that Identify the exact application that is making the requests - I guess it is too much effort to take these into account. I am in the fortunate position that allowed me to set up a nginx proxy quickly, but I suspect a lot of other people couldn't do that. I hope something can be sorted for the large number of GAE based Twitter apps. Paul Kinlan On 6 Oct 2009, at 17:50, Chad Etzel c...@twitter.com wrote: Hi All, GAE sites are problematic for the Twitter/Search API because the IPs making outgoing requests are fluid and cannot as such be easily allowed for access. Also, since most IPs are shared, other applications on the same IPs making requests mean that fewer requests per app get through. One work around would be to spin up a server in EC2 or Rackspace Cloud or something and use it as a proxy for your requests. That way you have a dedicated IP that will have its full share of resources talking with the Twitter servers. HTH, -Chad On Tue, Oct 6, 2009 at 12:45 PM, Martin Omander moman...@google.com wrote: Same here; my app runs on Google App Engine and 40% of the requests to the Twitter Search API get the 503 error message indicating rate limiting. Is there anything we as app authors can do on our side to alleviate the problem? /Martin On Oct 5, 1:53 pm, Paul Kinlan paul.kin...@gmail.com wrote: I am pretty sure there are custom headers on the App Engine that indicate the application that is sending the request. 2009/10/5 elkelk danielshaneup...@gmail.com Hi all, I am having the same issue. I have tried setting a custom user- agent, but this doesn't seem to affect the fact that twitter is limiting based on I.P. address. I'm only making about 5 searches an hour and 80% of them are failing on app engine due to a 503 rate limit. Twitter needs to determine a better way to let cloud clients access their search API. It seems like they have really started blocking search requests in the last week or so. If anyone has any idea about how to better identify my app engine app please let let me know. On Oct 5, 2:59 am, steel steel...@gmail.com wrote: Hi. I have this problem too. My application does two request per hour and it get rate limit. What is wrong? I think it is twitter's problems On 1 окт, 01:45, Paul Kinlan paul.kin...@gmail.com wrote: Hi Guys, I have an app on the App engine using the search API and it is getting heavily rate limited again this past couple of days. I know that we are on a shared set of IP addresses and someone else could be hammering the system, but it seems to run for weeks without seeing the rate limit being hit and then all of a sudden only about 60% of the searches I perform will be rate limited. This seems to occur every two months or so. Has something changed recently? Paul
[twitter-dev] Re: Search API Rate limiting - App Engine (again)
I am pretty sure there are custom headers on the App Engine that indicate the application that is sending the request. 2009/10/5 elkelk danielshaneup...@gmail.com Hi all, I am having the same issue. I have tried setting a custom user-agent, but this doesn't seem to affect the fact that twitter is limiting based on I.P. address. I'm only making about 5 searches an hour and 80% of them are failing on app engine due to a 503 rate limit. Twitter needs to determine a better way to let cloud clients access their search API. It seems like they have really started blocking search requests in the last week or so. If anyone has any idea about how to better identify my app engine app please let let me know. On Oct 5, 2:59 am, steel steel...@gmail.com wrote: Hi. I have this problem too. My application does two request per hour and it get rate limit. What is wrong? I think it is twitter's problems On 1 окт, 01:45, Paul Kinlan paul.kin...@gmail.com wrote: Hi Guys, I have an app on the App engine using the search API and it is getting heavily rate limited again this past couple of days. I know that we are on a shared set of IP addresses and someone else could be hammering the system, but it seems to run for weeks without seeing the rate limit being hit and then all of a sudden only about 60% of the searches I perform will be rate limited. This seems to occur every two months or so. Has something changed recently? Paul
[twitter-dev] Search API Rate limiting - App Engine (again)
Hi Guys, I have an app on the App engine using the search API and it is getting heavily rate limited again this past couple of days. I know that we are on a shared set of IP addresses and someone else could be hammering the system, but it seems to run for weeks without seeing the rate limit being hit and then all of a sudden only about 60% of the searches I perform will be rate limited. This seems to occur every two months or so. Has something changed recently? Paul
[twitter-dev] Re: Auditing apps actions
Funny you should say that I have raised a feature request about this earlier today. http://code.google.com/p/twitter-api/issues/detail?id=1081 2009/9/29 Cristovão Morgado cristovao.morg...@gmail.com Is it possible to know what application added a friendship, posted an update? Some miss behaved apps are hard to detect... :( thx
[twitter-dev] OAuth Something is Technically Wrong
Hi Guys, I am having an issue with a very very small percentage of my users who can't use oauth, it simply won't work for them - the get directed to a Something is Technically Wrong page. For 99.9% of my users it works fine so I don't think it is an issue my end (although I am not discounting that) everything appears to be correct. Is there anything I can give Twitter to help identify and isolate the exact issue. Paul
[twitter-dev] Re: heavy throttling by search.twitter.com API from GAE application
Hi, Just a question, I am starting to see very heavy throttling to the Twitter Search API from the Google App engine. I am receiving 503's enhance your calm very frequently. I have a custom set User-Agent string and I am probably doing less than 1 search per second. It has been happening for a couple of days now. Has there been a recent change to cause this behaviour. Paul.
[twitter-dev] Re: heavy throttling by search.twitter.com API from GAE application
Hi Chad, Has this limit changed recently? I used to query it far more frequently from the app engine. Obviously, Google use a lot of different IP addresses so I presuming it can fluctuate. But over the last couple of days I have noticed far more that I used to get. If it is by IP first what is the point of using the User-Agent (it was stated a little while back that we must include it now for rate limiting) - is it just for tracking of an application? Paul 2009/8/26 Chad Etzel c...@twitter.com Hi Paul, If you are sharing your IP with any other GAE twitter apps that are also doing search, then you are sharing the resource at that point. The limiting is by IP first, then user-agent. Also, 1 search per second is on the borderline of the normal rate-limit anyway, so I would try calling less frequently if possible. -Chad On Wed, Aug 26, 2009 at 12:29 PM, Paul Kinlanpaul.kin...@gmail.com wrote: Hi, Just a question, I am starting to see very heavy throttling to the Twitter Search API from the Google App engine. I am receiving 503's enhance your calm very frequently. I have a custom set User-Agent string and I am probably doing less than 1 search per second. It has been happening for a couple of days now. Has there been a recent change to cause this behaviour. Paul.
[twitter-dev] Re: large user base push notification solutions?
When I developed Twe2, here are some of the things I have learnt - 2 minute delay is pretty short - users don't even notice it that much - at one point on Twe2 we changed it to a 15 minute delay an no one really complained. If users are getting pushed notifications they are normally away from a main terminal and thus are not watching twitter through TweetDeck; in short you don't need realtime to be that realtime - Also 99.99% of people don't get that many notifications a day, polling too often is a waste of time. - We supported about 40,000 users off 1 small VPS. - To get DM's you will need to use the users credentials (oauth or otherwise), a 2 minute interval means that you will use 30 of the users requests per hour (this might have changed) and as such they might get annoyed. - 500,000 users is pretty optimistic I wouldn't even worry about that scale just yet, just get your stuff working for now. - User since_id everywhere you can. - We launched with the ability to have quiet periods, that is no notifications while I am sleeping - people will thank you for this. Based on new developments of Twitter you can use something like follow, shadow and birddog - it offers a migration plan too, start with follow to get all the tweets from a user and to a user (200 users is good to test your API works), then when you launch request twitter to allow you to use shadow (50,000 users is a lot and will probably suit your app for a long time). Then as soon as you see a tweet on the stream you know it is for some of your users and you can fire it straight to them. the only issue is that these API's only get proper replies and not mentions. Currently none of the Streaming API's will help you for DM's (AFAIK). Paul Kinlan, http://www.Twollo.com 2009/8/21 ke...@nibirutech.com intelligent...@gmail.com Hi I am a developer , trying to figure out a way to develop a push notification solution for iPhone users. The easy way to do the push work, is to have a cron-job to check users' new mentions and DMs. It should work for small number of users. What if we have a large user base, say , 500, 000 users at least? How can we use a proper solution to get a 2-minutes delay push for any user's mentions and DMs? (we can't afford the server cost for half million requests every 2 minutes) I know there are a few Twitter push clients for iPhone , but none of them can work on a scaled user base, am I right? Is there a twitter tech support here? could you please give some suggestions?
[twitter-dev] Re: My Issue with the ReTweet API and my solutions
Weird - there was no emphasis intended on the favoriting as a first class citizen paragraph - damn iphone :) 2009/8/18 Paul Kinlan paul.kin...@gmail.com Hi zac, I dont think I said there is a decrease in usage just that it is developed by the community and as such may wane in popularity as another type of emergant mechanism takes it's place. I would argue that retweet should stay roughly as is and not be directly codified into the core architecture of Twitter as is currently being proposed. I belive someone suggested a simple retweet of Id working the same way as replies and allowing you to enter your own comments along with it. The fact that there are three new views and that you can't modify a retweet smack of over complexity and a destruction of what makes Twitter the way it is - it's simplicity and I would go as far to say that it will abruptly stop emergant behaviour around rt. My other point generally is that this is very similar to the favoriting api apart from the injection into the users stream. I would love to see favoriting as a first class citizen. A reply and a favorite would work in a similar way to the new rt api if favorites were more public. The fact that retweet is part of the api and it means that if everyone doesn't flip over it means that the api isn't really working. One of the important things for a general user, is that they see tweets from people they follow as they are placing value and trust in knowing something is coming from one of the people they are following - they are not bothered that an external site can use the information or that a developer can do some funky stuff with the data. The other point is that is the problem the message stays intact - it only covers one portion of the case for retweeting. The final point I was making originally is that some sections of the community were less than pleased that they were losing credit for the original tweet (I have seen some bonkers arguments about the source of tweets) and the the retweeter was getting credit and not the retweetee. The retweet api solves that problem, but it is in my opinion such an edge use case that it doesn't matter and copyright will protect you if you are actually that bothered about losing credit. I am not a fan of this api, but I can be convinced :) and from what I have been told the api is unlikely to change too much. Paul On 18 Aug 2009, at 00:32, Zac Bowling zbowl...@gmail.com wrote: I see value in a retweet API. I disagree on your first point. Retweets have been around for some time and still happen quite a bit. No decrease in usage. (its even showing in sites like mashables retweet button and http://iphone.tomtom.com/ (look at the share button)). The only issue I see is that not everyone will flip over to the new system immediately so it will not be fully adopted into the system and inconsistent across clients for a while. Point 3, no one says that you have to add support for it. However unifying the retweet functionality drastically simplifies consumption of retweets and outweighs any slight input requirements and an API complexity required for it. Point 4, I think you missing the point of how it would work internally. As I understand it, the original 140 char message stays intact. Point 5, I'm confused with what point you are trying to get across. Zac Bowling On Sat, Aug 15, 2009 at 2:00 AM, Paul Kinlanpaul.kin...@gmail.com wrote: Hi Guys, When I saw the original message stating that the retweet API I was about to say straight away that I despise the idea, but I thought I would refrain - give it some thought. I still despise the idea and I have to make it known the reasons why I think it is a very very bad idea and in the long term will negatively affect Twitter as a communications platform for the future. You are embedding a user developed based meme into the Twitter infrastructure - the popularity of RT itself may wane after some point. Users are very fickle, they change their minds, take a stand and don't listen to them - you know your platform and I am pretty sure you know that this is a bit of a hack. Let users use they system how they want, they will evolve how they use it, constraints via an API Twitter already has the capability to do smarter things that completely negate the need for this API if they just change the current API a little Not every app will use RT API (especially legacy ones) and not every user will use it and as such Twitter and this list will get lots of questions why certain RT's are accessible by the retweet API. Again, RT's are a user concept, and is very easy for them not use. Whilst I use TweetDeck, I really dislike the amount of utility buttons it has and the amount of options it has - introducing another API for another function is tantamount to the same thing, you are asking us app developers to include more options in our
[twitter-dev] Re: My Issue with the ReTweet API and my solutions
Hi Will, Its good to get some replies, I was getting a little worried that no-one wanted to talk it through ;) I have already seen changes in syntactical use of RT some people are starting to use , however, my main point is that things change and codifying RT as a solution is restricting emergent behavior rather than developing it. I can see value in clearing the language around a retweet, the language used RT or is not obvious for new users. If a RT API can clear the syntax up then it is a good thing, but I don't think it will, people can type still type RT (and I suspect most will) on a reply and do it that way. The introduction of a RT API is intended to change the current convention of RT - so it is different from the mentions API which was an opening of what was demanded (I used to hit the search API 20 times a second with Twe2 until mentions was introduced). Current RT's work because in most cases the original user is still referenced (a simple reply with RT prepended to the tweet) and it can be typed from the input box ( a lot of people still edit a tweet before they RT - to shorten it, to add opinion etc). I will probably still use the RT syntax because I can simply type it in a reply - whether or not the client supports it or not. Mentions with the @ syntax works very well because it can be typed in with no specific need for an API, much like Twitter do with direct messages. If twitter parsed RT at the start of the tweet much like they do D and this allowed all RT to be visible via the API methods then I don't have much of an issue, but they can't do this because there is little way to know the original tweet (unless the API is used) - and this is my problem; it will be bypassed by some users and then won't be available in the API and it will raise a lot more questions RT's are being used and emerged from the need to express a +1 for a tweet and also as Forwarding facility, my point is: if the favoriting API was expanded and opened up then this reduces the use case for the RT API by one, and also focuses the RT API soley on forwarding - the two combined are very powerful as you have two sets of useful information and not just one. I as a user can: express a like and not share; share and not like; share and like. I have it on some authority that this RT API will be implemented regardless - so my arguments maybe moot. After all I suspect that the majority of the development work has already been done. Paul 2009/8/17 Will wyme...@gmail.com I just wanted to point out a few counterpoints to Paul's arguments. I think it's important that they are brought up and I hope they are taken at face value and not construed in any way as a personal attack. 1. The mentions API evolved from the @reply convention and originally was also a 'user developed based meme' that Twitter decided to incorporate into their site and API. The mentions API is now a key part of the Twitter landscape and I don't think anyone can imagine Twitter without that API. The retweet convention has been used by the twitter community for as long as I have been a part of it. I don't see the community 'changing its mind about it' anytime soon. 2. Virtually all third-party clients support some method of retweeting. This new API would not add clutter to a client's functionality as the method is already supported. In fact, it would serve to standardize the retweet method, which is a good thing as clients format retweets differently. (Even TweetDeck has a retweet button. Not sure why you don't just use it instead of 'hitting reply and typing RT at the front'.) As a third-party developer, I am bummed at the thought of having to rebuild my app to support the new 'timelines' that Twitter is requiring clients to support, but for the sake of evolution of the platform, I am happy to see the progress. I also somewhat agree that the solution to adding comments and crediting the originating authority is hacky and will not satisfy everyone's retweet needs, it brings it closer. And I fully support progress . . . as long as it's in the right direction. No matter how small. Will http://twitter.com/wymesei http://twitterneni.com On Aug 15, 7:00 pm, Paul Kinlan paul.kin...@gmail.com wrote: Hi Guys, When I saw the original message stating that the retweet API I was about to say straight away that I despise the idea, but I thought I would refrain - give it some thought. I still despise the idea and I have to make it known the reasons why I think it is a very very bad idea and in the long term will negatively affect Twitter as a communications platform for the future. 1. You are embedding a user developed based meme into the Twitter infrastructure - the popularity of RT itself may wane after some point. Users are very fickle, they change their minds, take a stand and don't listen to them - you know your platform and I am pretty sure you know that this is a bit
[twitter-dev] Re: My Issue with the ReTweet API and my solutions
Chris, For sure the, that is what I see happening with the Retweet API, the fact that there is no status text on http://twitter.com/statuses/retweet/id.format indicates just that - which is why I would like to see favourites API drastically enhanced in tandem. Currently this Retweet API serves only as forwarding mechanism, which is not how a lot of people use it. A lot of people either add comments, to a retweet or like to have their face on the retweet (I am retweeting this etc) so from a UX POV their is now a distinct break in the twitter site, and the RT usage is now forced upon the users (in my opinion curtailing the evolution of this emergent behaviour) unless they simply type RT into a reply and add comment - so now we have two forms of retweet neither quite right. Currently this Retweet API seems like a favoriting system, combined with publishing but there is a favoriting system already in place which needs some loving and can be used as vote for without the publish. I wonder if some of this is an optimisation on Twitters end, so to save duplicating identical tweet (from a retweet) the status text is shared amongst all the receivers of retweet. Paul 2009/8/17 Chris Babcock cbabc...@asciiking.com On Mon, 17 Aug 2009 02:43:50 -0700 (PDT) janole s...@mobileways.de wrote: If you just don't agree with a tweet and want to express it via a retweet, how can you do so with the proposed API? Seems to be impossible or am I missing something? The new retweet API does not circumvent any of the current methods of expression. The only thing that it does is provide a method for verbatim retweets that is appropriate on social, semantic and data storage levels. It doesn't appear to be designed to handled value added retweets. There's no reason that it should be. That mode of expression is already served well enough by emergent behavior surrounding the current API. Value added re-expression is an evolving part of the Twitter experience. Codifying the current meme for that expression would be counter-productive. This API is not attempting to do that. It's only a provision for a meaningful, trackable, acceptable me too message. So to discuss a post with which a user disagrees, the retweet mechanism would *not* be used. That is a value added expression that would be best served by linking or replying, depending on the scope of the disagreement. Chris
[twitter-dev] Re: My Issue with the ReTweet API and my solutions
Favorites are open to be read, it is just that not many people use it and I can't actually find who favorited my tweets - (probably no one in my case ;) - if I had that information I could do a lot of things (with out resorting to the RT stream). Paul 2009/8/17 Cameron Kaiser spec...@floodgap.com Favorites are like secret ballots. That has its place in society, but it doesn't serve the same needs as standing behind some alpha primate and banging your chest in time to stand behind his message. Favorites mark things for personal consumption. They are contemplative and reflective. Actually, I enjoy reading other people's favourites. I even select some additional ones I got a kick out of out of them. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Generating random numbers is too important to be left to chance. ---
[twitter-dev] Re: My Issue with the ReTweet API and my solutions
Beier, But you can up vote a tweet you like by favoriting it - it is just that favoriting is very very underused - so much so that a lot of clients don't seem to support it. A RT is about injecting something you like into your followers feeds because you think it will be of value to them. It has a slightly different meaning. This is partly the reason why I suggest that they make overhaul the favoritng at a minimum, so for a given tweet you can see who favorites it, and seperate out re-tweets. The issue with favorites is that are personal to a user and a tweet so are not visible in the UI to everyone else (which is something that the RT seems to be trying to solve), and also track re-tweets as they are two different things. You can get a users favorites pretty easily. Paul 2009/8/17 Beier beier...@gmail.com Much agreed with Chris. I think the reason people use RT differently (resend original message, add + comment or - comment) is because of the fact that Twitter never standardized RT. Sometimes user changes the text randomly for the shear reason the msg is over 140. I'm not saying Twitter should change user behavior, no they are not. The new API doesn't stop user sending customized RTs. But it does standardize one thing, you can vote up for a tweet you like, and this is much needed for data mining. for example previously tracking RTs per tweet is easy, but tracking RTs per Twitter account is very hard and almost impossible, this new implementation makes it possible. it turns RT from unorganized data into organized and makes the data more useful for data miners. It's not perfect, but it will evolve as time goes on. On Aug 17, 3:56 am, Chris Babcock cbabc...@asciiking.com wrote: On Mon, 17 Aug 2009 02:43:50 -0700 (PDT) janole s...@mobileways.de wrote: If you just don't agree with a tweet and want to express it via a retweet, how can you do so with the proposed API? Seems to be impossible or am I missing something? The new retweet API does not circumvent any of the current methods of expression. The only thing that it does is provide a method for verbatim retweets that is appropriate on social, semantic and data storage levels. It doesn't appear to be designed to handled value added retweets. There's no reason that it should be. That mode of expression is already served well enough by emergent behavior surrounding the current API. Value added re-expression is an evolving part of the Twitter experience. Codifying the current meme for that expression would be counter-productive. This API is not attempting to do that. It's only a provision for a meaningful, trackable, acceptable me too message. So to discuss a post with which a user disagrees, the retweet mechanism would *not* be used. That is a value added expression that would be best served by linking or replying, depending on the scope of the disagreement. Chris
Re: Should your favorites be public information? (was RE: [twitter-dev] Re: My Issue with the ReTweet API and my solutions)
I don't think favourites is fundamentally wrong, I just think it is under used and under developed. The star is next to the tweet, but people are open to use it how they want, much like many people use RT in many different ways and that isn't to say your usage is wrong. Usage is what makes twitter, and apparently usage is driving the design for RT's. If users are favoriting other users then it screams for some sort of group feature (like tweetdeck or Friendfeed etc) My thing about favorites is that they favorites aren't separately searchable, you can't publicly see who favorites a tweet, there is no simple stream of all favorites as they occur - the list goes on. Paul 2009/8/17 Scott Haneda talkli...@newgeo.com On Aug 17, 2009, at 11:40 AM, Brian Smith br...@briansmith.org wrote: Paul Kinlan wrote: Favorites are open to be read, it is just that not many people use it and I can't actually find who favorited my tweets - (probably no one in my case ;) - if I had that information I could do a lot of things (with out resorting to the RT stream). I tried it and you are right, I can read anybody's favorites. But, is that intentional? I had always thought my favorites were private and I think that other users have that same expectation of privacy. - Brian Am I the only one who thinks favorites is fundamentally wrong? With so much noise, is there any value in marking one tweet as the signal? I bastardize it and use it as a way to make a list of my favorite users. This allows me to easily get to a small handful of users. I don't care what their tweet was, I just need an easy way to get to them. This is what I suspect most average users use favorites for. Marking a user. I asked a few friends just now and they all thought it was a favorite user feature. One thought it was broken because he could mark the same user more than once. -- Scott Iphone says hello.
[twitter-dev] Re: My Issue with the ReTweet API and my solutions
Hi zac, I dont think I said there is a decrease in usage just that it is developed by the community and as such may wane in popularity as another type of emergant mechanism takes it's place. I would argue that retweet should stay roughly as is and not be directly codified into the core architecture of Twitter as is currently being proposed. I belive someone suggested a simple retweet of Id working the same way as replies and allowing you to enter your own comments along with it. The fact that there are three new views and that you can't modify a retweet smack of over complexity and a destruction of what makes Twitter the way it is - it's simplicity and I would go as far to say that it will abruptly stop emergant behaviour around rt. My other point generally is that this is very similar to the favoriting api apart from the injection into the users stream. I would love to see favoriting as a first class citizen. A reply and a favorite would work in a similar way to the new rt api if favorites were more public. The fact that retweet is part of the api and it means that if everyone doesn't flip over it means that the api isn't really working. One of the important things for a general user, is that they see tweets from people they follow as they are placing value and trust in knowing something is coming from one of the people they are following - they are not bothered that an external site can use the information or that a developer can do some funky stuff with the data. The other point is that is the problem the message stays intact - it only covers one portion of the case for retweeting. The final point I was making originally is that some sections of the community were less than pleased that they were losing credit for the original tweet (I have seen some bonkers arguments about the source of tweets) and the the retweeter was getting credit and not the retweetee. The retweet api solves that problem, but it is in my opinion such an edge use case that it doesn't matter and copyright will protect you if you are actually that bothered about losing credit. I am not a fan of this api, but I can be convinced :) and from what I have been told the api is unlikely to change too much. Paul On 18 Aug 2009, at 00:32, Zac Bowling zbowl...@gmail.com wrote: I see value in a retweet API. I disagree on your first point. Retweets have been around for some time and still happen quite a bit. No decrease in usage. (its even showing in sites like mashables retweet button and http://iphone.tomtom.com/ (look at the share button)). The only issue I see is that not everyone will flip over to the new system immediately so it will not be fully adopted into the system and inconsistent across clients for a while. Point 3, no one says that you have to add support for it. However unifying the retweet functionality drastically simplifies consumption of retweets and outweighs any slight input requirements and an API complexity required for it. Point 4, I think you missing the point of how it would work internally. As I understand it, the original 140 char message stays intact. Point 5, I'm confused with what point you are trying to get across. Zac Bowling On Sat, Aug 15, 2009 at 2:00 AM, Paul Kinlanpaul.kin...@gmail.com wrote: Hi Guys, When I saw the original message stating that the retweet API I was about to say straight away that I despise the idea, but I thought I would refrain - give it some thought. I still despise the idea and I have to make it known the reasons why I think it is a very very bad idea and in the long term will negatively affect Twitter as a communications platform for the future. You are embedding a user developed based meme into the Twitter infrastructure - the popularity of RT itself may wane after some point. Users are very fickle, they change their minds, take a stand and don't listen to them - you know your platform and I am pretty sure you know that this is a bit of a hack. Let users use they system how they want, they will evolve how they use it, constraints via an API Twitter already has the capability to do smarter things that completely negate the need for this API if they just change the current API a little Not every app will use RT API (especially legacy ones) and not every user will use it and as such Twitter and this list will get lots of questions why certain RT's are accessible by the retweet API. Again, RT's are a user concept, and is very easy for them not use. Whilst I use TweetDeck, I really dislike the amount of utility buttons it has and the amount of options it has - introducing another API for another function is tantamount to the same thing, you are asking us app developers to include more options in our apps. The great thing about a RT is that I just hit reply and type RT at the front. A big thing that people have requested is that quite often there is not
[twitter-dev] Re: Firehose feed.
You probably want either the follow streaming api or if you have a couple more users the shadow http://apiwiki.twitter.com/Streaming-API-Documentation#follow http://apiwiki.twitter.com/Streaming-API-Documentation#followshadow See birddog above. Allows following up to 50,000 users. URL: http://stream.twitter.com/shadow.format Formats: xml, json Method(s): POST Returns: stream of status elementshttp://apiwiki.twitter.com/REST+API+Documentation#Statuselement follow See birddog above. Allows following up to 200 users. Publicly available. URL: http://stream.twitter.com/follow.format Formats: xml, json Method(s): POST Returns: stream of status elementshttp://apiwiki.twitter.com/REST+API+Documentation#Statuselement 2009/8/11 Paul arckinteract...@gmail.com I'm developing a Twitter Directory that is saving tweets locally via a cron that's making authenticated calls to friends_timeline every 10 minutes. Ideally, I'd like to update the directory more frequently. Is there a way to get a firehose feed for a single account, or some other way to approach this? Thanks! Paul
[twitter-dev] Re: The silence is deafening....
Sandros, I think you are very mistaken, I would say the same if Twitter wasn't running a business based off of growing their base using a Free API, Twitter chose to have a free API and it is supported as such, no guarantees or warranties - however that isn't the point - the Free API is the lifeblood to the service and without it all the applications built on it coursing through its veins there isn't much of a service, just a website, so in my opinion the Free API is probably the most important part of their business and it is broken. Lots of businesses have grown up around Twitter and these business are unable to operate - in much the same way as when a postal strike occurs. I have refunded or given service credits in the order of £250 this weekend alone for access to my service. I can't complain too much, by good grace I have managed to build a profitable venture, but on the flip side the entire situation is so frustrating, I have just taken a 20% pay cut at my current employer to help them through some tougher times so my Twitter business was covering that 20%, if this situation continues for another week I will probably shut down Twollo, it won't be worth running anymore. I am pretty sure that Twitter are working as hard as they can on sorting the problem, but the situation is a valid one and we are right to openly complain, to be honest I am totally surprised this whole situation hasn't been on the likes of techcrunch as it is an ongoing issue that is causing so much consternation it is unbelievable. Your comment about laconica is a factious one, how can one have a fallback for a Twitter service The fallback at the moment is no business at all. I personally thank Chad for his efforts so far, he has been thrown in at the deep end and is probably in the same boat as most of us. Paul 2009/8/9 Sandro Ducceschi s.ducces...@gmail.com I can't believe all of you people. The API is a free service and if it's down or not working for a while, you just sit down and take it like a grown up instead of complaining and demanding that they send in all forces on a weekend. Some people do have lifes outside of twitter i heard being said.. And if it's such a big deal that your application / system needs to run 24/7, you should have thought of it beforehand and built some sort of fallback system (laconica yeh?). In all honesty, if i had a say, i would make sure some of you would be purposely blocked for a while just because of your statements. Have a nice and relaxing Sunday.
[twitter-dev] Re: Twitter Update, 8/9 10am PST
Not to mention that http://search.twitter.com still appears to be completly blocked from the app engine. Paul 2009/8/9 Naveen Ayyagari knig...@gmail.com 1. OAuth rarely works - I tried a number of your apps and it seems to work 1 out of 6-7 times. As a note, it worked better with Safari, but not every time. -Not applicable 2. 302 redirect - not sure anymore since our code has been updated to follow them automatically. 3. General request timeouts - still seeing it but, not sure if it when we get temp blacklisted. 4. HTML in responses Haven't seen it today actually, but was fairly frequent last night. 5. Unexpected rate limiting / blacklisting - less frequent, but still happening.
[twitter-dev] Re: Twitter Update, 8/9 noon PST
OAuth, Search and the friendship methods are working for me... Paul 2009/8/9 Bill Kocik bko...@gmail.com On Aug 9, 3:13 pm, Ryan Sarver rsar...@twitter.com wrote: Please test your apps from their standard configs to see what results you get and let us know. I am primarily interested in unexpected throttling and issues with OAuth. OAuth appears to be working for my app. Thanks!
[twitter-dev] Re: Why is Biz saying things are back in action?
I know this is a me too, but twollo is entierly down (From Google App Engine). The frustrating this is that everyone thinks Twitter is working on now, an annoucement saying everything but the API is working would be better.\ Paul 2009/8/7 Sam Street sam...@gmail.com My app http://twicli.com is unavailable. Looks like the ?oauth_token isnt being created properly. Hope things come back soon. Thanks On Aug 7, 7:06 am, Rich rhyl...@gmail.com wrote: The most frustrating thing is oAuth being down, meaning new users can't sign in to oAuth apps! On Aug 7, 6:40 am, Jesse Stay jesses...@gmail.com wrote: The more communication, to both us and the public, the better. That's the best thing Twitter can do right now - I definitely feel their pain, as we're all going through it right now. It's just harder on us because we're not privy to what Twitter knows right now (nor do we have the control they have). Communication is key. (and tell Rodney I said hi Sean!) Jesse On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan seancalla...@gmail.com wrote: Yeah Jesse, I hear you and am super bummed out. My service, TweetPhoto.com, is also down in terms of users being able to login through basic auth. It's been like that all day. No one has been able to upload photos. I emailed Doug at Twitter and he requested my server's IP address which I provided. I guess they are slowly trying to bring apps back online. I just wish this happened a little sooner. I feel totally helpless at the moment. What are your thoughts? On Aug 6, 6:25 pm, Jesse Stay jesses...@gmail.com wrote: Why is Biz saying things are back in action when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues so users can know what to expect: http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html Jesse
[twitter-dev] Re: API Calls During DoS Attack
I concur with stephane, all request from the app engine fail for twollo too. Paul 2009/8/6 stephane stephane.philipa...@gmail.com Same thing here on google appengine side for www.twazzup.com Stephane @sphilipakis www.twazzup.com On Aug 6, 2:30 pm, Hayes Davis ha...@appozite.com wrote: I'm also seeing this same behavior for my whitelisted production IPs for CheapTweet.com and TweetReach.com. (Those were whitelisted under the @CheapTweet and @appozite accounts, respectively.) It works in development, but no requests are getting through to twitter.com on our production servers. I know you all have a lot on your plate right now but let us know what we can do to get un-blocked. Hayes -- Hayes Davis Founder, Appozitehttp://cheaptweet.comhttp://tweetreach.com On Thu, Aug 6, 2009 at 3:56 PM, Mario Menti mme...@gmail.com wrote: Thanks Alex - just to confirm, no requests from twitterfeed have been getting though ever since the DOS attack. It does appear to be IP based, as requests from non-production machines (ironically the non-whitelisted IPs) get through, but all production IPs appear to be blocked. On Thu, Aug 6, 2009 at 9:40 PM, Alex Payne a...@twitter.com wrote: We're talking to our operations team about it, who in turn is talking to our hosting provider. It seems that some aggressive IP filtering may have been catching some web-based third-party Twitter applications, as well as data centers used by mobile providers. On Thu, Aug 6, 2009 at 12:52, Jonathantwitcaps.develo...@gmail.com wrote: I would also appreciate an answer to this question. My calls to the Search API are failing because of circular redirection, and curlhttp://twitter.com returns nothing at all from my production server, which seems like a sign that its IP has been blocked. My app works fine from my dev box. -jonathan On Aug 6, 1:35 pm, Dewald Pretorius dpr...@gmail.com wrote: Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Requests from AppEngine still failing.
The situation is getting beyond a Joke now I have paying customer who I am issuing refunds and credit notes to because twollo is unable to access Twitter. Did the denial of service attack come from the app engine or something? Paul 2009/8/7 Rich rhyl...@gmail.com I'm getting occasional bouts of being able to connect. It looks like the server IP has been rate limited quite low (even though it's a whitelisted IP) and even though I'm using the user's own Rate Limit checking. On Aug 7, 11:49 am, Rich rhyl...@gmail.com wrote: Yep, I think I replied to you on Twitter, but yes I've got the same issue. Curl is reporting timeouts but if I switch IPs it's fine. Looks like the w/list IPs have been blocked. I've emailed the api@ email address but who knows! On Aug 7, 11:47 am, David W meepmeepmeepena...@gmail.com wrote: Good morning, Requests from my application running on AppEngine (using the urlfetch API to make requests) are failing 100%. The error looks like a timeout; speaking to a few people on Twitter suggests many previously whitelisted IP addresses were blackholed. Is this a known issue for AppEngine clients? Thanks, David
[twitter-dev] Re: Rate limits: 20k - 150 - known issue
Hi Chad, I think we all appreciate the pressure you are under and the flak that you are taking for events outside your control, and we all wish we could help more. But for an open communications company that is postioning itself as the future platform for messaging - there has been so little communication and feedback to the developers in your community that it is simply shocking. Little things such as statements that we as developers can use to pass to our users with regards to issues currently affecting the service would help immensly. I have spent my Friday night responding to over 150 emails asking why twollo is down - all I can say is I think it is related to current events and Twitter aren't telling us anything. This doesn't inspire confidence in users of my service and of twitters' The situation is reminisent to the oauth situation the other month. Next to no communication at all. We all love your service and want to build on top of it and help it grow and our own services too. From my own, probably selfish point of view the app engine is completly blocked at the moment and as far as I can tell we have no indication if it is up yet - I can't tell correctly as I am in bed writing this. Paul On 7 Aug 2009, at 21:09, Chad Etzel c...@twitter.com wrote: Hello all, We have been flooded with emails asking why whitelisted IPs have been reduced from the 20k rate-limit down to the normal 150 rate-limit. This is a known issue and we are working as hard as we can on resolving it. We thank you for your patience as we are dealing with everything going on with the DDoS. Thanks, -Chad
[twitter-dev] Re: Twitter counts wrong the number of followers
I was actually wondering about raising a feature request to remove all follower and following counts from all twitter pages and the API :) to help prevent spam. Paul 2009/7/29 Vincent Nguyen kureik...@gmail.com Thank for your replies! This is realy an know issues! But why Twitter still don't fix it! 2009/7/29 st...@implu.com st...@implu.com This is more like Issue 547: statuses/friends followers - page bug http://code.google.com/p/twitter-api/issues/detail?id=547q=statuses%2Ffriendscolspec=ID%20Stars%20Type%20Status%20Priority%20Owner%20Summary%20Opened%20Modified%20Component -Steve On Jul 28, 6:53 pm, chinaski007 chinaski...@gmail.com wrote: If I understand your problem correctly, I believe this is already a known issue that Twitter is working on. See here: http://code.google.com/p/twitter-api/issues/detail?id=846colspec=ID%. ..
[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?
On twollo.com I have not seen any issues yet with the changes - no one has ever complained about the Sign in with Twitter option. But I am very glad that Twitter implemented OAuth, I don't have to manage the credentials in the same way - Authenticate using Twitter has been a god send for me, and I am glad I harped on about it for as long as I did, the UX is pretty smooth. From a usage point of view, twollo has about 15000 oauthed users, this is about 30% of the user base. I still provide the option to authenticate using your password (I might remove this soon) - I honestly can't tell why people want to keep giving me their usernames and passwords but they do. If you check http://www.friendboo.com, because I had already implemented Twitter OAuth it was really simple to implement FriendFeeds OAuth - purely because the process is very similar across services - I imagine that this is the case for other services too. I honestly wish Twitter would get out of the oAuth is not meant for production use mindset and really start making people use oAuth. Paul 2009/7/28 chinaski007 chinaski...@gmail.com Let's be honest... The end-result for third-party developers using OAuth appears to be fewer sign-ups, less reliability, more complexity, and potentially less security. Google Optimizer reveals that users are more likely to sign-up for Basic Auth than OAuth. That's just fact. Test it for yourself to confirm. I suppose this is not so weird. Users are accustomed to giving user/ pass information even to foreign apps. It is far more disruptive and invasive for them to go to some bizarre Twitter screen asking them to approve an app. To the average user, what does that mean? (And, heck, it may even require more steps if they have to login again to Twitter.) In terms of reliability, Twitter OAuth was down for days several weeks ago. Tonight yet another unannounced change occurred that broke major code libraries. Meanwhile, Basic Auth has been plugging along just fine and dandy... So what IS the benefit of OAuth? It doesn't benefit developers as you will likely get more sign-ups with Basic Auth and Basic Auth is far, far easier to setup. Sure, OAuth might satisfy some power users hungry for security... But is OAuth even more secure than Basic Auth? Perhaps not. After all, tonight's fix was for an OAuth security flaw known for at least 10+ days (judging by tweets to @twitterapi) that allowed for potential impersonations of credentialed users. On the heels of Twitter's (unofficial) assurance of better communication with developers, this sort of unannounced change is distressing. What's next? (Have Labor Day Weekend plans? You might want to cancel those... just the right time for Twitter to make an unannounced API change!) As for us, we are in the strange position of deprecating OAuth in favor of Basic Auth. Weird, eh?? Okay, we are not totally deprecating OAuth, but we are advising users that Basic Auth is far more robust and reliable. And so our message to new developers: avoid OAuth like the plague. If you must, offer it. But let Basic Auth be your backbone: more reliable, more sign-ups, simpler, and probably just as secure. (Just look at Google Code bug reports about OAuth to get a sense of reliablity.) (Okay, okay, this post was written at 4am after a workday that started at 8am, and after Twitter introduced this new change at 5pm... (hey Twitter, can you introduce major new changes EARLIER in the day so we can react!?!?)... it still doesn't excuse Twitter's continued disregard for the small-to-medium size developer.)
[twitter-dev] Re: How to use Sign-in-with-Twitter in Web App with username and password ?
Hi, The numeric user id is part of the access token (I believe it is the first part), however, on twollo.com I immediately call verify_credentials.json to get the account details of the authenticating user. Paul 2009/7/21 CG learn@gmail.com Hi all, Sorry for a newbie question again but I am a bit confuse with the Sign-in-with-Twitter feature .. I came across some Twitter app , which let user key in their twitter account and password , then authenticate the user via API call . I came across also Sign-in-with-Twitter feature in Twitter developer wiki which redirect user to https://www.twitter.com/oauth/authenticate My question is , how should I code my web app home page ? Can I use the following logic ? When user access the app home page 1. Getting a request token with cusumer key and secret, redirect to https://www.twitter.com/oauth/authenticate with passing in oauth_token . 2. User will be redirected to appropriate page by twitter based on the flow in http://apiwiki.twitter.com/Sign-in-with-Twitter 3. After authenticated, twitter will redirect user to the callback URL. (At this point , how do I get the user id ? call the verify_credential ?) With the above logic, user will be key in username and password at twitter page, what about I would like to user to input username and password at the page that I customize ? Sorry for a long question but I really need some help , any hints is much appreciated .. Rgds, CG
[twitter-dev] Re: API to follow user
Hi, Yes. friendships/createhttp://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships%C2%A0create friendships/destroyhttp://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships%C2%A0destroy friendships/existshttp://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships-exists friendships/showhttp://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships-show I am using these in http://groups.twollo.com/ Paul 2009/7/4 rag twitter rag.twit...@gmail.com Hi, Is there an API to follow/unfollow the user ? Thanks, --rag
[twitter-dev] Re: Mixing basic auth with OAuth
Hi, I was joking about taking their password and getting then logging in to the accounts to auth the oauth tokens. oAuth is designed to stop people like us having and controlling peoples passwords and thus having control of peoples accounts. You can stop taking peoples accounts, use sign in with twitter and for all the existing user who have not done it yet basic auth is still around. Obviously I don't know your application from a technical point of view but it is a change you should make, we should not really be using peoples twitter passwords. Like I said, Twollo has a dual authentication mode promoting oauth over normal password. Paul 2009/6/17 Simon tro...@gmail.com On Jun 16, 2:58 pm, Paul Kinlan paul.kin...@gmail.com wrote: Hi, Since you have all the passwords, could you not just log into the users account and authorise access to your oauth based application? No, it's way too many users. I don't have that time. But see that's exactly my point. I HAVE the password, instead of manually going through the motions (which I can), why can't there be an API method that can do it automatically? Looking at what you have done, other than letting the user tweet what they are listenting too you don't need any authentication, would it not be easier to get the user to follow you, in response you send a DM to them with a url in that contains a unique url in that they can then enter their lastFM username in. Because they are following you, you can still DM the stats that you send. The goal is to automatically tweet what the people are listening to. That method won't work. Hi. I made a mashup in the beginning of the year (before OAuth). You can check it out here:http://www.tweekly.fm. I really want to switch to OAuth (for the sake of security), but Twitter isn't exactly making it easy. I've read through some old threads, but couldn't precisely find what I wanted to say. Sorry, if its been said before. My mashup only requires the user to enter their details once. The only time they enter it again, is to delete it. It's an automation service. It sends data from last.fm to twitter. Switching to OAuth is a nightmare for both me (as a coder) and the user. I can't run both basic auth and OAuth for the same user (its the way my mashup works). So if a user wants to switch to OAuth, they have to delete the old basic auth details. Its unnecessary hurdles. Its been said before. All I want is an API method to use basic auth to get the OAuth access tokens. This way, I can easily write one script, to convert all my users to OAuth. No hassles for me, and no hassles for the users.
[twitter-dev] Re: Mixing basic auth with OAuth
As Abraham said, even though we don't know your code it is simple to maintain both basic auth and oauth at the same time. Twollo's flow is basically: if user.UseOauth: request using oAuth else: request using basic Auth. Obviously at some point path 2 will be redundant, however there has been a very high take up of accounts using oauth. I honestly don't think there is any chance of an API to turn basic auth in to oauth, as it defeats most of the point of oauth (that is empowering the user to control the applications that access their account) Paul 2009/6/17 Abraham Williams 4bra...@gmail.com You have the code already finished for basic auth and maybe for oauth as well. it is pretty much just a simple if statment in your code to choose which one to run. Someone also posted a ruby script that I think screenscraped the oauth authorize page to automate a switch from basic auth to oauth. I don't know what Twitters view is on practice though. Abraham On Wed, Jun 17, 2009 at 14:49, Simon tro...@gmail.com wrote: You can stop taking peoples accounts, use sign in with twitter and for all the existing user who have not done it yet basic auth is still around. I have that basically set up, but the problem is getting the basic auth users switched... I can't run both. The user must either be on one, or the other. So adding OAuth must go hand in hand with deleting basic auth, which is just unnecessary steps for me to code and the user to do. Speaking from an ease of use point of view, I don't WANT to users to return to switch to OAuth. Simple. What will Twitter do when it will supposedly switch off basic auth? What about services like twitpic that still runs on basic auth? The crap thing is, is that a service like twitpic, users DO come back and switching to OAuth will be easier. Mine isn't. Users don't enter their details ever again. I'm sure they'll make it easier to switch to OAuth no doubt. I hope. I'll probably add the OAuth, and then have to direct users who want to switch to OAuth, through the laborious steps. :( Paul 2009/6/17 Simon tro...@gmail.com On Jun 16, 2:58 pm, Paul Kinlan paul.kin...@gmail.com wrote: Hi, Since you have all the passwords, could you not just log into the users account and authorise access to your oauth based application? No, it's way too many users. I don't have that time. But see that's exactly my point. I HAVE the password, instead of manually going through the motions (which I can), why can't there be an API method that can do it automatically? Looking at what you have done, other than letting the user tweet what they are listenting too you don't need any authentication, would it not be easier to get the user to follow you, in response you send a DM to them with a url in that contains a unique url in that they can then enter their lastFM username in. Because they are following you, you can still DM the stats that you send. The goal is to automatically tweet what the people are listening to. That method won't work. Hi. I made a mashup in the beginning of the year (before OAuth). You can check it out here:http://www.tweekly.fm. I really want to switch to OAuth (for the sake of security), but Twitter isn't exactly making it easy. I've read through some old threads, but couldn't precisely find what I wanted to say. Sorry, if its been said before. My mashup only requires the user to enter their details once. The only time they enter it again, is to delete it. It's an automation service. It sends data from last.fm to twitter. Switching to OAuth is a nightmare for both me (as a coder) and the user. I can't run both basic auth and OAuth for the same user (its the way my mashup works). So if a user wants to switch to OAuth, they have to delete the old basic auth details. Its unnecessary hurdles. Its been said before. All I want is an API method to use basic auth to get the OAuth access tokens. This way, I can easily write one script, to convert all my users to OAuth. No hassles for me, and no hassles for the users. -- Abraham Williams | Community | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Mixing basic auth with OAuth
I would have thought the plan is to give everyone enough time to direct their users down the oauth route. I would still expect people to complain when they turn off basic auth in the future. Paul 2009/6/17 Simon tro...@gmail.com True... I think the way I did was kinda stupid (made 2 databases). Going to recode everything in a new way. An easier way. I'm still interested in knowing what measures Twitter will take to switch basic auth users to OAuth... Will all of the users have to switch manually and those that don't will be left with an app that doesn't work? On Jun 17, 10:20 pm, Abraham Williams 4bra...@gmail.com wrote: You have the code already finished for basic auth and maybe for oauth as well. it is pretty much just a simple if statment in your code to choose which one to run. Someone also posted a ruby script that I think screenscraped the oauth authorize page to automate a switch from basic auth to oauth. I don't know what Twitters view is on practice though. Abraham On Wed, Jun 17, 2009 at 14:49, Simon tro...@gmail.com wrote: You can stop taking peoples accounts, use sign in with twitter and for all the existing user who have not done it yet basic auth is still around. I have that basically set up, but the problem is getting the basic auth users switched... I can't run both. The user must either be on one, or the other. So adding OAuth must go hand in hand with deleting basic auth, which is just unnecessary steps for me to code and the user to do. Speaking from an ease of use point of view, I don't WANT to users to return to switch to OAuth. Simple. What will Twitter do when it will supposedly switch off basic auth? What about services like twitpic that still runs on basic auth? The crap thing is, is that a service like twitpic, users DO come back and switching to OAuth will be easier. Mine isn't. Users don't enter their details ever again. I'm sure they'll make it easier to switch to OAuth no doubt. I hope. I'll probably add the OAuth, and then have to direct users who want to switch to OAuth, through the laborious steps. :( Paul 2009/6/17 Simon tro...@gmail.com On Jun 16, 2:58 pm, Paul Kinlan paul.kin...@gmail.com wrote: Hi, Since you have all the passwords, could you not just log into the users account and authorise access to your oauth based application? No, it's way too many users. I don't have that time. But see that's exactly my point. I HAVE the password, instead of manually going through the motions (which I can), why can't there be an API method that can do it automatically? Looking at what you have done, other than letting the user tweet what they are listenting too you don't need any authentication, would it not be easier to get the user to follow you, in response you send a DM to them with a url in that contains a unique url in that they can then enter their lastFM username in. Because they are following you, you can still DM the stats that you send. The goal is to automatically tweet what the people are listening to. That method won't work. Hi. I made a mashup in the beginning of the year (before OAuth). You can check it out here:http://www.tweekly.fm. I really want to switch to OAuth (for the sake of security), but Twitter isn't exactly making it easy. I've read through some old threads, but couldn't precisely find what I wanted to say. Sorry, if its been said before. My mashup only requires the user to enter their details once. The only time they enter it again, is to delete it. It's an automation service. It sends data from last.fm to twitter. Switching to OAuth is a nightmare for both me (as a coder) and the user. I can't run both basic auth and OAuth for the same user (its the way my mashup works). So if a user wants to switch to OAuth, they have to delete the old basic auth details. Its unnecessary hurdles. Its been said before. All I want is an API method to use basic auth to get the OAuth access tokens. This way, I can easily write one script, to convert all my users to OAuth. No hassles for me, and no hassles for the users. -- Abraham Williams | Community |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Twitter Application Usage Guidelines, Please Read
Brant, As the developer of Twollo I take an exception to you saying Twollo is an abusive application and violates the TOS. We are do not exist to abuse the system, the number of user on our system is large and the vast majority of our users are good users who have a genuine interest in finding and following users who share their users. I think I have stated on this list before that I am not putting in features that spammers would normally use to cycle and abuse the system as a whole. I believe we have a good and open relationship with Twitter. I believe we have a good and open relationship with this group. Paul 2009/6/9 Brant btedes...@gmail.com This message will hopefully get back to the people who run Twitter API development and spam prevention. I noticed there are quite a few twitter applications that are developed to abuse the service and violate their TOS. They do not hide what their purpose is, yet these applications remain active. I contacted twitter.com/delbius who heads Twitter Spam prevention and she said that they do revoke API access to abusive applications. But I don't think they are taking an aggressive stance against them. Abusive Applications: http://www.huitter.com/mutuality/ http://www.twollo.com/ The combination of these two applications is for outright abuse of the service. They have been around for several months and are known applications to abuse the service with. To make matters worse, Twitter suspends accounts of the people who use these applications rather than targeting the root of the problem, the applications themselves. (Sound counterproductive? RIAA uses a similar policy by going after end users.) I propose that applications need to be more closely scrutinized and can even be flagged as abusive by users. Instead of creating algorithms that detect abnormal user behavior, why not detect abnormal application behavior. Taking a stronger stance against gray area applications could reduce server load on Twitter (giving real applications faster response time) and reduce manpower to deal with spam prevention. I strongly encourage anyone who develops Twitter applications to send this link around. Thanks for reading, Brant twitter.com/BrantTedeschi
[twitter-dev] Re: Twitter Application Usage Guidelines, Please Read
You could do the Stackoverflow method of quietly silencing/ignoring the users that are spamming/abusing the system which is why I suggested not sending the XYZ is now following you email for people that look like they are abusing the system. Paul. 2009/6/11 Caliban Darklock cdarkl...@gmail.com On Thu, Jun 11, 2009 at 8:57 AM, Dossy Shiobarado...@panoptic.com wrote: Without the potency of enforcement, what's the point? Social enforcement is more potent than legal enforcement. If someone does something you don't like, and you unfollow them, they lose followers. That's what they wanted on Twitter in the first place, right? People following them? David Shapiro freakin' nailed it: Attention is the currency of the future. Followers are, in a very real sense, wealth. Even to the spammer, who doesn't quite value the followers in and of themselves, losing followers costs him money.
[twitter-dev] Re: Follow Limits - a Discussion
Hi, As the developer of Twollo here are my thoughts. *Auto un-follow:* I have not implemented it, I am unlikely too - it has lost me users for not doing it. I developed Twollo to help you find people to follow. I have *a lot* of requests to develop a feature that will auto-un-follow after X days of following a person, this feature is only ever used to cycle Twitter accounts and grow the follower base. I can understand to some extent that the auto-follow process has a false positive rate and that you don't really want to follow them, but that can be solved as a function of my UX. *Auto follow:* I strongly believe that auto follow is a very good feature when used in a responsible way. It can be abused, but there are people that want to engage with their users over and above a tweet. If you are engaging with your users, using a simple search is a good way to talk to people talking about you, but there is a very positive feeling that people get when a company/twitter follows them because it feels like that company is listening to them in an on going basis. It is not the auto-follow which is the bad thing, it is the use of it (I am not trying to use the its not guns that kill people argument) on the back of knowing that there is a good chance of people being nice and following you back and then cycling the accounts of people who don't - it is the unfollow which is the bad part. There will be quite a large back lash from users, if you can only follow 200 people a day (even discounting the argument that reciprocated follows are free). I personally don't think reciprocated follows should be free, every follow should be considered in complete isolation. *Some Thoughts:* The reason why people cycle their accounts followers is to (1) get past the 2000 follow limit and (2) to look like they are authoritative on their subjects, you are more likely to follow someone who has a lot of followers already (3) to have a large audience to push their wares through. Rate limit the un-follow api request, make it a value less than the auto follow limit so if I can auto follow 1000 people per day, I can only un-follow 200, or group 1000 the follow limit and an the unfollow limit together. The first will stop (or at least vastly slow down) people rinsing their accounts because they have to control their growth. I think people need to get rid of the etiquette of reciprocating a follow if you don't really have in interest in people, especially if you reach the point where you. The only time that I can see this being of value is if you are a company engaging with your customer base, but even then there aren't that many companies with such a large base. It is very hard to see the value of following more than say 2000 users without having decent filters in place to target interesting tweets. Twitter could white list accounts to allow them to follow more people than the current limit, you wonder if it could even be charged for. I would also like to see Twitter pushing the last tweet and profile text out in the emails that people get when someone follows you. I do have a question: Where do people think the majority of reciprocated follows come from? I personally think that it is from the emails Twitter send out. If you think about it, from a marketers point of view, they are using Twitter as a trusted source to deliver their message directly in users inbox. I wonder if there is a case for not sending the email from users who have followed/auto followed a lot of people in a day, or stopping that functionality altogether for that user. If you think about it the user who is doing the following is unlikely to know the message has not been delivered, they follow a lot of people, it will appear on their stats, they can unfollow as many people as they want it won't help them build their network; Paul. 2009/6/10 Jesse Stay jesses...@gmail.com The summary is I propose that the follow limits be dependent on whether a user is following an individual or not. It should only count against me if the user is not following me already and I try to follow them. :-) Jesse On Tue, Jun 9, 2009 at 11:35 PM, Abraham Williams 4bra...@gmail.comwrote: Can someone tweet a summery to @abraham? :-P Thanks, Abraham On Wed, Jun 10, 2009 at 00:28, Jesse Stay jesses...@gmail.com wrote: Let's discuss the follow limits. I feel, as developer of a tool that allows people to auto-follow, I have a bit of insight into this. While there are many, many legitimate users that auto-follow others, and have good reason to do so, some are using it as a way to game the system, build followers quickly, break the Twitter TOS, and reduce the meaning of follower numbers for many other users just using the service legitimately. I see this daily, amongst a few of my own users, and while, due to our privacy policy I can't share who they are, I do have some suggestions that would make the API follow limits make a little more sense. Maybe
[twitter-dev] Re: Follow Limits - a Discussion
Its an interesting topic. I wouldn't say the 2000 limit would make auto unfollow necessary - you have to remember the people using auto-unfollow are mostly doing it to cycle their accounts get as many followers and not to have a massive skew on their follower/following ratio to make them appear to be spammers etc the current limits imposed are a just a temporary barrier. Your right, none of us are Twitter and I don't think we have any or much direction in the policy, but I know a lot of people are using auto follow for a variety of none spam reasons. - Clone accounts quickly, - Follow everyone who follows me but I don't follow - Follow everyone someone else is following - so you can see what they see - Follow all the followers of another twitterer - brand building normally - Follow everyone talking about your company, band, group, meeting to engage with them. - Build Groups I am personally not arguing for an increase in the limits although I would argue against a decrease in the number of people you can follow in a day. When building twollo I never thought about it but there are groups of people on twitter using twollo to follow a common hashtag and autofollow so that they can share and dynamically build a group - kind of like sharing a contact list, but automatically. For example they might make a hashtag called #kittenknitting or something random, everyone will register with twollo then tweet with #kittenknitting and twollo will then build follow and build their network for them, some of these groups are large and they want to ensure they follow everyone in that group. Paul 2009/6/10 Jesse Stay jesses...@gmail.com The problem right now with an unfollow limit is that if they do choose to reciprocate following (which is a practice I personally like to do myself for the reasons stated - it's more than just etiquette. I do it because it builds community and encourages conversation.), eventually some users will unfollow them after the follow, and their ratio gets out of whack. After so many users stop following them, with no following action on their own they can no longer reciprocate follow anyone else. Therefore an auto-unfollow is necessary just to allow you to continue the auto-follow process. If the ratio and 2,000 follower limit were removed auto-unfollow would no longer be necessary, regardless of whether the user is legitimate or not. I don't see a problem with a limit but I don't think anyone would notice the limit unless they were trying to remove all the people they had previously followed to start over. In that case you would see complaints for such a limit. Honestly, I can't see any legitimate reason for doing a search for people to follow and following more than 200 of those people in a day, other than collecting spam lists or trying to build up following numbers, reducing the value of those numbers. How do you see people using this in a way that is not what I stated? I think 200 ought to be sufficient for legitimate purposes, but I'm not Twitter. Regardless, I see no reason to limit people from following those that are already following them back beforehand - is there anyway you can think of that removing such a limit would cause improper use of the system? Jesse On Wed, Jun 10, 2009 at 1:39 AM, Paul Kinlan paul.kin...@gmail.comwrote: Hi, As the developer of Twollo here are my thoughts. *Auto un-follow:* I have not implemented it, I am unlikely too - it has lost me users for not doing it. I developed Twollo to help you find people to follow. I have *a lot* of requests to develop a feature that will auto-un-follow after X days of following a person, this feature is only ever used to cycle Twitter accounts and grow the follower base. I can understand to some extent that the auto-follow process has a false positive rate and that you don't really want to follow them, but that can be solved as a function of my UX. *Auto follow:* I strongly believe that auto follow is a very good feature when used in a responsible way. It can be abused, but there are people that want to engage with their users over and above a tweet. If you are engaging with your users, using a simple search is a good way to talk to people talking about you, but there is a very positive feeling that people get when a company/twitter follows them because it feels like that company is listening to them in an on going basis. It is not the auto-follow which is the bad thing, it is the use of it (I am not trying to use the its not guns that kill people argument) on the back of knowing that there is a good chance of people being nice and following you back and then cycling the accounts of people who don't - it is the unfollow which is the bad part. There will be quite a large back lash from users, if you can only follow 200 people a day (even discounting the argument that reciprocated follows are free). I personally don't think
[twitter-dev] Re: OAuth Desktop Application Changes - Incompatibility Alert
Hi Wallace, http://www.Twollo.com does something similar to what you are describing (it hosted on the Google App Engine). You can store the users oAuth token secret, access token (and request token if you don't have the access token) and then use these at a later date to send authenticated requests to Twitter. The good thing is that once you have the access token it is unlikely to expire (unlike a users password) unless the user revokes access to your application. Admittedly there is some user interaction, but it is only at the start of the process, much like the current process of asking for a users username and password. Once it is all done it is easy to make authenticated requests to Twitter without any user intervention. This thread is mainly about the changes that were made to support desktop applications, but again, once the access token has been received the same applies as mentioned earlier. Paul 2009/6/6 Wallace wallace.b.mccl...@gmail.com I wanted to follow up on this. Admittedly, I'm a newb with oauth. I'm currently working on an application that uses MS's cloud computing environment Azure. I'm using this to schedule tweets in the future. Azure has a worker role which is an application that a web user never directly works against. The worker role is being used to post updates to a user's stream. Right now, I am using basic auth, but I would like to move to oauth. My current design has the user storing twitterids and passwords in a table. The user interacts over the web with the webrole and then the worker role handles the posting. It looks to me, given a VERY limited knowledge of oauth, that its designed with user interaction in mind. Does that sound correct? Wally
[twitter-dev] Re: oAuth in the cloud
Hi, I believe the access_token last indefinitely (or at least a very very long time). The request token is very short lived though. Paul 2009/6/6 Wallace wallace.b.mccl...@gmail.com Paul, Ah, so you are saying that a token never expires? I did not realize that. I had assumed that the token was specific to a given session or timeframe. I'm going to experiment with this and get back on this. Wally Paul posted in response to me Hi Wallace, http://www.Twollo.com does something similar to what you are describing (it hosted on the Google App Engine). You can store the users oAuth token secret, access token (and request token if you don't have the access token) and then use these at a later date to send authenticated requests to Twitter. The good thing is that once you have the access token it is unlikely to expire (unlike a users password) unless the user revokes access to your application. Admittedly there is some user interaction, but it is only at the start of the process, much like the current process of asking for a users username and password. Once it is all done it is easy to make authenticated requests to Twitter without any user intervention. This thread is mainly about the changes that were made to support desktop applications, but again, once the access token has been received the same applies as mentioned earlier. Paul
[twitter-dev] Re: Oauth and Twitter for login.
Hi, I have been using it on http://www.twollo.com for a while now. It works really well. Paul On 3 Jun 2009, at 17:34, James Kennedy jamesindub...@gmail.com wrote: Hi there, Has there been any update on using twitter for authentication. I seem to remmeber seeing this in the wild but would like to add it to my app. cheers James On Apr 13, 4:54 pm, Paul Kinlan paul.kin...@gmail.com wrote: Hi Matt, Yeah I saw the change log, but thought that the presence in the UI was the other half of the deployment. Sorry about that, I am pretty eager :) Ah well, I look forward to seeing the solution so I can put it into both twollo and twe2 :) Cheers, Paul 2009/4/13 Matt Sanford m...@twitter.com Hi Paul, This was mentioned in one of the change log notices last week. Well, I mentioned that we're half-deployed. I'm awaiting a few more pieces before there is an official announcement. Stay Tuned; — Matt Sanford On Apr 13, 2009, at 08:40 AM, Paul Kinlan wrote: Hi, I have just started to implement oAuth forhttp://www.twollo.com, and when registering my app for oAuth I noticed: Use Twitter for login: Yes, use Twitter for login Does your application intend to use Twitter for authentication? This is excellent news, for reasons I have mentioned in previous emails, however, unless I have missed something, is there anything I need to do to use this functionality? Or is it just the normal oAuth workflow - I am hoping that it is similar to the way I implement oauth support on http://oauth.twe2.com/ Paul.
[twitter-dev] Re: Python 3 Basic Authentication
I know it is not exactly the same service, but when I authenticate against the Twitter Stream API using basic auth and python I set the Realm = None when I call add_password on the basic auth handler. Paul 2009/5/31 Jason Emerick jemer...@gmail.com I would recommend just added the authorization header directly to the request versus using the basic auth handler. I have included some sample code below of how I have been doing it. username = 'twitter' password = 'twitter' basic = base64.encodestring('%s:%s' % (username, password))[:-1] request = urllib2.Request('http://stream.twitter.com/spritzer.json') request.add_header('Authorization', 'Basic %s' % basic) spritzer = urllib2.urlopen(request) Jason Emerick The information transmitted (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is intended only for the person(s) or entity/entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender and delete the material from any computer. On Sun, May 31, 2009 at 11:11 AM, Gerald Bäck g.ba...@webwatch.at wrote: Hi, I try to do my first steps with the Twitter API, but I always get a 401 with this python 3 code. I douplechecked the credentials twice, they are surely correct. What am I doing wrong. Thankks in advance, Gerald auth_handler = urllib.request.HTTPBasicAuthHandler() auth_handler.add_password(realm=Twitter API, uri=http://example.com;, user=123, passwd=123) opener = urllib.request.build_opener(auth_handler) urllib.request.install_opener(opener) f = urllib.request.urlopen(' http://twitter.com/friendships/destroy/scoop_at.json') print(f.read())
[twitter-dev] Re: Poll: Demographics of Twitter Dev--please answer a few questions
2009/5/22 Neicole neic...@trustneicole.com I'm interested in the demographics of Twitter Developers. I'd appreciate it if you'd answer a few questions. Just respond to this post with your answers: 1. Are you male or female? Male 2. Are you married or single? Erm, Living with girlfriend 3. Do you have children? 1 4. What age range are you? 25-29 under 18 18-24 25-29 30-34 35-39 40-44 45-50 over 50 I'll summarize and post the results. Thanks!
[twitter-dev] Re: Anti Spam
Hi Guys, I developed http://www.itsabot.com, which was designed to detect twitter bots. I am happy to open this up as a larger project if people want - and move it into an open source project with spam accounts, not just bots. Paul 2009/5/19 sillyt...@googlemail.com sillyt...@googlemail.com We had a chat about Twitter spam yesterday and would like a points based approach to user ranking or spam rating. For those of us working on 3rd party applications, having a spam score to be able to make quick decisions on with regard to searches would be very useful. For example, a new user would have a higher 'spam-rating' than a long time user. Someone with a huge follow:follower ratio similarly. Given how spam is used on Twitter, there are several categories which could be dealt with at run-time on a server but less easily on a live application. BTW I worry that to join the abuse team one has to have what it takes. Does that mean they hand out large amounts of abuse ?-) On May 18, 7:12 pm, Doug Williams d...@twitter.com wrote: We have a team dedicated to controlling the number of spam messages and accounts in the system. The number of accounts, sophistication, and techniques are constantly growing. The team is doing a great job of isolating known attack vectors. Obviously there is still work to be done. The abuse team is hiring. If you think you have what it takes, please apply:http://twitter.com/jobs Thanks, Doug -- Doug Williams Twitter Platform Supporthttp://twitter.com/dougw On Sat, May 16, 2009 at 8:14 PM, sillyt...@googlemail.com sillyt...@googlemail.com wrote: I'm working as part of the #twumpet team and as part of our project we're developing an application as well as running some Twitter events - the first having been Eurovision earlier today. As we hit the top trend, #twumpet got - and is still getting - enormous amounts of spam. Spammers are signing up, blitzing messages through one immediately after another, and then moving on to the next account. Does anyone know if Twitter are going to stop users firing tweets off one after another so blatently like this? I just checked on a couple of top trends and all I can see is spammers tonight. Also, as a developer working on a project which will be dealing with trending topics and popular searches, I need a quick way to throw out spam messages. I have a couple of ideas for strategies but would be interested in discussing them, and perhaps a group effort which used Twitter itself for rapid short term spam classification reporting [through Twitter search or a further API]. The one thing about spammers is they appear and disappear extremely quickly so any lists would be very short and 'live', at least for now... @newretro
[twitter-dev] Re: Send @replies/mentions via SMS?
Hi, Just to let you know, I developed www.twe2.com exactly for this purpose. However, we have just been blocked by our SMS provider. It is a shame really because we sent 2 million SMS's to the Twitter community, Paul 2009/5/11 Arik Fraimovich arik...@gmail.com Someone already developed an application that forwards mentions to DM (see here: http://apiwiki.twitter.com/Application-Ideas). When I tried it, it didn't work that good, but I think he did some changes since then. On May 11, 8:15 am, TjL luo...@gmail.com wrote: I've been banging my head against this for several days (when I've had free time) and wonder if maybe someone has already invented this wheel. I'm looking for a way to get @replies (sorry, I mean mentions) via SMS. *ahem* Ideally this would be an officially supported option listed inhttp://twitter.com/devices:-) *ahem* But, since it isn't :-) My idea has been to fetch thehttp:// twitter.com/statuses/mentions.formatevery minute or so, check against a cache of previously sent mentions and send the new ones (as DMs to myself, since I have DMs forwarded to my cell via SMS already). This seems HUGELY inefficient (i.e. there will be a LOT of minutes throughout the day which return no new mentions) but I can't think of a more efficient way of getting them in a fairly timely manner. Thanks for any pointers. TjL
[twitter-dev] Re: Send @replies/mentions via SMS?
Hi, We don't know why we were blocked, we had a commercial contract in place - but the provider aren't very forthcomming. The model that was used was an Adsense for mobiles, which meant that we were supposed to be paid for every message we processed, however the network never attached any adverts other than their own so we never got paid (but that has been the status quo for the last month). We were in talks with another company to buy our service from us and still use Wadja - we enquired to with Wadja to see if our contract was transferable; they cut us off. Finding another SMS gateway that will send messages worldwide for free is going to be hard - there is a reason why twitter pulled out of many markets (until they negotiated better deals - Vodafone etc). So if any twitters out there want to talk or know any one who can help we are all ears. To answer another question: not many phone networks provide Email to SMS - after all there is lots of money to be had for sending SMS's, even a 1pence/cent per SMS. But if you do have a provider that can accept emails then the whole process if very easy to replicate. Paul. 2009/5/11 Patrick Burrows pburr...@categorical.ly Why were you blocked? And there seems to be a lot of competition in this space (SMS Gateway providers) can’t you just go to someone else? -- Patrick Burrows http://Categorical.ly (the Best Twitter Client Possible) @Categorically *From:* twitter-development-talk@googlegroups.com [mailto: twitter-development-t...@googlegroups.com] *On Behalf Of *Paul Kinlan *Sent:* Monday, May 11, 2009 9:44 AM *To:* twitter-development-talk@googlegroups.com *Subject:* [twitter-dev] Re: Send @replies/mentions via SMS? Hi, Just to let you know, I developed www.twe2.com exactly for this purpose. However, we have just been blocked by our SMS provider. It is a shame really because we sent 2 million SMS's to the Twitter community, Paul 2009/5/11 Arik Fraimovich arik...@gmail.com Someone already developed an application that forwards mentions to DM (see here: http://apiwiki.twitter.com/Application-Ideas). When I tried it, it didn't work that good, but I think he did some changes since then. On May 11, 8:15 am, TjL luo...@gmail.com wrote: I've been banging my head against this for several days (when I've had free time) and wonder if maybe someone has already invented this wheel. I'm looking for a way to get @replies (sorry, I mean mentions) via SMS. *ahem* Ideally this would be an officially supported option listed inhttp://twitter.com/devices:-) *ahem* But, since it isn't :-) My idea has been to fetch thehttp:// twitter.com/statuses/mentions.formatevery minute or so, check against a cache of previously sent mentions and send the new ones (as DMs to myself, since I have DMs forwarded to my cell via SMS already). This seems HUGELY inefficient (i.e. there will be a LOT of minutes throughout the day which return no new mentions) but I can't think of a more efficient way of getting them in a fairly timely manner. Thanks for any pointers. TjL
[twitter-dev] Authenticate, OAuth and Force_login
Hi Guys, I am having a couple of issues with using Authenticate using OAuth and force_login = true parameter. Can someone confirm that I am being an idiot? :) If I am currently logged in to twitter all my requests are authenticated against that user regardless of the username password combination that I present to the twitter authentication page. For example, I am logged into twitter as my PaulKinlan user. I need to log in to my application as Twollo, so I go through the normal oauth process, enter Twollo as the username and the correct password and click Sign in. My service recieves the callback and then calls verify_credentials.json, however even though I know the process I use is correct, the verify credentials returns the details for PaulKinlan and not Twollo as expected. It appears to me that the request tokens, access tokens and token secrets are being created against the logged in user and not the authenticating user. If I completly log out of Twitter I can access all the accounts as I would expect. Is anyone else seeing this, or is it me? I could have sworn it was working ok the other day? Is the expected behaviour. Paul
[twitter-dev] Re: OAuth URL to Sign User Out
I have just set up force_login=true on twollo and it work very well for multiple accounts. Definatly no need to log users out for me once I got that working :) Paul. 2009/5/4 Abraham Williams 4bra...@gmail.com Yes you could. I personally am against logging users out of sites that you don't control. FBConnect for example I don't like because I log out of some random other site and *bam* I'm logged out of Facebook. WTF. force_login=true seems the best of both worlds. The user gets prompted to log into a different account and they don't get logged out of twitter.comwithout notice. On Sat, May 2, 2009 at 01:20, Paul Kinlan paul.kin...@gmail.com wrote: Hi Abraham, That is pretty handy to know, does account/end_session not do a similar thing? It would be good to know if so because I authenticate using oauth on twollo and people do have multiple accounts and end_session is something I was going to use on logout of twollo. Paul 2009/5/2 Abraham Williams 4bra...@gmail.com This should work: http://code.google.com/p/twitter-api/issues/detail?id=469 On Sat, May 2, 2009 at 01:07, Jesse Stay jesses...@gmail.com wrote: Is there a URL to send a user to to sign them out of Twitter and prompt for a new username? I want to be able to, if the user is logged into the wrong Twitter account, with one click on my site, log them out of Twitter and prompt them to re-auth (using OAuth) with a new Twitter username. Is this possible? @Jesse -- Abraham Williams | http://the.hackerconundrum.com Hacker | http://abrah.am | http://twitter.com/abraham Web608 | Community Evangelist | http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | http://the.hackerconundrum.com Hacker | http://abrah.am | http://twitter.com/abraham Web608 | Community Evangelist | http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: OAuth URL to Sign User Out
Hi Abraham, That is pretty handy to know, does account/end_session not do a similar thing? It would be good to know if so because I authenticate using oauth on twollo and people do have multiple accounts and end_session is something I was going to use on logout of twollo. Paul 2009/5/2 Abraham Williams 4bra...@gmail.com This should work: http://code.google.com/p/twitter-api/issues/detail?id=469 On Sat, May 2, 2009 at 01:07, Jesse Stay jesses...@gmail.com wrote: Is there a URL to send a user to to sign them out of Twitter and prompt for a new username? I want to be able to, if the user is logged into the wrong Twitter account, with one click on my site, log them out of Twitter and prompt them to re-auth (using OAuth) with a new Twitter username. Is this possible? @Jesse -- Abraham Williams | http://the.hackerconundrum.com Hacker | http://abrah.am | http://twitter.com/abraham Web608 | Community Evangelist | http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: Callback url during development
I managed to set a port on the page when I was doing some google app engine stuff. But saying that my dev server now runs on port 80 on my machine so it isn't a problem much. Paul On 27 Apr 2009, at 06:58, Dimebrain daniel.cre...@gmail.com wrote: How are you able to set this up for a non-standard port? HOSTS file is just for the domain/authority, and you can't specify a port in the callback URL on the settings page? On Apr 23, 7:31 pm, Jochen Kaechelin giss...@gissmog.de wrote: Am 24.04.2009 um 00:29 schrieb Paul Kinlan: Hi, During development I tend to modify my hosts file to point the callback URL domain to my box for instance. This is quite good because all it affects is my box. I just had the same idea ... ;-) Works as expected now!!! Thanx Paul On 23 Apr 2009, at 23:16, Abraham Williams 4bra...@gmail.com wrote: The oauth_callback parameter was just disabled do to security issues. Currently only the registered callback works. If you need a different callback location for development set up a second application. On Thu, Apr 23, 2009 at 17:12, Jochen Kaechelin giss...@gissmog.de wrote: Am 22.04.2009 um 15:37 schrieb Abraham Williams: Also when you are building the authorize url to send users to twitter.com you can add oauth_callback=http://localhost/ callback and that will override your applications registered callback. OAuth::Consumer.new(xx, xx, { :site=http://twitter.com/oauth/authorize?oauth_callback=http://localhost:30 ... }) I can see the site where I have to Deny or Allow access. When I click Allow I will be redirected to the Domain which I entered in the OAUTHClients Registration Form (http://www.twitter.com/ oauth_cleints) Seems that the oauth_callback parameter does not work! Is it in the wrong place? Any hints!? Thanx -- Abraham Williams |http://the.hackerconundrum.com Hacker |http://abrah.am|http://twitter.com/abraham Web608 | Community Evangelist |http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
[twitter-dev] Re: Callback url during development
This is going to sound silly, but I had it with a port on the settings page I added http://www.twedaq.com:8080/oauth in to the oauth conf page, and then changed my host file and all worked really well. Paul 2009/4/27 Benjamin Cox b...@insourcery.com Unfortunately, I'm working on a dev machine that's doubling as a web server for another small project. I simply cannot run on port 80 in development. Does that mean there is no way I can test oauth integration with Twitter? Would you consider adding the ability to put a port number in the callback URL on the settings page? Please? Cheers, Ben On Apr 26, 11:41 pm, Paul Kinlan paul.kin...@gmail.com wrote: I managed to set a port on the page when I was doing some google app engine stuff. But saying that my dev server now runs on port 80 on my machine so it isn't a problem much. Paul On 27 Apr 2009, at 06:58, Dimebrain daniel.cre...@gmail.com wrote: How are you able to set this up for a non-standard port? HOSTS file is just for the domain/authority, and you can't specify a port in the callbackURL on the settings page? On Apr 23, 7:31 pm, Jochen Kaechelin giss...@gissmog.de wrote: Am 24.04.2009 um 00:29 schrieb Paul Kinlan: Hi, During development I tend to modify my hosts file to point the callbackURL domain to my box for instance. This is quite good because all it affects is my box. I just had the same idea ... ;-) Works as expected now!!! Thanx Paul On 23 Apr 2009, at 23:16, Abraham Williams 4bra...@gmail.com wrote: The oauth_callback parameter was just disabled do to security issues. Currently only the registeredcallbackworks. If you need a differentcallbacklocation for development set up a second application. On Thu, Apr 23, 2009 at 17:12, Jochen Kaechelin giss...@gissmog.de wrote: Am 22.04.2009 um 15:37 schrieb Abraham Williams: Also when you are building the authorize url to send users to twitter.com you can add oauth_callback=http://localhost/ callback and that will override your applications registeredcallback. OAuth::Consumer.new(xx, xx, { :site= http://twitter.com/oauth/authorize?oauth_callback=http://localhost:30 ... }) I can see the site where I have to Deny or Allow access. When I click Allow I will be redirected to the Domain which I entered in the OAUTHClients Registration Form (http://www.twitter.com/ oauth_cleints) Seems that the oauth_callback parameter does not work! Is it in the wrong place? Any hints!? Thanx -- Abraham Williams |http://the.hackerconundrum.com Hacker |http://abrah.am|http://twitter.com/abraham Web608 | Community Evangelist |http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
[twitter-dev] Friendship Create
Hi Guys, I am developing some oauth support for http://www.twollo.com and I am having some trouble with friendships/create I keep getting 500 errors from twitter, I am pretty sure that I have got the oAuth sorted ok, I am doing a POST to the service, my app is allowed to write to a profile. Bellow is an example query. http://twitter.com/friendships/create.xml?screen_name=twollooauth_nonce=71594710oauth_timestamp=1240867081oauth_consumer_key=oauth_signature_method=HMAC-SHA1oauth_version=1.0oauth_token=xoauth_signature= Anyone else seeing problems on friendships/create and oAuth? I also tried (with the same result) http://twitter.com/friendships/create/twollo.xml?oauth_nonce=71594710oauth_timestamp=1240867081oauth_consumer_key=oauth_signature_method=HMAC-SHA1oauth_version=1.0oauth_token=xoauth_signature= As always, I am completly open to me causing the problem :) I am using TwitterOAuthClient (python) for my oauthy goodness. Kind Regards, Paul Kinlan
[twitter-dev] Re: Friendship Create
I have just checked the library and whilst it sorts the keys, I don't think it sorts the library sorts actual query string when it makes the request. I will have to check that bit out. Paul. 2009/4/27 Dossy Shiobara do...@panoptic.com On 4/27/09 5:29 PM, Paul Kinlan wrote: Bellow is an example query. http://twitter.com/friendships/create.xml?screen_name=twollooauth_nonce=71594710oauth_timestamp=1240867081oauth_consumer_key=oauth_signature_method=HMAC-SHA1oauth_version=1.0oauth_token=xoauth_signature= s comes after o. OAuth 1.0 specification mandates the parameters be sorted when the signature is computed. Are you doing this? Also, getting HTTP 500 Server Error ... I ran into that when I was using HTTP Authorize header authentication and didn't Parameter Encode the signature. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
[twitter-dev] Re: Now that oAuth tokens expire, how can I do stuff for the user when they're away?
I belive the request tokens are expired quickly and not the access tokens. Paul. 2009/4/24 @pud pkap...@gmail.com Hi, I realize a precaution taken during the recent oAuth scare was to expire access tokens relatively quickly. Let's say I have a service that automatically sends tweets for a user on a scheduled basis (like when they update their blog). The last token I have is 48-hours old, and is expired. How can I send this tweet? Is there any way for me to get a new access token when the user is not around? Help. Thanks, @pud
[twitter-dev] Re: Callback url during development
Hi, During development I tend to modify my hosts file to point the callback URL domain to my box for instance. This is quite good because all it affects is my box. Paul On 23 Apr 2009, at 23:16, Abraham Williams 4bra...@gmail.com wrote: The oauth_callback parameter was just disabled do to security issues. Currently only the registered callback works. If you need a different callback location for development set up a second application. On Thu, Apr 23, 2009 at 17:12, Jochen Kaechelin giss...@gissmog.de wrote: Am 22.04.2009 um 15:37 schrieb Abraham Williams: Also when you are building the authorize url to send users to twitter.com you can add oauth_callback=http://localhost/callback; and that will override your applications registered callback. OAuth::Consumer.new(xx, xx, { :site=http://twitter.com/oauth/authorize?oauth_callback=http://localhost:3000/callback }) I can see the site where I have to Deny or Allow access. When I click Allow I will be redirected to the Domain which I entered in the OAUTH Clients Registration Form (http://www.twitter.com/oauth_cleints) Seems that the oauth_callback parameter does not work! Is it in the wrong place? Any hints!? Thanx -- Abraham Williams | http://the.hackerconundrum.com Hacker | http://abrah.am | http://twitter.com/abraham Web608 | Community Evangelist | http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
[twitter-dev] Re: Inconsistent results from /statuses/friends.json
Hi, I have just noticed this too as it has affected twollo.com, I swear it used to be true/false. I am wondering if it is now an enumeration, following, not following, blocked or something. Paul. 2009/4/21 askp a...@askpedia.com I'm getting inconsistent values in the following field of the result from /statuses/friends.json. This used to work but it started to break down a few days ago. Here's a sample output for an authenticated call for the user navgle [0] = Array ( [notifications] = [description] = [utc_offset] = 32400 [favourites_count] = 1 [profile_sidebar_fill_color] = e0ff92 [profile_image_url] = http://s3.amazonaws.com/twitter_production/profile_images/118094065/70_normal.jpg [following] = 2 [statuses_count] = 6 [profile_sidebar_border_color] = 87bc44 [followers_count] = 11 [profile_background_tile] = [url] = http://ymha.wordpress.com [screen_name] = ymha [name] = Young Mok Ha [friends_count] = 37 [protected] = [status] = Array ( [in_reply_to_user_id] = [text] = 어제는 회사에서 워크샵을 다녀왔습니다 [favorited] = [in_reply_to_screen_name] = [created_at] = Sat Apr 11 01:13:48 + 2009 [truncated] = [id] = 1494364130 [in_reply_to_status_id] = [source] = web ) [profile_background_color] = 9ae4e8 [profile_background_image_url] = http://static.twitter.com/images/themes/theme1/bg.gif [created_at] = Wed Apr 01 07:35:13 + 2009 [profile_text_color] = 00 [location] = seoul [id] = 28068985 [time_zone] = Seoul [profile_link_color] = ff ) [1] = Array ( [profile_background_image_url] = http://static.twitter.com/images/themes/theme1/bg.gif [profile_sidebar_fill_color] = e0ff92 [screen_name] = onlinsystem__ [statuses_count] = 0 [profile_sidebar_border_color] = 87bc44 [location] = [profile_background_tile] = [utc_offset] = [created_at] = Mon Apr 20 00:27:00 + 2009 [name] = intmktr [profile_background_color] = 9ae4e8 [followers_count] = 8 [protected] = [description] = [following] = 0 [friends_count] = 961 [profile_text_color] = 00 [notifications] = [favourites_count] = 0 [profile_link_color] = ff [profile_image_url] = http://s3.amazonaws.com/twitter_production/profile_images/147264030/675753_normal.jpg [id] = 33353324 [time_zone] = [url] = http://dgfshfsjsj ) [2] = Array ( [statuses_count] = 3606 [description] = Father of 3 * Interested In * Health * Fitness * Outdoors * Social Media * Books * Blogging * Enjoying the spring weather [profile_background_tile] = [utc_offset] = -21600 [profile_text_color] = 00 [following] = 0 [profile_link_color] = ff [profile_image_url] = http://s3.amazonaws.com/twitter_production/profile_images/59173692/WILSON_062_normal.jpg [profile_background_image_url] = http://s3.amazonaws.com/twitter_production/profile_background_images/4061967/Ronnie_Wilson.jpg [url] = [name] = Ronnie [profile_sidebar_fill_color] = 6E93CA [protected] = [screen_name] = ronniewilson [status] = Array ( [in_reply_to_status_id] = [in_reply_to_user_id] = [text] = Thanks to all who are wishing me a Happy Sunday, I'm sure to make the best of it, Don't forget to share a smile with someone today :) [favorited] = [in_reply_to_screen_name] = [truncated] = [id] = 1558769587 [source] = web [created_at] = Sun Apr 19 16:21:05 + 2009 ) [time_zone] = Central Time (US Canada) [profile_sidebar_border_color] = C9D2BD [followers_count] = 64755 [notifications] = [favourites_count] = 50 [friends_count] = 68179 [location] = Kentucky [id] = 16061242 [created_at] = Sun Aug 31 02:21:11 + 2008 [profile_background_color] = BDEDFF ) [3] = Array ( [description] = Manufacturing/ Product Development/ Quality Systems/
[twitter-dev] Oauth and Twitter for login.
Hi, I have just started to implement oAuth for http://www.twollo.com, and when registering my app for oAuth I noticed: Use Twitter for login: Yes, use Twitter for login Does your application intend to use Twitter for authentication? This is excellent news, for reasons I have mentioned in previous emails, however, unless I have missed something, is there anything I need to do to use this functionality? Or is it just the normal oAuth workflow - I am hoping that it is similar to the way I implement oauth support on http://oauth.twe2.com/ Paul.
[twitter-dev] Re: Oauth and Twitter for login.
Hi Matt, Yeah I saw the change log, but thought that the presence in the UI was the other half of the deployment. Sorry about that, I am pretty eager :) Ah well, I look forward to seeing the solution so I can put it into both twollo and twe2 :) Cheers, Paul 2009/4/13 Matt Sanford m...@twitter.com Hi Paul, This was mentioned in one of the change log notices last week. Well, I mentioned that we're half-deployed. I'm awaiting a few more pieces before there is an official announcement. Stay Tuned; — Matt Sanford On Apr 13, 2009, at 08:40 AM, Paul Kinlan wrote: Hi, I have just started to implement oAuth for http://www.twollo.com, and when registering my app for oAuth I noticed: Use Twitter for login: Yes, use Twitter for login Does your application intend to use Twitter for authentication? This is excellent news, for reasons I have mentioned in previous emails, however, unless I have missed something, is there anything I need to do to use this functionality? Or is it just the normal oAuth workflow - I am hoping that it is similar to the way I implement oauth support on http://oauth.twe2.com/ Paul.
[twitter-dev] Twe2
Hi, www.Twe2.com was blocked from accessing the twitter site last Thursday. I have been told that the block was accidental and that full access should be restored. To me, it is apparent that we have not been restored to the previous levels; I belive this to be the case for the following reasons: - Requests (even from a web browser) regularly take 30+ seconds to complete. - about 1 in 1000 requests returns a response. - Requests from an adjancent IP address, and other subnetworks of our hosting provider from the same provide complete nearly instantaneously. What I am asking from the groups is that although I am very confident that it is not our side that is causing the issue, how can doublly double check that it is not us causing the problem. Are rough architecture is a Windows 2003 machine, and .Net services. Pings to twitter work fine, we aren't accessing the service through a proxy. Any suggestions for sorting this our would be greatly appreciated. Thanks and Kind Regards, Paul Kinlan Twe2 Ltd. http://blog.twe2.com
[twitter-dev] Re: OT - where's the proper place to talk about search.twitter.com?
On the topic of bots, http://www.itsabot.com works pretty well most of the time. Paul 2009/3/9 TjL luo...@gmail.com On Sun, Mar 8, 2009 at 11:20 PM, Chad Etzel jazzyc...@gmail.com wrote: On Sun, Mar 8, 2009 at 9:04 PM, TjL luo...@gmail.com wrote: On Sun, Mar 8, 2009 at 7:37 PM, Cameron Kaiser spec...@floodgap.com wrote: IMO, trend bots should have to be registered with Twitter (they say what they are going to use their API access for, right?) and should excluded from Twitter search. How do you enforce bots registering as bots, however? Well, revoking API whitelisting for any that don't register properly would be a good first step. Huh? Bots don't need any sort of whitelisting to exist or function. It's trivial to create and run one. It won't be so trivial once OAuth hits, but I'm sure it won't be much of a barrier. Ah. Well. My mistake. Thanks TjL
[twitter-dev] Re: Twitter Search issue
Hi Matt, I was typing the search term through IE (to test it after reports that enclosed searches aren't working) as http://search.twitter.com/search.json?q=exeter city which it then converts to http://search.twitter.com/search.json?q=exeter%20city; but the result came back as %22exeter*%2520*city%22 (see json object below) in the search API json object. It works in firefox so I am presuming firefox is correctly encoding the url. {results:[],since_id:0,max_id:1273765306,refresh_url:?since_id=1273765306q=%22exeter%2520city%22,results_per_page:15,completed_in:1.313905,page:1,query:%22exeter%2520city%22} it is highly likely that if IE is having the issue, the client API would probably have it, however the query that is going out over the wire (I checked with fiddler as exeter%20city and the result comes back as above, so I don't think it is us for the entire problem). Kind Regards, Paul. 2009/3/3 Matt Sanford m...@twitter.com Hi Paul, It sounds like whatever is generating your API requests is double URL encoding. So the space becomes %20, and then on the second url encoding the % becomes a %25. Thanks; — Matt Sanford / @mzsanford On Mar 3, 2009, at 07:34 AM, Paul Kinlan wrote: Hi, I am noticing something that I think is odd at the moment. Some of our users are not getting searches that are enclosed in quotes via the API, yet they work directly from the website. For example there is a difference between the following query on the API and Website: http://search.twitter.com/search?q=%22exeter%20city%22 which has the same results as http://search.twitter.com/search?q=%22exeter+city%22 but returns a different result via the API using the following query http://search.twitter.com/search.json?q=exeter%20city; Looking at what is returned by the API the query looks like it has been transformed in to %22exeter*%2520*city%22. To me the %2520 looks odd when I would expect %20 Kind Regards, Paul Kinlan
[twitter-dev] Re: Twitter Search issue
Hi, It works with the +, but I knew that :) With a space (in IE) it encodes it as %20 when it makes the request and I can see it through fiddler (as below) and it comes back. GET /search.json?q=exeter%20city HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-gb UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0) Host: search.twitter.com Connection: Keep-Alive Cookie: __utma=43838368.379476752167577530.1234449205.1234449205.1234449205.1; __utmz=43838368.1234449205.1.1.utmcsr=blog.twe2.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=43838368.lang%3A%20en_GB I fully accept it is probably our client software that is not encoding correcly, but I also tried this from the command line curl http://search.twitter.com/search.json?q=\exeter%20city\; the response comes back as %22exeter%2520city%22 in the json object. From my point of view I know the quotes are not correct, but it looks like twitter is encoding them when it recieves them. I belive our client API is sending double quotes rather %22. Kind Regards, Paul 2009/3/3 Chad Etzel jazzyc...@gmail.com I also just tested searching exeter city in TweetGrid with IE, FireFox, and Chrome. All came back with the same results. fwiw, -Chad On Tue, Mar 3, 2009 at 11:14 AM, Matt Sanford m...@twitter.com wrote: Hi Paul, I just tested form the command line and everything seems fine with: curl 'http://search.twitter.com/search.json?q=%22exeter%20city%22' If you are typing %20 into the IE address bar it is likely try to correct your % (which is not a valid URL character) and making it %25 in the request but displaying it correctly to you. Try replacing it with a + or a space and see what you get. Thanks; — Matt - Show quoted text - On Mar 3, 2009, at 08:06 AM, Paul Kinlan wrote: Forgot to add, I am checking our client library now too. Paul. 2009/3/3 Paul Kinlan paul.kin...@gmail.com Hi Matt, I was typing the search term through IE (to test it after reports that enclosed searches aren't working) as http://search.twitter.com/search.json?q=exeter city which it then converts to http://search.twitter.com/search.json?q=exeter%20city; but the result came back as %22exeter%2520city%22 (see json object below) in the search API json object. It works in firefox so I am presuming firefox is correctly encoding the url. {results:[],since_id:0,max_id:1273765306,refresh_url:?since_id=1273765306q=%22exeter%2520city%22,results_per_page:15,completed_in:1.313905,page:1,query:%22exeter%2520city%22} it is highly likely that if IE is having the issue, the client API would probably have it, however the query that is going out over the wire (I checked with fiddler as exeter%20city and the result comes back as above, so I don't think it is us for the entire problem). Kind Regards, Paul. 2009/3/3 Matt Sanford m...@twitter.com Hi Paul, It sounds like whatever is generating your API requests is double URL encoding. So the space becomes %20, and then on the second url encoding the % becomes a %25. Thanks; — Matt Sanford / @mzsanford On Mar 3, 2009, at 07:34 AM, Paul Kinlan wrote: Hi, I am noticing something that I think is odd at the moment. Some of our users are not getting searches that are enclosed in quotes via the API, yet they work directly from the website. For example there is a difference between the following query on the API and Website: http://search.twitter.com/search?q=%22exeter%20city%22 which has the same results as http://search.twitter.com/search?q=%22exeter+city%22 but returns a different result via the API using the following query http://search.twitter.com/search.json?q=exeter%20city; Looking at what is returned by the API the query looks like it has been transformed in to %22exeter%2520city%22. To me the %2520 looks odd when I would expect %20 Kind Regards, Paul Kinlan
[twitter-dev] Re: Twitter Search issue
Hi, Yeah, I am pretty sure our Api client takes a litteral query string and since we store it that way it is probablly sending it that way. Paul. 2009/3/3 Matt Sanford m...@twitter.com Hi all, If you send something invalid we do attempt to fix-up invalid requests rather than just 400. This looks like a case where the bad request becomes a different sort of badness on the way out. Escaping the quotes seems like the only real fix. — Matt On Mar 3, 2009, at 09:13 AM, Chad Etzel wrote: Ok, I can replicate your results with curl $ curl -v http://search.twitter.com/search.json?q=\exeter%20city\; ...returns the wrong results, as you say. $ curl -v http://search.twitter.com/search.json?q=%22exeter%20city%22; ...returns the correct results. I think double quotes are not actually valid URL characters (tho some browsers try to treat them as such), so you should really turn into %22 before the requests go out. That said, I'm starting to agree with Paul that twitter is doing some sort of encoding trick on their end when literal quotes are sent in the request: $ curl -v http://search.twitter.com/search.json?q=\exeter%20city\; * About to connect() to search.twitter.com port 80 (#0) * Trying 128.121.146.107... connected * Connected to search.twitter.com (128.121.146.107) port 80 (#0) GET /search.json?q=exeter%20city HTTP/1.1 User-Agent: curl/7.16.4 (i486-pc-linux-gnu) libcurl/7.16.4 OpenSSL/0.9.8e zlib/1.2.3.3 libidn/1.0 Host: search.twitter.com Accept: */* HTTP/1.1 200 OK Date: Tue, 03 Mar 2009 17:09:34 GMT Server: hi Status: 200 OK Cache-Control: max-age=20, must-revalidate, max-age=300 Content-Type: application/json; charset=utf-8 X-Served-By: searchweb003.twitter.com Expires: Tue, 03 Mar 2009 17:14:34 GMT Content-Length: 195 Vary: Accept-Encoding X-Varnish: 1733084231 Age: 0 Via: 1.1 varnish X-Cache-Svr: searchweb003.twitter.com X-Cache: MISS Connection: close * Closing connection #0 {results:[],since_id:0,max_id:1274236746,refresh_url:?since_id=1274236746q=%22exeter%2520city%22,results_per_page:15,completed_in:0.112164,page:1,query:%22exeter%2520city%22} Now, one could argue that the request itself is invalid or malformed, and so the result may be undefined, but I do agree that something is happening on twitter's end. Moral of the story: encode as %22 in URLs. -Chad On Tue, Mar 3, 2009 at 11:33 AM, Paul Kinlan paul.kin...@gmail.com wrote: Hi, It works with the +, but I knew that :) With a space (in IE) it encodes it as %20 when it makes the request and I can see it through fiddler (as below) and it comes back. GET /search.json?q=exeter%20city HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-gb UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0) Host: search.twitter.com Connection: Keep-Alive Cookie: __utma=43838368.379476752167577530.1234449205.1234449205.1234449205.1; __utmz=43838368.1234449205.1.1.utmcsr=blog.twe2.com |utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=43838368.lang%3A%20en_GB I fully accept it is probably our client software that is not encoding correcly, but I also tried this from the command line curl http://search.twitter.com/search.json?q=\exeter%20city\; the response comes back as %22exeter%2520city%22 in the json object. From my point of view I know the quotes are not correct, but it looks like twitter is encoding them when it recieves them. I belive our client API is sending double quotes rather %22. Kind Regards, Paul 2009/3/3 Chad Etzel jazzyc...@gmail.com I also just tested searching exeter city in TweetGrid with IE, FireFox, and Chrome. All came back with the same results. fwiw, -Chad On Tue, Mar 3, 2009 at 11:14 AM, Matt Sanford m...@twitter.com wrote: Hi Paul, I just tested form the command line and everything seems fine with: curl 'http://search.twitter.com/search.json?q=%22exeter%20city%22'http://search.twitter.com/search.json?q=%22exeter%20city%22%27 If you are typing %20 into the IE address bar it is likely try to correct your % (which is not a valid URL character) and making it %25 in the request but displaying it correctly to you. Try replacing it with a + or a space and see what you get. Thanks; — Matt - Show quoted text - On Mar 3, 2009, at 08:06 AM, Paul Kinlan wrote: Forgot to add, I am checking our client library now too. Paul. 2009/3/3 Paul Kinlan paul.kin...@gmail.com Hi Matt, I
[twitter-dev] Re: Rate limiting message in search
Hi Burhan, Tweet# is a .Net twitter client API. It has been developed in a fluent interface style so you construct your twitter requests in a manner that you can read from left to right. For example I use it to search: var result = FluentTwitter.CreateRequest().Search().Query().Containing(\exeter city\).Since(last_id).Return(10).Request(); It Reads: Create a Request of type Search using a Query Containing exeter city Since the last id returning up to 10 results. It is on google code http://code.google.com/p/tweetsharp/ Kind Regards, Paul Kinlan 2009/3/3 Burhan TANWEER btanw...@gmail.com Hi Paul, What is tweet#? Can you let us know more about it? On Tue, Mar 3, 2009 at 2:28 PM, Paul Kinlan paul.kin...@gmail.com wrote: Hi Daniel, I am using tweet# a lot, and it would be good if you catch the 503 error status on the rate limited requests (including the Retry-After header in the response), I have had to implement it in tweet# for our product. Kind Regards, Paul 2009/3/3 Dimebrain daniel.cre...@gmail.com I have experienced sending search requests out which return a plain string, rather than JSON representing a twitter error. It's this: You have been rate limited. Enhance your calm. a) What is the rate limiting based on, IP or client? What is the limit? I develop a Twitter library (tweetsharp) and by default I send the tweet# credentials along with the call. If this means that anyone using my library will be rate limited because of that header information, I need to know so I can force my users to provide their own credentials so that the library isn't unusable in this area, and b) Can we get his as XML, JSON and not a plain string? -- Sincerely, Burhan Tanweer www.explorewww.com expl...@explorewww.com
[twitter-dev] Re: Rate limiting message in search
Thats pretty much where I am handling the 503, my client code intercepts the exception and then inspects the header. The other thing I noticed, and it is probably not best on this list is that you use WebRequest which raises a WebException, and you can't get the 503 out of it easily (at least from what I understand), where as HttpWebRequest raises HttpWebException which you can directly check for a 503 error. Anyway, I really enjoy using Tweet# and if any .Net devs out there need a .Net Twitter library this is the one I recommend. Paul 2009/3/3 Dimebrain daniel.cre...@gmail.com Thanks for the feedback; right now you can get at the response in instance.Root.Response (where instance is your FluentTwitter query), which will give you the instance of the last response returned. I'll look at this closer (unless you have a patch already of course). Daniel On Mar 3, 11:28 am, Paul Kinlan paul.kin...@gmail.com wrote: Hi Daniel, I am using tweet# a lot, and it would be good if you catch the 503 error status on the rate limited requests (including the Retry-After header in the response), I have had to implement it in tweet# for our product. Kind Regards, Paul 2009/3/3 Dimebrain daniel.cre...@gmail.com I have experienced sending search requests out which return a plain string, rather than JSON representing a twitter error. It's this: You have been rate limited. Enhance your calm. a) What is the rate limiting based on, IP or client? What is the limit? I develop a Twitter library (tweetsharp) and by default I send the tweet# credentials along with the call. If this means that anyone using my library will be rate limited because of that header information, I need to know so I can force my users to provide their own credentials so that the library isn't unusable in this area, and b) Can we get his as XML, JSON and not a plain string?
[twitter-dev] Which services use twitter username and password as account identifier
Hi, I am still concerned that the introduction of oAuth is going to cause a lot of problems for applications that use twitter username and password as a login and account registration mechanism for their services. I would like to start a list of the services that primariraly use twitter details as a form of login to their services. Starting with: Twe2 (although we do support oauth right now) Twollo What I am keen to also get accross is that if we have to introduce a new username and password mechanism for our services I bet that 80% of users will still use the same password as their twitter account, negating the use of oauth. If anyone wants I can provide you with a secret link for twe2's oauth implementation to show you what we are doing (no username and password - but re-requesting access to your data if you need to login). I look forward to hearing back and seeing a list of all the services in the ecosystem that use twitter credentials as account authentication and validation so that it is clear the how prevelant the problem will be. Regards, Paul
[twitter-dev] Re: Which services use twitter username and password as account identifier
Hi, With oauth you have to make the round trip but I think it works quite well. What I don't think is going to work well is we will all need to develop an account managment system with new passwords etc and also prompt existing user to now assign a password to their account (which will probably be their twitter password, because users will think we are asking for that.) The twe2 way of doing it is to ask you to use the oauth acceptance process, I.e the part where twitter takes you credentials and you as the user allow twe2 to access your data as the new sign-in process; to login. However, Alex mentioned that is not the use-case for oauth so using it that way may cause problems; it works pretty well though. Paul On 1 Mar 2009, at 17:29, Petermdenton petermden...@gmail.com wrote: Say I'm twitpic, does OAuth mean a user is going to have to make that awkward round trip to sign up? And does recurring login mean apps are going to have to store credentials? I'm just curious. On Mar 1, 2009, at 6:19 AM, Paul Kinlan paul.kin...@gmail.com wrote: Hi, I am still concerned that the introduction of oAuth is going to cause a lot of problems for applications that use twitter username and password as a login and account registration mechanism for their services. I would like to start a list of the services that primariraly use twitter details as a form of login to their services. Starting with: Twe2 (although we do support oauth right now) Twollo What I am keen to also get accross is that if we have to introduce a new username and password mechanism for our services I bet that 80% of users will still use the same password as their twitter account, negating the use of oauth. If anyone wants I can provide you with a secret link for twe2's oauth implementation to show you what we are doing (no username and password - but re-requesting access to your data if you need to login). I look forward to hearing back and seeing a list of all the services in the ecosystem that use twitter credentials as account authentication and validation so that it is clear the how prevelant the problem will be. Regards, Paul
[twitter-dev] Re: Which services use twitter username and password as account identifier
Thanks Chad, that is what I am trying to get across, we will definitely need to drastically alter our workflows. I am definitely not trying to spread FUD, the problem is there is definitely uncertainty about the process as a whole which I would like us all to talk about and ways to work with (around) it. The main problems I have, like a lot of other people is that we developed our apps using twitter as the authentication mechanism. It is very very hard for us to now ask for our users to give us yet another password. I personally never want to deal with managing users usernames and passwords. The perception is that oAuth will solve all authentication problems. I have had this, where people won't use twe2 or twollo because we ask for your password, and I generally agree with the sentiment - although the figure is probably about 7 people in total. Now we have to ask every user for a new password, and my gut feeling is that 90% of twitter users will not really understand what oAuth is for (this doesn't mean we shouldn't have it) and when we ask for a password I guarantee that most will use the same password that they do for twitter, thus potentially negating everything oAuth is meant for; or they will no longer decide to use the services. To see the workflow of oAuth on twe2 you can visit http://oauth.twe2.com(please note, that like twitter oAuth, this is beta at the moment - also note, the site isn't inline with the main site so it may not function as expected). So anyway, this is a place where we can list our apps that we have created that use Twitter as the authentication method and try and work out a decent solution together. Thanks. Paul. 2009/3/1 Chad Etzel jazzyc...@gmail.com This is an issue that concerns me as well, so thank you, Paul, for bringing it up on this list. I do not consider if FUD. This is something that at least a few of us would like to discuss. If it doesn't pertain to you, then fine. My example would be TweetGrid. Right now, it is entirely a drive-by site, meaning that anyone can use it w/o having to sign-in to the site itself and there is no need to create an account or have any notion of a session. People can search at will. If they want to actually interact with twitter, then (for now, until the official oauth switch) they enter their username and password for whatever account they'd like to use for the interaction and all is well. This is especially nice for people with multiple accounts since there is no session on tweetgrid, each twitter interaction is handled as a separate event/action, so you can change your active account at any time trivially by just retyping your user/pass in the appropriate boxes. With OAuth I see this changing quite a bit. Each twitter account that wants to interact with twitter through TweetGrid would need to make the loop through twitter. So, if someone wants to use 4 or 5 accounts at once they'd make 4 or 5 authentication trips to twitter and back. Imagine having to do that every time you come to use TweetGrid. I imagine this being a UX nightmare unless I implement some sort of user logon/session system which stores oauth keys for authenticated accounts, etc. Then it is no longer a fully drive-by service, and now I have to bring a login system/database into the equation. Please Note: This is not me complaining... this is me thinking outloud for the benefit of myself and Paul, who originally posed the question. Responses telling me to man up and just deal with it will be promptly forwarded to /dev/null. I have been thinking for a while about how to solve this UX situation and how to create something that won't alienate users by making them create Yet Another Website Account (tm) and jumping through some hoops to get there. Anyway, those are my current thoughts. I, too, would be interested to hear how sites/applications that currently don't use a login system are planning on dealing with the oauth change. -Chad On Sun, Mar 1, 2009 at 1:34 PM, Dossy Shiobara do...@panoptic.com wrote: On 3/1/09 1:28 PM, Petermdenton wrote: Dossy, serioulsy, no one is saying the sky is falling. This list is for application developers to discuss development topics as they please. You may know everything, but for those of us who wish to discuss We need to resist spreading FUD. Twitter has its problems, but creating ones where there aren't any helps no one. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
[twitter-dev] Re: Which services use twitter username and password as account identifier
I tend to agree, however lots of services are really only about working with Twitter, for instance I don't really want to make twollo work on any other service other than twitter. When you are linking to lots of other sites your points are perfectly valid :) One thing I have noticed is that in tweet# api the twitter id is marked as obsolete, so that is why I have not used it The thing is, if you use the twitter id, you need to always call twitter again when someone logs in to your site because you need to work out the twitter id. Paul. 2009/3/1 Nick Arnett nick.arn...@gmail.com On Sun, Mar 1, 2009 at 11:57 AM, Paul Kinlan paul.kin...@gmail.comwrote: Thanks Chad, that is what I am trying to get across, we will definitely need to drastically alter our workflows. I am definitely not trying to spread FUD, the problem is there is definitely uncertainty about the process as a whole which I would like us all to talk about and ways to work with (around) it. Seem to me that the mindset required is to think of yourself as creating something that isn't just a new front end for Twitter, but a site that has other value. E.g., if you're Facebook, the OAuth paradigm makes perfect sense. All the extra work only seems like trouble when you're building something whose whole purpose is to be some sort of value-added Twitter interface. Speaking of extra work... I hope that everybody is starting to store user data by Twitter ID, not by user name. I've been frustrated by losing all my preferences in TweetDeck, for example, because it apparently relies on user name, not ID. When I took an underscore out of my user name, TweetDeck no longer knew who I was. This undoubtedly will confuse users who would expect their TweetDeck user name to change when when they change their user name in Twitter. Again, this is the difference between a Twitter front end and a site that has other purposes - nobody would expect their Facebook user name to change just because they changed their Twitter user name, no matter how the accounts were linked. Nick
[twitter-dev] Re: Which services use twitter username and password as account identifier
I don't follow what you wrote about Twitter ID being obsolete. Where does it say that? If it is obsolete, Twitter needs to get rid of the users' ability to change their user names. It is the .Net Client that says that, I presuming it is a bug in that. That is why I have not used the ID but rather the username. 2009/3/1 Nick Arnett nick.arn...@gmail.com On Sun, Mar 1, 2009 at 12:18 PM, Paul Kinlan paul.kin...@gmail.comwrote: One thing I have noticed is that in tweet# api the twitter id is marked as obsolete, so that is why I have not used it The thing is, if you use the twitter id, you need to always call twitter again when someone logs in to your site because you need to work out the twitter id. Right... one more round trip if you're not storing user data. I don't follow what you wrote about Twitter ID being obsolete. Where does it say that? If it is obsolete, Twitter needs to get rid of the users' ability to change their user names. Nick
[twitter-dev] Re: Which services use twitter username and password as account identifier
I think it was one of my threads. I think it was along the lines of you can store the access key in cookie, but why you would want to publish the fact you are doing it. The thing being that the access token when used in a request is accompanied by a signature that can only be generated if the consumer secret iw known. So in theory, you could have it in a cookie (encypted like previously mentioned). The issues surronding security of keys are in the spec, which are quite interesting http://oauth.net/core/1.0/#anchor39 Paul 2009/3/1 Abraham Williams 4bra...@gmail.com Alternatively, you could store the Token (optionally with symmetric key encryption) as a cookie in the user's browser. Done intelligently, the user's browser could store multiple such cookies in various chips, one for each identity they control and have authorized. I'm pretty sure that in an older thread Alex has specifically recommended not storing OAuth access tokens in cookies. -- Abraham Williams | http://the.hackerconundrum.com Web608 | Community Evangelist | http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from: Madison Wisconsin United States.
[twitter-dev] Re: Which services use twitter username and password as account identifier
Hi Sam, I think most things other than a basic username and password will confuse most people, which is why asking for their twitter username and password is done (rightly or wrongly) because people know it, use it all the time on twitter and don't have to remember yet another password. I will give JainRains solution a look over. Trouble is, it looks two phase, log-in via openId/facebook/etc then hook up your twitter account (using oAuth); obviously once you have set up your twitter account your only ever have to log in using the JainRain stuff. I do like using the twitter account and password (like many app developers) because its central, you can verifiy the details and let people use your service in one simple step and you don't need another external sevice to authenticate against. I just worry that using external services will limit who uses Twitter apps, and I also worry that managing the credentials myself will negate all the benefits that oAuth provides (because most people will use the same password as their twitter password). On http://oauth.twe2.com you only ever type anything when you are redirected to Twitters site, twe2 doesn't ask for anything ever. In my opinon it is the cleanest thing from a UX point of view, however, it's not (from what I have been told) how your supposed to use oAuth. Paul. 2009/3/1 Sam K Sethi samkse...@googlemail.com Hi Paul As you know we already have a working version of Twitters OAuth on a test site http://ouath.twitblogs.com and will integrate into our live site when twitter let us. The way we are looking to overcome the user login issue is to use JainRain's www.rpxnow.com and associate a users ID to their OAuth token. Our worry is will this all confuse non-technical users Thanks in advance Sam www.twitblogs.com/ This email is: [ ] bloggable [ ] twittable [ ] ask first [X] private 2009/3/1 Dossy Shiobara do...@panoptic.com On 3/1/09 1:28 PM, Petermdenton wrote: Dossy, serioulsy, no one is saying the sky is falling. This list is for application developers to discuss development topics as they please. You may know everything, but for those of us who wish to discuss We need to resist spreading FUD. Twitter has its problems, but creating ones where there aren't any helps no one. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
[twitter-dev] Re: oAuth and 401 Unauthorised Request
Hi Matt, Excellent news, thanks. Paul. 2009/2/23 Matt Sanford m...@twitter.com Hi there, I am working on a fix for the case where a brand new token takes a few seconds to propagate to all of our database slaves. During that time you would see errors like Invalid / expired Token and then they would suddenly start working. They may even work on some requests and not others because you don't hit the same database every time. Like I said, working on a fix for it now. Once the fix is done I'll keep and eye out for more reports like this. Thanks; — Matt On Feb 21, 2009, at 02:47 PM, Santosh Panda wrote: Hi Paul, We see the same issue couple of times but infrequently. In another threaded mail, few more developers have conveyed the same. cheers, Santosh Panda www.twitblogs.com On Sat, Feb 21, 2009 at 9:50 PM, Paul Kinlan paul.kin...@gmail.comwrote: Hi, Following on from my previous email about not being able to use verify_credentials, I am still having sporadic problems and I am wondering if anyone else has seen them. Our page call creates a request_token and navigates to the the twitter oAuth page, on successful return we swap our tokens for an access token, we then call verify_credentials.json. Sometimes (quite often) when we call this method we get a 401 Un-authorised exception. If no-one else see's this then I will have to see if the library I am using has the problem. Kind Regards, Paul Kinlan.
[twitter-dev] oAuth and 401 Unauthorised Request
Hi, Following on from my previous email about not being able to use verify_credentials, I am still having sporadic problems and I am wondering if anyone else has seen them. Our page call creates a request_token and navigates to the the twitter oAuth page, on successful return we swap our tokens for an access token, we then call verify_credentials.json. Sometimes (quite often) when we call this method we get a 401 Un-authorised exception. If no-one else see's this then I will have to see if the library I am using has the problem. Kind Regards, Paul Kinlan.
Re: The server understood the request, but is refusing to fulfill it.
Just to add my two pennies in, I have seen this error quite a bit on my test environment. It normally happened when I sent the user to the oauth page on twitter quite close to the first time I did it - occurs because I was using oAuth as an authentication mechanism. Kind Regard, Paul Kinlan. 2009/2/19 Matt Sanford m...@twitter.com Hi Rahul, We were having some trouble with database replication lag last night. During that time tokens were being created in the master database but were not available when we went to look them up. When we can't find the token we return a pretty generic error. I am planning to talk to some people internally today about how we can make OAuth less fragile in the face of replication delay. This is what closed beta's are for :). Thanks; — Matt Sanford / @mzsanford On Feb 19, 2009, at 03:45 AM, Rahul Waghmare wrote: we are getting token as in https://twitter.com/oauth/authorize?oauth_token=zb8CGahZPZuDgg3VgUs4fGRgmbHf9aamsSZqmv0P3hk but the page shows 403 Forbidden: The server understood the request, but is refusing to fulfill it. why it is happening. Thanks Rahul
Re: oAuth Good Practice
Hi, Ahh, cool, I actually understood that the access token should be kept as secret as possible, but it is the signing process that really protects the requests as that uses the secret key etc. From a Twitter oAuth point of view (and from what I understand what the plan might be) I just worry, because I have several services that use twitter as an authentication mechanism, I think there are a lot of twitter services on the internet that do the same (in fact I would like to see a straw poll ;) ). These services ask for the twitter name, and password; in the future they will ask for (most likely) a twitter name, a site specific password (to log in) and the backend service of the site will use the oAuth stuff. I just think we will all be in the same situation we are in now because I strongly belive that most people will use the same password for the service that they do to use Twitter and adding in the fact that I belive most people think oAuth will mean that no passwords will ever be required they will be confused/distrusting as to why a password is required at all. I could easily use oAuth to authenticate against twitter and would never need a log in box on any of my sites (blaine/alex/matt email me off list if you want to see the demo site I have). I understand it though that you might prefer us not to have a high number of users allowing applications to repeatedly ask for access to the data. oAuth as an Alternative login mechanism would be awesome. I mean really awesome, no twitter 3rd party service would ever need a username and password. Kind Regards, Paul Kinlan. 2009/2/19 Blaine Cook bla...@twitter.com On Feb 17, 8:58 pm, Alex Payne a...@twitter.com wrote: As to your second point: yes, do NOT store keys in unencrypted cookies. Access tokens were designed with the assumption that they should be treated as public, hence the existence of the secret part of the token/secret pair. The secret should never be exposed, but there's no reason that I'm aware of to hide the access token itself (that said, there's no reason to go out of your way to advertise it, either). Of course, that doesn't help in this situation, since authenticating users at twe2 should not be done on the basis of a single public identifier. b.
oAuth Good Practice
Hi Guys, I am working developing twe2's oAuth support and I have a quick question for the group. Obviously, oAuth solves us having to store the twitter-ers username and password on our system by delegating the authentication out to twitter, however, for the past couple of services I have created, the twitter username and password has been the only form of identification on our services, basically meaning that there is no seperate login account for our service. So my question is it acceptable whenever the users' sessions on our site expires to redirect the user to the oAuth allow twe2 access page at twitter if they need to login to our site? Obviously if they never login to the site again the access_token may still be valid (unless they remove our app from their account) and the backend software still works like normal, but if they re-accept our application this will refresh the access token but I am ok with that. On a side note, the Allow Access page says the following The application *Twe2* by *Twe2 Limited* would like the ability to *access and update* your data on Twitter. We are read only application it should read The application *Twe2* by *Twe2 Limited* would like the ability to *access *your data on Twitter Kind Regards, Paul Kinlan Twe2 Ltd - www.twe2.com
Re: OAuth and verify_credentials
Hmm, Getting Direct Messages work, but if I try verify_credentials it 401's, which is why I was thinking verify_credentials is not working. Using .Net and using http://code.google.com/p/oauth-dot-net/ (OAuth dot net) Paul. 2009/2/15 Chad Etzel jazzyc...@gmail.com verify_credentials *does* work with OAuth. Which language/lib are you using? Maybe someone using that same lang could chime in... -Chad On Sun, Feb 15, 2009 at 2:53 PM, Paul Kinlan paul.kin...@gmail.com wrote: Hi, Is it me of does verify_credentials method not work with oAuth? I understand why people might think it shouldn't work, but there seems to be no reasonable way to determine the authenticated user's profile information. I can't reliably use the user_timeline or direct_messages or replies because there might be none present. Kind Regards, Paul Kinlan Twe2 Ltd
Re: OAuth and verify_credentials
Hi Chad, I definatly can't get anything other than a 401's on GET requests to verify_credentials when using oAuth. But I can successfully get the direct messages for the user that is oAuthed in. Paul. 2009/2/15 Paul Kinlan paul.kin...@gmail.com Hmm, Getting Direct Messages work, but if I try verify_credentials it 401's, which is why I was thinking verify_credentials is not working. Using .Net and using http://code.google.com/p/oauth-dot-net/ (OAuth dot net) Paul. 2009/2/15 Chad Etzel jazzyc...@gmail.com verify_credentials *does* work with OAuth. Which language/lib are you using? Maybe someone using that same lang could chime in... -Chad On Sun, Feb 15, 2009 at 2:53 PM, Paul Kinlan paul.kin...@gmail.com wrote: Hi, Is it me of does verify_credentials method not work with oAuth? I understand why people might think it shouldn't work, but there seems to be no reasonable way to determine the authenticated user's profile information. I can't reliably use the user_timeline or direct_messages or replies because there might be none present. Kind Regards, Paul Kinlan Twe2 Ltd
Re: Twitter badges prompting for Basic Auth login
Hi, I know this is probably a cheeky questions, what is there an eta for the fix? My site www.itsabot.com is getting a lot of authentication problems at the moment. Kind Regards, Paul Kinlan. On Jan 9, 12:33 am, Alex Payne a...@twitter.com wrote: This is a bug, deployed as part of a related fix to our handling of web sessions vs API authentication. A fix is pending deploy while we resolve some issues with our cluster's internal network. -- Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x
Re: Twitter badges prompting for Basic Auth login
It's unfortunate, because it did work before yesterday. I can no longer get the user timeline without a) asking them for a username and b) using a proxy account. It is unfortunate again because I have created www.twollo.com which requires a users username and password and I have been hoping to move away from that, and now www.itsabot.com no longer has the interactivity it once had. I will have to work around it but it just won't be as good and I am not to pleased because I have 4 more projects in the pipeline that I am putting on ice. Regards, Paul On 9 Jan 2009, at 19:02, Alex Payne a...@twitter.com wrote: Cookie support was, as you mentioned, never actually support, and it's definitely disabled. There's a method you can use to find if the user is logged in, but not WHO the user is. That's intentional. On Fri, Jan 9, 2009 at 10:33, Paul Kinlan paul.kin...@gmail.com wrote: Hi, I am seeing problems using the JSON api calls to statuses/user_timeline.json?suppress_response_codes=1 from a webpage (www.itsabot.com) are now comming back saying that the call requires authentication where as in the past the auth cookie went accross with the request from a SCRIPT tab and the data came back. Now I know cookie auth is not supported, but I find it hard to perform any form of useful hands off interaction without. Can you clarify that cookie support to JSON endpoints no longer work? Many Kind Regards, Paul Kinlan. 2009/1/9 Alex Payne a...@twitter.com It's long since fixed. On Fri, Jan 9, 2009 at 00:51, Paul Kinlan paul.kin...@gmail.com wrote: Hi, I know this is probably a cheeky questions, what is there an eta for the fix? My site www.itsabot.com is getting a lot of authentication problems at the moment. Kind Regards, Paul Kinlan. On Jan 9, 12:33 am, Alex Payne a...@twitter.com wrote: This is a bug, deployed as part of a related fix to our handling of web sessions vs API authentication. A fix is pending deploy while we resolve some issues with our cluster's internal network. -- Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
Re: Twitter badges prompting for Basic Auth login
Hehe, I am not sure if there is anything you can do other than support cookies again :) From an API point of view for itsabot I need to be able to detect the current twitter user, whilst the rest of the functionality is accessed through a proxy using my account and auth details. I think that it would be good if http referrers to the api could be whitelisted so that the request could be authenticated but only from sites approved by twitter. If there were a referral Whitelist it could be used to reduce the number of proxy calls I need to make and could also be used to reduce the chance that people use my proxy for nefareous means. The good thing about cookies for GET requests is that I don't need to ask twitter users for any of their details. From a twollo point of view, several thousand users have used their password details on the service, now I have to manage and secure this so that it can auto follow on their behalf. In light of recent incidents by other services (although it hasn't deterred users of twollo) I would like to see methods where users can trust my application to add followers, for instance, without the need for their twitter details. Kind regards, Paul Kinlan On 9 Jan 2009, at 22:03, Alex Payne a...@twitter.com wrote: Apologies. If there's some way that we can help within the realm of API methods that we support, let me know. On Fri, Jan 9, 2009 at 11:39, Paul Kinlan paul.kin...@gmail.com wrote: It's unfortunate, because it did work before yesterday. I can no longer get the user timeline without a) asking them for a username and b) using a proxy account. It is unfortunate again because I have created www.twollo.com which requires a users username and password and I have been hoping to move away from that, and now www.itsabot.com no longer has the interactivity it once had. I will have to work around it but it just won't be as good and I am not to pleased because I have 4 more projects in the pipeline that I am putting on ice. Regards, Paul On 9 Jan 2009, at 19:02, Alex Payne a...@twitter.com wrote: Cookie support was, as you mentioned, never actually support, and it's definitely disabled. There's a method you can use to find if the user is logged in, but not WHO the user is. That's intentional. On Fri, Jan 9, 2009 at 10:33, Paul Kinlan paul.kin...@gmail.com wrote: Hi, I am seeing problems using the JSON api calls to statuses/user_timeline.json?suppress_response_codes=1 from a webpage (www.itsabot.com) are now comming back saying that the call requires authentication where as in the past the auth cookie went accross with the request from a SCRIPT tab and the data came back. Now I know cookie auth is not supported, but I find it hard to perform any form of useful hands off interaction without. Can you clarify that cookie support to JSON endpoints no longer work? Many Kind Regards, Paul Kinlan. 2009/1/9 Alex Payne a...@twitter.com It's long since fixed. On Fri, Jan 9, 2009 at 00:51, Paul Kinlan paul.kin...@gmail.com wrote: Hi, I know this is probably a cheeky questions, what is there an eta for the fix? My site www.itsabot.com is getting a lot of authentication problems at the moment. Kind Regards, Paul Kinlan. On Jan 9, 12:33 am, Alex Payne a...@twitter.com wrote: This is a bug, deployed as part of a related fix to our handling of web sessions vs API authentication. A fix is pending deploy while we resolve some issues with our cluster's internal network. -- Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x