[twitter-dev] Lists question
Greetings, I am new to twitter API dev and have a task to implement. I would like to display the timelines from several twitter users and hashes w/ o having to authenticate. Is there a way to do that in one request? Thanks, --alex -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] search api limit
Hi, Max, First of all, this is just from personal experience with my own application, so, take it with all the necessary grains of salt about rate limits changing based on traffic and time of day, your searches being different from mine, etc, etc. My experience has been that I tend not to run into trouble if I can stay under 20 search API requests per minute, and that if I do go over, I'm typically only rate-limited for a few minutes. So, if you can either reduce the frequency of your search calls to every 15 seconds instead of every 10, or can tolerate a few of them failing once in a while, you should be fine. You mention four different CPU's -- are they searching for different things? If so, you might consider just having one CPU do a single search request every 10 seconds, stringing the four original searches together with OR's -- I've had great success using this method to batch what would've been up to 50 different searches into a single API call. You mention an art installation -- if your problem is that you've got the software to put interesting twitter-driven graphics on one monitor with one CPU, but your installation needs four monitors, so, it's easiest to just run the same software on four different CPU's, I'd say this is exactly the kind of scenario where Twitter would encourage you to make more efficient use of the API calls. Were I in your shoes, I'd think about setting up one master server, which would run a script to search Twitter every 10 seconds and dump the resulting JSON into a flat file. The master would also be running Apache to serve that flat file up over HTTP, and any number of slave machines showing interesting graphics could hit your master server instead of Twitter. Other than changing what URL they hit for data, you wouldn't have to change the show-interesting-graphics code at all, since the master would be serving up the exact same data the slaves would've gotten from Twitter directly. Best of luck, -Alex On Thu, May 19, 2011 at 6:26 AM, Max maxdo...@googlemail.com wrote: Hello, for an art installation i will be having 4 cpus running the search twitter query (search.twitter.com) . because the rate limit is not made public, if you could authorize my proposed request frequency. if i have each computer (on the same IP adress) calling the search api every 10 seconds, that comes to 1440 calls per hour (from the same Ip adress) whilst also simultaneously running the sample stream (on each cpu) . would this be allowed? it would be between June 16th and June 24th, continuously during day time hours. thanks alot. max maxdo...@gmail.com -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Alex Feinberg CTO, Trak.ly http://trak.ly/ -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] Encrypting/masking certain keywords while tweeting on Twitter site
Hi, Jigs, You're probably best off running your regex search and doing any replacing within your own application, before you send the tweets off to Twitter -- once the tweet's been tweeted, there's no way to modify it. You could probably follow your users, search for suspicious tweets, delete them (provided your users have authenticated your app), and possibly re-send censored copies -- in general, this sounds like a pretty annoying feature, deleting tweets and re-sending near-duplicates (especially for the people following your users), but if you've got a very paranoid user base, they may think an obnoxious tweet-delete-retweet cycle is worth it to protect their data? Good luck, -Alex On Wed, May 18, 2011 at 12:08 AM, jigneshbh jigs.bh...@gmail.com wrote: Hello, I need one help regarding encryption or masking certain keywords when a user accidently keys in sensitive information e.g. SSN (XXX-yy-) to anyone (as opposed to DM) which gets displayed on the time line e.g. i tweet as per @jigsb my SSN # is XXX-yy-. When it gets displayed on the time line, it should look like - @jigsb my SSN # is ***-**- I guess, the detection of pattern should not be an issue (using RegEx), but does Twitter website gives you an interface to detect such pattern and take actions accordingly Appreciate your help in this regard ~Jigs -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk -- Alex Feinberg CTO, Trak.ly http://trak.ly/ -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Bad Word Filter
Hey All, We have a client that wants to use a twitter filter on their site, but wants to filter out about 100 or so bad words (kids content). We have been using negations but when you click join the conversations they all show up with a -bad word at the top of the page. Does anyone have advice on how to create a CUSTOMIZED twitter widget that has bad word filtering and doesn't expose the filter upon click? We tried TidyTweet, and could not achieve the needed level of custom look and feel. Thanks! Alex -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Lifecycle of a Site Streams Connection
Is there any documentation which I could read which describes the lifecycle of site streams connections? I can set them up and respond to what I receive but there are a few things I am puzzled about. What am I supposed to do with a track limitation notice in site streams? I can't reduce the number of requests or back off as I can with a REST api? If I want to change the parameters of my site stream connection do I start a new connection and close my old one? How many simultaneous connections am I allowed? Do I start up a new connection with the new things I want (eg every 10 minutes), and then eventually (eg every hour/every day) consolidate these back into single site stream connections? Feel free to say rtfm if you can also point to the specific part of the manual I've missed :-) Alex -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] twitter ideas for multiple users....or does this exist?
On 8 February 2011 18:09, Victoria Smith victoriannsm...@gmail.com wrote: The idea is basically for Company twitter pages. There are usually more than one member of a company so there is a lot of stuff different people want to say, if each employee had a member ID, they could post their own tweets under the same company name, Hello Victoria, I believe you can do this without any coding by using Drupal as a PHP Web CMS, and installing the Twitter module. The twitter modules work in two basic ways. You can either associate each user with their own twitter account so that they can tweet things like Hey, I wrote a blog about what I do at http://mydrupalsite.com/node/123; to their OWN twitter account, or you can set up a global twitter account which they all share. Each user in the company who is authorized to use it is given permission to post using that account. Feel free to ask for more details off list. Alex -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] API Privacy Policy
Hello. I need proof to customer, that's impossible get email adresses of users through Tweeter API. Would you give me a link to this string in documentation? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Low Volume App Search API Rate Limitations and Alternative Options
I've deployed a new version that records the retry-after responses and more details. But on this data I would say there's something broken or radically changed in the search API: 2011-01-25 21:47:06.633772 response_status: 420 (retry_after: 1487) 2011-01-25 21:52:12.933658 still must wait: 0:24:47 2011-01-25 21:57:12.976032 still must wait: 0:24:47 2011-01-25 22:04:16.410047 still must wait: 0:24:47 2011-01-25 22:05:15.735935 still must wait: 0:24:47 2011-01-25 22:06:15.776125 still must wait: 0:24:47 2011-01-25 22:07:15.818147 still must wait: 0:24:47 2011-01-25 22:08:15.803914 still must wait: 0:24:47 2011-01-25 22:09:15.841937 still must wait: 0:24:47 2011-01-25 22:09:16.677202 still must wait: 0:24:47 2011-01-25 22:11:24.344873 still must wait: 0:24:47 2011-01-25 23:10:14.798485 response_status: 420 (retry_after: 99) 2011-01-25 23:10:28.962504 still must wait: 0:01:39 2011-01-25 23:11:16.013676 still must wait: 0:01:39 2011-01-25 23:11:24.657504 still must wait: 0:01:39 2011-01-25 23:11:28.754002 still must wait: 0:01:39 2011-01-25 23:15:29.337179 response_status: 420 (retry_after: 1584) 2011-01-25 23:17:14.925825 still must wait: 0:26:24 2011-01-25 23:17:15.920827 still must wait: 0:26:24 2011-01-25 23:17:26.990475 still must wait: 0:26:24 2011-01-25 23:19:16.208185 still must wait: 0:26:24 2011-01-25 23:19:28.786134 still must wait: 0:26:24 2011-01-25 23:20:16.054580 still must wait: 0:26:24 Please note that requests logged as still must wait where not launched. They were just acknowledging the retry after. Basically in over 1.5 hour I haven't been able to make any request. :- alex On Jan 25, 8:53 am, Alex Popescu the.mindstorm.mailingl...@gmail.com wrote: Hi guys, It is a bit over an year since I've been running a small volume Twitter based app deployed on Google App Engine. Basically this app is using the search API to poll some results. According to the app stats it is making less than 100 request/hour. But since last weekend, it seems it is continuously getting a rate limitation error and even if I backdown this doesn't change. Unfortunately, switching to the streamapi is not possible as Google App Engine does not allow long lived responses. So, my questions is: 1. how should I proceed? 2. is there any way I could whitelist this little app so it doesn't get rate limited? (nb: I am aware that the search API doesn't have an official whitelisting process) 3. considering I'm running on Google App Engine, I cannot provide an IP, but I could definitely make sure to submit some whitelisted headers (or something in this area). While little, this app is quite essential for me. Please advise how should I proceed. Many thanks in advance, :- alex -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Low Volume App Search API Rate Limitations and Alternative Options
Hi guys, It is a bit over an year since I've been running a small volume Twitter based app deployed on Google App Engine. Basically this app is using the search API to poll some results. According to the app stats it is making less than 100 request/hour. But since last weekend, it seems it is continuously getting a rate limitation error and even if I backdown this doesn't change. Unfortunately, switching to the streamapi is not possible as Google App Engine does not allow long lived responses. So, my questions is: 1. how should I proceed? 2. is there any way I could whitelist this little app so it doesn't get rate limited? (nb: I am aware that the search API doesn't have an official whitelisting process) 3. considering I'm running on Google App Engine, I cannot provide an IP, but I could definitely make sure to submit some whitelisted headers (or something in this area). While little, this app is quite essential for me. Please advise how should I proceed. Many thanks in advance, :- alex -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Cell phone tower information
Hi, If tweet is posted from a cell phone. Is there a cell phone tag information when I search it using twitter Stream API? Thanks -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Could not authenticate with OAuth error
Good day everyone. Problem: I can't perform http://api.twitter.com/1/account/ verify_credentials.xml after getting access token and access token secret via OAuth. I'm getting 401 Unauthorized error with message Could not authenticate with OAuth. I've triple-checked all the params, read docs, googled till my fingers bleed, tried different variants (POST instead of GET, params in the request url). I suppose, that is not a problem of my perl module Net::OAuth, because i can get request tokens, i can exchange them for access tokens - no problem. So request signing seems to be ok. Also, i checked signature generation - that seems to be ok too. So, i'm doing GET request to: http://api.twitter.com/1/account/verify_credentials.xml With Authorization header: OAuth oauth_consumer_key=zqOQIgnviRjNDuGIdHAA,oauth_nonce=1997904,oauth_signature=aSf2zj8xfjXcN9z %2B04eOwFd8fKk%3D,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1291981333,oauth_token=jxmgnF4m2HB7IP9RbylyyF7gaZuRXj8YF1eVUIDSLrk,oauth_version=1.0 and i get: 401 Unauthorized ?xml version=1.0 encoding=UTF-8? hash errorCould not authenticate with OAuth./error request/1/account/verify_credentials.xml/request /hash Can anybody help me and point me, what am i doing wrong? Thanks in advance. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Dose Twitter Stream API support proxy server?
Hi, Dose Twitter Stream API support proxy server? I am trying to use Stream API, but get an error saying 403, use proxy server. How to set up the proxy sever for Stream API? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] friends/ids JSON API
Will this be updating to the snowflake id strs workaround? Currently it delivers ints in an array. I'd like to propose a flag on all JSON API calls (? ids_as_strings=true) to deliver ids as strings instead of ints. This could apply to the cursor problem we saw earlier. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: friends/ids JSON API
great thanks I look forward to seeing this is query parameter this not a suitable parameter for every API call? A custom 'stringify ids' header is another idea I had although that wouldn't work with JSONP On Oct 26, 10:45 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Yes, this will be supported also. We should have the support rolling out very early this week. It will be triggered via a query parameter: stringify_ids=true This will apply to the following: - friends/ids.json - followers/ids.json - blocks/blocking/ids.json - friendships/no_retweets/ids.json - statuses/:status_id/retweeted_by/ids.json Thanks, Taylor On Tue, Oct 26, 2010 at 2:24 AM, Alex B alex.boswo...@gmail.com wrote: Will this be updating to the snowflake id strs workaround? Currently it delivers ints in an array. I'd like to propose a flag on all JSON API calls (? ids_as_strings=true) to deliver ids as strings instead of ints. This could apply to the cursor problem we saw earlier. -- Twitter developer documentation and resources:http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] rendering user profile in iFrame
Hi, I'm working on a web application and would like to render a user's Twitter profile page in an iFrame. For some reason the profiles are not working, and I'm guessing you have added some type of code to prevent this from happening? Is there a reason why this is not allowed or a way I can enable it? Thank you. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Including retweet field for search api?
Hi there, The current search api provides reply_to meta info but doesn't provide any information on tweet. Wondering what's the recommended way to get the original tweet id for a retweet. Thanks, Alex -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] How to retrieve more recent popular tweets in search api?
Hi there, By default, the search api will return only three most popular tweets from http://search.twitter.com/search.json?q=%23newtwitterresult_type=popular. I'm wondering are there any way I can get more popular tweets? For example, the popular tweets in the last 24 hours? I've tried to add a since_id but it doesn't seem to help. Thanks, Alex -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: How to retrieve more recent popular tweets in search api?
Taylor, thanks for the quick reply. Tweet id:25330325246 shows up in http://search.twitter.com/search.json?q=newtwitterresult_type=popular but it's not in http://search.twitter.com/search?tag=newtwitterfrom=toptweets. Here are the metadata fields: metadata:{recent_retweets: 1000,result_type:popular} Wondering is this a latency issue? Or maybe the popular tweets is only inspecting into a fix sized time window? More context: our use case is to provide a list of top tweets for a large conference. So that the attendees can hop in and check out which new tweets they should pay attention to without spending too much time reading through tweets. Alex On Sep 24, 8:47 am, Taylor Singletary taylorsinglet...@twitter.com wrote: There isn't a way for this through the Search API at this time. While it's not a perfect solution, there is a @toptweets user athttp://twitter.com/toptweetsthat retweets Top Tweets -- ripe for obtaining the kind of tweets you're looking for.. Taylor On Thu, Sep 23, 2010 at 5:41 PM, Alex Dong alex.d...@gmail.com wrote: Hi there, By default, the search api will return only three most popular tweets from http://search.twitter.com/search.json?q=%23newtwitterresult_type=pop I'm wondering are there any way I can get more popular tweets? For example, the popular tweets in the last 24 hours? I've tried to add a since_id but it doesn't seem to help. Thanks, Alex -- Twitter developer documentation and resources:http://dev.twitter.com/doc API updates via Twitter:http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] oauth_signature
still confused about oauth_signature. what is oauth_signature? who generate oauth_signature? If it is consumer, how to generate oauth_signature ? Im using Abraham's PHP library TwitterOAuth
[twitter-dev] Re: Send Custom Header
thanks all
[twitter-dev] Send Custom Header
Accept: */* Connection: close User-Agent: OAuth gem v0.3.4.1 Authorization: abcdefgh Host: api.twitter.com how to send the above header to api.twitter.com through PHP ?
[twitter-dev] Best method of displaying a list of friends
What's the best method for display a list of friends to a twitter user? In most other oauth / social network apis - they usually return an id as well as a name. What's the best way to go about showing a list of friends without getting killed by the api limit? Right now I'm using /friends/ids.json. Then looping on it for /users/ show.json in order to get the screennames. This will kill the api limit. Any suggestions?
[twitter-dev] Cannot access homepage/timeline for over 24 hours
Hi guys, I know this is probably not the best place to report this issue, but I couldn't find any other way to contact you. For the last 24 hours I haven't been able to get on my account homepage. My account seems to be still active http://twitter.com/al3xandru, I can successfully log in, but when accessing the homepage I get an: Something is technically wrong. Thanks for noticing—we're going to fix it up and have things back to normal soon. Twitter apps on my iPhone cannot connect either reporting a 500 error. But I can send tweets and also access @replies and dm-s. So it is only the fetching the timeline that seems broken. Can someone ping the support team to look into this? many thanks in advance, :- alex
[twitter-dev] Adding and removing from Lists does not appear to be working
Adding and Deleting members from lists appears to be silently failing. This issue also appears to impact the Twitter web interface. Is it just me seeing this bug? Is there any information on the issue?
Re: [twitter-dev] Twitter places documentation / bug??
how can I easilly convert date format (in status - created_at) to standard -mm-dd H:i:s ???
[twitter-dev] Re: link wrapping on the API
What's the algorithm for the display url? Ideally it will be a predictable length, to aid predictability in tweet display code. If the motive is really to protect us from malicious URLs, what about giving a service we can call to route links through your protective redirect servers? Then we can give users the option to be protected by your malicious detection algorithms if they want. If you want to click track every URL for whatever reason, ask client developers to hit a ping URL if the user clicks? I'm not sure otherwise how you will tell in a software client if it's the user requesting the t.co URL or the software. On Jun 9, 6:57 am, Raffi Krikorian ra...@twitter.com wrote: hi all. twitter has been wrapping links in e-mailed DMs for a couple months nowhttp://bit.ly/twttldmemail. with that feature, we're trying to protect users against phishing and other malicious attacks. the way that we're doing this is that any URL that comes through in a DM gets currently wrapped with a twt.tl URL -- if the URL turns out to be malicious, Twitter can simply shut it down, and whoever follows that link will be presented with a page that warns them of potentially malicious content. in a few weeks, we're going to start slowly enabling this throughout the API for all statuses as well, but instead of twt.tl, we will be using t.co. practically, any tweet that is sent through statuses/update that has a link on it will have the link automatically converted to a t.co link on its way through the Twitter platform. if you fetch any tweet created after this change goes live, then its text field will have all its links automatically wrapped with t.co links. when a user clicks on that link, Twitter will redirect them to the original URL after first confirming with our database that that URL is not malicious. on top of the end-user benefit, we hope to eventually provide all developers with aggregate usage data around your applications such as the number of clicks people make on URLs you display (it will, of course, be in aggregate and not identifiable manner). additionally, we want to be able to build services and APIs that can make algorithmic recommendations to users based on the content they are consuming. gathering the data from t.co will help make these possible. our current plan is that no user will see a t.co URL on twitter.com but we still have some details to work through. the links will still be displayed as they were sent in, but the target of the link will be the t.co link instead. and, we want to provide the same ability to display original links to developers. we're going to use the entities attribute to make this possible. let's say i send out the following tweet: you have to check outhttp://dev.twitter.com!; a returned (and truncated) status object may look like: { text : you have to check outhttp://t.co/s9gfk2d4!;, ... user : { screen_name : raffi, ... }, ... entities : { urls : [ { url : http://t.co/s9gfk2d4;, display_url : http://dev.twitter.com;, indices : [23, 43] } ], ... }, ... } two things to note: the text of the returned status object doesn't have the original URL and instead it has a t.co URL, and the entities block now has a display_url attribute associated with it. what we're hoping is that with this data, it should be relatively easy to create a UI where you replace thehttp://t.co/s9gfk2d4in the text with the equivalent of a href=http://t.co/s9gfk2d4;http://dev.twitter.com/a this means the user would not see the t.co link, but we all can still provide the protection and gather data from the wrapped link. for the applications that don't choose to update, the t.co link will be shown (and the goal to protect users will be met). i just want to emphasize -- we really do hope that you all render the original URL, but please send the user through the t.co link. if you do choose to prefetch all the URLs on a timeline, then, when a user actually clicks on one of the links, please still send him or her through t.co. We will be updating the TOS to require you to check t.co and register the click. related to this: the way the Twitter API counts characters is going to change ever so slightly. our 140 characters is now going to be defined as 140 characters after link wrapping. t.co links are of a predictable length -- they will always be 20 characters. after we make this live, it will be feasible to send in the text for a status that is greater than 140 characters. the rule is after the link wrapping, the text transforms to 140 characters or fewer. we'll be using the same logic that is in twitter-text-rb to figure out what is a URL. look for an update to dev.twitter.com where we'll have a best practices document on how to use these t.co links. what's the timeline? soon we'll enable this on @twitterapi, @rsarver, @raffi, and a few other test
[twitter-dev] Re: link wrapping on the API
OK, it's a little confusing naming for display URL, as that implies that is what clients should show directly to the users, as most of the time I would imagine that field should be cut for brevity. The difference between having a ping service that can help twitter track clicks and a redirect service that can help twitter protect users, and having twitter simply force-edit everyone's tweet texts, is that instead of providing a new service that developers and users can opt to use, you are providing a service that everyone _must_ use or add code to work around. You could have simply provided an extension to posting new tweets that identified the real urls of shortened urls, that would have protected short url providers who invested in your platform and allowed developers to add the improvement on their own time frames. I like the general idea of embedding real links in the twitter metadata even if it adds to an already bloated tweet data payload, but Twitter isn't respecting its ecosystem here by forcing complexity on all developers and giving a time frame of weeks to change established code developed over years. On Jun 9, 11:18 am, Raffi Krikorian ra...@twitter.com wrote: What's the algorithm for the display url? Ideally it will be a predictable length, to aid predictability in tweet display code. i'm not sure why the display_url would be of predictable length? the display_url is -exactly- the URL that the user has sent into the system. so, that may be of varying length. If the motive is really to protect us from malicious URLs, what about giving a service we can call to route links through your protective redirect servers? Then we can give users the option to be protected by your malicious detection algorithms if they want. If you want to click track every URL for whatever reason, ask client developers to hit a ping URL if the user clicks? I'm not sure otherwise how you will tell in a software client if it's the user requesting the t.co URL or the software. i guess i'm confused on this as well? isn't that what t.co does? On Jun 9, 6:57 am, Raffi Krikorian ra...@twitter.com wrote: hi all. twitter has been wrapping links in e-mailed DMs for a couple months nowhttp://bit.ly/twttldmemail. with that feature, we're trying to protect users against phishing and other malicious attacks. the way that we're doing this is that any URL that comes through in a DM gets currently wrapped with a twt.tl URL -- if the URL turns out to be malicious, Twitter can simply shut it down, and whoever follows that link will be presented with a page that warns them of potentially malicious content. in a few weeks, we're going to start slowly enabling this throughout the API for all statuses as well, but instead of twt.tl, we will be using t.co. practically, any tweet that is sent through statuses/update that has a link on it will have the link automatically converted to a t.co link on its way through the Twitter platform. if you fetch any tweet created after this change goes live, then its text field will have all its links automatically wrapped with t.co links. when a user clicks on that link, Twitter will redirect them to the original URL after first confirming with our database that that URL is not malicious. on top of the end-user benefit, we hope to eventually provide all developers with aggregate usage data around your applications such as the number of clicks people make on URLs you display (it will, of course, be in aggregate and not identifiable manner). additionally, we want to be able to build services and APIs that can make algorithmic recommendations to users based on the content they are consuming. gathering the data from t.co will help make these possible. our current plan is that no user will see a t.co URL on twitter.com but we still have some details to work through. the links will still be displayed as they were sent in, but the target of the link will be the t.co link instead. and, we want to provide the same ability to display original links to developers. we're going to use the entities attribute to make this possible. let's say i send out the following tweet: you have to check outhttp:// dev.twitter.com! a returned (and truncated) status object may look like: { text : you have to check outhttp://t.co/s9gfk2d4!;, ... user : { screen_name : raffi, ... }, ... entities : { urls : [ { url : http://t.co/s9gfk2d4;, display_url : http://dev.twitter.com;, indices : [23, 43] } ], ... }, ... } two things to note: the text of the returned status object doesn't have the original URL and instead it has a t.co URL, and the entities block now has a display_url attribute associated with it. what we're hoping is
[twitter-dev] Re: Release of PHP Twitter (with OAuth)
Hi Tijs, Great! Will try this out. I read on your site that accountUpdateProfileImage isn't yet implemented. When do you expect this function will be available? Alex On 18 mei, 23:34, Tijs Verkoyen t...@verkoyen.eu wrote: Hi all, I am Tijs, you may know me by the (wrapper-)class I wrote before (http://classes.verkoyen.eu/twitter). I now wrote a new version of the class which uses OAuth for authenticating. If you're interested you can grab a copy at:http://classes.verkoyen.eu/twitter_oauth. Have fun!
[twitter-dev] which PHP libraries will still be ok to use with OAuth (Jun 30th)
Hi guys, Now that twitter will deprecate the the Basic Auth and OAuth will be the standard ( http://apiwiki.twitter.com/OAuth-FAQ#WhenareyougoingtoturnoffBasicAuth ) which PHP libraries in this list http://dev.twitter.com/pages/libraries#php are ok to use? (Also, which one do you consider to be the best?) Thank you
[twitter-dev] did they lift the limits on direct messages?
I'm confused: - here it says that there's a limit on direct messages URL: http://help.twitter.com/entries/15364 In the documentation page for this method you have : API rate limited false: URL: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-direct_messages new Here it says that API methods that use HTTP POST to submit data to Twitter, such as statuses/update do not affect rate limits. I guess that this is a POST method that submits data and is not subject to limits? URL: http://apiwiki.twitter.com/Rate-limiting Which one is true? Thank you!
Re: [twitter-dev] did they lift the limits on direct messages?
Thanks for your answer. One more: is the 250 MD limit increased if the application is whitelisted? Or does the whitelist concernt the rates only? Thanks On Wed, May 12, 2010 at 5:15 PM, Taylor Singletary taylorsinglet...@twitter.com wrote: Rate limits and limits on particular actions are different. We could do better in providing a X-FeatureRateLimit header on tweets and DMs and the such that have their own issuance limit -- but I can imagine potential performance issues with that. Rate limits provide a ceiling on the amount of API calls you can make. Their main purpose is to keep the entire platform running smoothly and to not allow any one application to spoil the resource pool for its peers. Twitter, aside from the API itself, has limits on how many status updates and DMs can be sent -- the API just respects the rules of Twitter here. If you're concerned you might be hitting the upper limit, for now the best thing to do would be to implement a counter in your application and queue updates when your counter is full. A user may issue 1000 tweets per day and 250 DMs. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Wed, May 12, 2010 at 4:47 AM, alex alex.urdea.fi...@gmail.com wrote: I'm confused: - here it says that there's a limit on direct messages URL: http://help.twitter.com/entries/15364 In the documentation page for this method you have : API rate limited false: URL: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-direct_messages new Here it says that API methods that use HTTP POST to submit data to Twitter, such as statuses/update do not affect rate limits. I guess that this is a POST method that submits data and is not subject to limits? URL: http://apiwiki.twitter.com/Rate-limiting Which one is true? Thank you!
[twitter-dev] Re: small update c client
thanx for your help, i can't use curl , it's for study purposes. it's actually started working on it's own,strange... now i can twit from my CLI :P again thanx for the response. On Dec 22, 11:35 am, shiplu shiplu@gmail.com wrote: If you get 302 it'll contain a Location header. Make request to that location again. You are requesting to twitter.com. You should be using api.twitter.com/1 instead. Its better you use curl in C. Here is a code snippet for youhttp://pastie.org/752884 Its generated by curl. -- Shiplu Mokaddim My talks,http://talk.cmyweb.net Follow me,http://twitter.com/shiplu SUST Programmers,http://groups.google.com/group/p2psust Innovation distinguishes bet ... ... (ask Steve Jobs the rest)
[twitter-dev] small update c client
Hey Guys , I'm trying to make a simple C project in Linux , to update my status on twitter . but i get a HTTP 302 found messages all the time . my code is below can u help me? char message[1000]=; char details[100]=user:password; char UserPass[100]; int msglen; char status[30]=status=d d d d damn !!!; msglen=strlen(status); BASE64_encode(details,UserPass); sprintf(message,POST /statuses/update.xml HTTP/1.1\r \nAuthorization: Basic %s\r\nHost: twitter.com\r\nContent-Length: %d\r \n\r\n%s,UserPass,msglen,status); write(sd,message,strlen(message)); read(sd,buf,200); printf(%s\n,buf); thanx.
[twitter-dev] 500 Internal Server Error when trying to Update Twitter Status
Hi, I made a simple script to update a twitter status. I worked fine with GET, but I know it would be stupid to use that because it sends username and password in the url. I tried changing it to POST, and I keep getting a 500 Internal Server Error whenever I try to use it. | Here's my html: html head script type=text/javascript var xmlhttp = new XMLHttpRequest(); function login() { if (xmlhttp==null) { alert(Your browser doesn't support XMLHTTP!); } var url=twitupdate.php; var params=u=usernamep=password; xmlhttp.open(POST, url, true); xmlhttp.setRequestHeader(Content-type, application/x-www-form- urlencoded); xmlhttp.setRequestHeader(Content-length, params.length); xmlhttp.setRequestHeader(Connection, close); xmlhttp.onreadystatechange = function() {//Call a function when the state changes. if(xmlhttp.readyState == 4 xmlhttp.status == 200) { alert(xmlhttp.responseText); } } xmlhttp.send(params); } function stateChanged() { if (xmlhttp.readyState==4) { alert(xmlhttp.resonseText); } } function GetXmlHttpObject() { if (window.XMLHttpRequest) { // code for IE7+, Firefox, Chrome, Opera, Safari return new XMLHttpRequest(); } if (window.ActiveXObject) { // code for IE6, IE5 return new ActiveXObject(Microsoft.XMLHTTP); } return null; } /script /head body input type=text id=username / input type=text id=password / input type=button onclick=login() value=Login/ /body /html | Here's My PHP: ?php $tweettext = $_POST[ require Twitter.class.php; $tweet = new Twitter($_POST[u], $_POST[p]); $success = $tweet-update(yay!); if ($success) echo Tweet successful!; else echo $tweet-error; ? | Thanks, Alex
[twitter-dev] Re: New behaviour for statuses/update API call for 141+ char sized messages and duplicates?
Of course it is a bug. On Oct 26, 4:33 pm, Kevin Menard nirvd...@gmail.com wrote: Thanks for the info, Dave. Although, the fact that the current behavior does not match the API docs does make it a bug. Whether that bug is in the implementation or the docs is really what's up for grabs. -- Kevin On Oct 24, 6:39 am, Dave Sherohman d...@fishtwits.com wrote: http://groups.google.com/group/twitter-development-talk/browse_thread.. These are deliberate changes on Twitter's part, so they are not bugs. Whether they are features depends on who you ask... As it currently stands, you must either check the returnedstatusID to see if it's higher than previous IDs or compare the submittedstatusto the returnedstatus(ignoring URLs) to determine whether theupdatewas actually successful or if it was silently rejected by Twitter. Hopefully, in the (very near) future, Twitter will start providing some indication in the response that will make it simple and reliable to determine when anupdatehas been rejected without requiring app developers to try to figure that out on our own, but, so far as I am aware, Twitter has not yet made any statement regarding this. On Fri, Oct 23, 2009 at 08:53:16AM -0700, Kevin Menard wrote: Hi, I'm seeing the same thing that Ole is. Twitter is not truncating the status, but rather returning the last correctly updatedstatus. -- Kevin On Oct 16, 4:58 am, janole s...@mobileways.de wrote: According to my tests, messages will not be truncated anymore! Instead, you will get the most recentstatusupdateas a reply. Is this a bug or feature? Also, it seems as if the API now checks for duplicates in your backlog ofstatusesand not just you most recent tweet. Previously, only the last tweet was checked: - Last tweet test - Send new tweet with status=test will return the oldstatus(with the old status_id) but if you had something like this: Last tweet Hello, world. Second last tweet test Then you were able to create a new tweet with status=test! This is not possible at the moment. Bug or feature? I'm getting a lot of complaints from my Twitter client users who apparently experience both of these new behaviours or bugs (long tweets fail, duplicates fail.) Ole @ mobileways.de On Twitter:http://twitter.com/janole On Oct 15, 8:26 pm, Josh Roesslein jroessl...@gmail.com wrote: If you send a message longer than 140 twitter will truncate it and set the truncate value on thestatusto True. For duplicates it will just ignore thestatus. Josh On Thu, Oct 15, 2009 at 1:20 PM, janole s...@mobileways.de wrote: Hi, I just figured out that when callingstatuses/updatewith a text longer than 140 chars, the reply of that API call will be 200 OK with the laststatusof the user. Wouldn't it be better to return some sort of error message? The same seems to be happening when sending a duplicate tweet. Ole -- Jan Ole Suhr s...@mobileways.de On Twitter:http://twitter.com/janole -- Dave Sherohman
[twitter-dev] Re: Deprecation Notice: pagination on several methods is being replaced with cursoring on October 26, 2009
I'll pass those numbers along to our App Services team and see what they can do. On Thu, Sep 24, 2009 at 19:07, Dewald Pretorius dpr...@gmail.com wrote: Alex, Thanks for this. Is there any way that response times on the call could be improved? It takes around 4 seconds to retrieve one cursor. When one retrieves the followers/friends of an account with 100,000 of those, with 100 followers/friends per cursor, it takes more than an hour to retrieve all the followers/friends. It's not a train smash issue, it would just be good to have faster response times. I have noticed the same slower response times (measured against 0.4 seconds for other calls) on the social graph methods when using cursors. Dewald -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Please Make 401 Singular In Meaning
That absolutely seems like a bug, or at least an inconsistency - we generally return a 404 when things are missing. Please file an issue and we'll fix it up early next week. On Fri, Sep 25, 2009 at 17:51, Dewald Pretorius dpr...@gmail.com wrote: API folks, could you please, please NOT return 401 Not authorized when an authenticated call with a perfectly valid username and password requests a /queryusername.json where that queryusername happens to be a username that does not exist. Rather return 404. By returning 401 you are making it impossible for me to tell where the actual problem lies and inform the user. Is it with the user's password, or is it because the user wanted information about a Twitter account that does not exist? Dewald -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] About the oneforty application directory
Just wanted to pass on a note from the team at oneforty.com, who recently launched with over 1300 Twitter applications in their directory. Your app might already be on their site. If it's not yet, you can register as a developer and add it. Once you register and claim your app you can promote it with screenshots, descriptions, tags, and reviews. If you saw the early alpha version of oneforty, it's much improved - real home page, most popular apps ranking and essentials. New item pages just launched and look much better than the prototype did. Their team working on the ability to sell apps right on the site. They're also definitely looking for your feedback. @freerobby, @graysky, @macasek, and @pistachio are often in the #twitterapi IRC channel. There's more contact info below, too. A note from the oneforty team and info on how to register, claim, edit add stuff: We built oneforty to help the best stuff being built on the Twitter API get found and get profitable. Come claim your apps, add content and add new projects in the Twitter appstore oneforty.com To get started: Sign in via oauth. (We whitelisted as many dev usernames as we could find. If you can't login already use invite code TWAPI and we'll let you right in.) Register as a developer: http://oneforty.com/me/developer_profile Search for and claim your app (Suggest Item if we don't have it yet!) Check out your item's page, make sure it's tagged well, tweet a link to it, etc Once approved, add details, screenshots, media coverage and more In the near future you'll be able to offer things for sale right in oneforty. For now we link to your sites and (optionally) let you collect donations. We want to help you get your app found, rated, reviewed and into the hands of the users who need it the most. We also want to get the Twitter community to do a better job supporting developers and apps so that your innovation can flourish. It's frustrating when great apps go defunct because of server costs, etc. We're anticipating decent blog and press coverage, so we want your to look its best! Please let us know whatever we can do to help you. Thank you. We'd really love to know what you think and what you want: Uservice feedback forum. Any questions at all, develop...@oneforty.com or 617-645-7767, anytime. oneforty Founder Laura (@Pistachio) Fitton will be at events in Fort Worth 9/25, Seattle 9/26-27, SF/bay area 9/27-30 and Boston 10/1 and would love to meet you (see http://bit.ly/tour140 for Tweetup event info). She also wrote Twitter for Dummies. Check 'em out! -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Deprecation Notice: pagination on several methods is being replaced with cursoring on October 26, 2009
Hi, Recently, we documented a new pagination mechanism for our social graph methods, /friends/ids and /followers/ids. Traditional page-based pagination doesn't dovetail with our recent backend changes, and we've now exposed a cursor-based pagination mechanism that's far more reliable. Today, we've documented that this new pagination mechanism is also available for the /statuses/friends and /statuses/followers methods. With that change, we're setting a hard deprecation date for traditional pagination on these four methods: October 26th, 2009. That's over a month from now. Once deprecated, we'll simply ignore the page parameter if it's sent by a client, and you'll get the default number of items for the method you're calling. For more information, see http://apiwiki.twitter.com/Twitter-API-Documentation. Thanks. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Comments for the group and Twitter staff
For applications like yours, moving to the Streaming API will increase the quality of service for you and decrease load for us. A big part of building an effective application on our API is figuring out which methods to use and what strategies to use for retrieving information and sending updates and direct messages. If you reach out to us (a...@twitter.com), we're happy to help with that. Often times, we don't hear from unhappy developers until they're already outraged and posting on their blogs or in this group. Please: give us a chance to help you out first. We may not always be able to make your particular issues our highest priority, but we'll give it our best shot. If you're still pissed, then you can go vent :) And yes, reporting bugs with detailed debugging output (HTTP requests and responses with all headers and full response bodies) are incredibly useful. We essentially can't help you without this information for any non-trivial bugs. Another huge help to us: if you know anyone who either wants to join our team as an engineer or help us out with full- or part-time developer support, please send them to http://twitter.com/jobs. We're a very small team with a very big job, but we've got the funding to add more people. Please, please, please send good people our way! Every addition to the team helps us help you. On Wed, Sep 16, 2009 at 03:13, Fabien Penso fabienpe...@gmail.com wrote: On Wed, Sep 16, 2009 at 7:00 AM, Matthew Ranney m...@ranney.com wrote: Hey Alex, would you consider just giving everybody their money back if they aren't 100% satisfied? Hi guys. I have been developing an iPhone application for push called notifications : www.appnotifications.com I've added Gmail push, RSS, Google voice, I provide an API for sending yourself notifications, and of course I've added Twitter too. I've had some support from some Twitter developers and I'm happy I did. However, to reply to the subject of this thread I also had many issues with the API, some tweets not showing up for example. The complains I get from users is all about the Twitter plugin I did, I almost regret to have added it. I might have done something wrong on my side, but I also have the feelings, like other people here, than the API is not always working well. And I don't blame anyone, I think with the number of tweets you have, and the massive number of new users you had within the last year, it must be a super exciting job to work at Twitter, but also such a stressed one :) I wouldn't want to be responsible for scalability there. Is there anything we can do to help you guys? Reporting specific bugs (they are sometimes hard to find and hard to reproduce as it's a stream). -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Comments for the group and Twitter staff
I completely agree. As I said, we can't always make someone's pet issue our top priority. Given that we have basically 2.5 full-time engineers on our team, that can mean waiting weeks or months for a fix to a lower-priority issue. But we should absolutely be communicating during that wait, and the author of that post has every right to be pissed. One thing I have noticed, though, is developers going through our user support track (via http://help.twitter.com) rather than contacting the Platform Team via a...@twitter.com or by filing an issue on our issue tracker. Our user support folks try their best, but they're often not able to answer developer questions and are likely to hand that issue off to our team and close the ticket. Contacting us developer-facing folks is a much better way to get your issue answered. On Wed, Sep 16, 2009 at 13:21, zippy_monster alex.zep...@gmail.com wrote: On Sep 16, 10:37 am, Alex Payne a...@twitter.com wrote: Often times, we don't hear from unhappy developers until they're already outraged and posting on their blogs or in this group. Please: give us a chance to help you out first. We may not always be able to make your particular issues our highest priority, but we'll give it our best shot. If you're still pissed, then you can go vent :) Well take a look at the grumbling about the OAuth stuff. Mixed in with complaints about OAuth are complaints about Twitter support being non-responsive. Take a look at this from earlier this month: http://homeculinaire.blogspot.com/2009/01/twitter-support-your- problems-are-far.html That person was waiting two months(!) for a response, only to have his support tickets deleted. I suspect a lot of the unhappy bloggers have indeed tried to contact Twitter, and that this group (and the blogs) are an outlet of last resort. Understaffed or not, that sucks for the developers. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Comments for the group and Twitter staff
Generally, the folks on the Platform Team aren't set up with accounts for the user-facing support system. That's why we try to keep things on the Google Code issue tracker - it's in public, it's easier for our team to manage, and it's easier for other developers to discover bugs so we get fewer duplicates. On Wed, Sep 16, 2009 at 13:47, zippy_monster alex.zep...@gmail.com wrote: On Sep 16, 1:41 pm, Alex Payne a...@twitter.com wrote: One thing I have noticed, though, is developers going through our user support track (viahttp://help.twitter.com) rather than contacting the Platform Team via a...@twitter.com or by filing an issue on our issue tracker. Our user support folks try their best, but they're often not able to answer developer questions and are likely to hand that issue off to our team and close the ticket. Contacting us developer-facing folks is a much better way to get your issue answered. Do developers not use or respond to the support tickets directly? - alex -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Default profile pics
Tim, We specify full URLs to images so that developers don't have to supply custom code to pull in profile images and background images. It sounds like you have a pretty unusual use case for our profile images. For what it's worth, I think we deployed six variations of those images, but our front end team may deploy more at any time. Similarly, they may change up the default profile colors and such. That's out of the control of our team. On Tue, Sep 15, 2009 at 04:38, timwhitlock tim.whitl...@publicreative.com wrote: I notice today that Twitter has created a new default profile pic; e.g: http://s.twimg.com/a/1252980779/images/default_profile_1_normal.png Great. That's broken some of my algorithms on Twitblock.org. (identifying re-used images) I can fix that. I'll just add the new MD5 to my app config. But, wait. Did I spot some different colours? Yes, that example is only one; e.g.2: http://s.twimg.com/a/1252980779/images/default_profile_2_normal.png a. Can Twitter tell use how many there are of these? b. How about a user object property profile_image_default (true| false) ? c. How about Twitter start notifying the developer community of changes? -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Comments for the group and Twitter staff
Waldron, We're looking into this issue, but it requires a great deal of coordination with the folks who work on our back-end infrastructure. When you ask for a list of denormalized IDs, that request spends very little time in API code, and most of its time talking to a back-end system that my team has no control over. We're working with the folks in charge of that on reliability and better ways for developers to access that data. Please understand that the denormalized lists are currently provided to developers on a best-effort basis. For the vast majority of Twitter applications, this data isn't necessary. A specialized class of applications need this data, and we're doing our best to provide it. On Tue, Sep 15, 2009 at 00:21, Waldron Faulkner waldronfaulk...@gmail.com wrote: Ryan, please look no further than existing, accepted issues in the issues list for examples as to how this platform is not yet ready. One of your primary API calls, followers/ids (and friends/ids) is broken, and has been for more than a week now. Since paging is not working, and un-paged requests on accounts with many followers yields fail whale, we CANNOT GET LISTS OF FOLLOWERS. That is a major failure, and it doesn't feel like it's getting any kind of response. As I have said repeatedly in this forum and in the issues list, this has frozen business development for my fledgling business, which I have trusted to the Twitter API. I can't show a broken product. At some point, you will put this little dream of mine out of business. I'm up late working on my project, which will ultimately add value to Twitter's business. I hope your team isn't leaving me high and dry. Please tell me I don't have to go do a Facebook app instead. Please tell me that someone was working on this over the weekend. I'd love to have some solid, no-nonsense response to this, with hard dates. So far we've had well-meaning but empty words. Thanks, - Waldron Faulkner Founder, GraphEdge LLC. http://graphedge.com On Sep 15, 2:59 am, Ryan Sarver rsar...@twitter.com wrote: WyoKnott, Thanks for your email. We really appreciate the candid feedback and definitely is not something we want to see happening. I would like to hear more about what you mean by not stable enough and what specific issues we can work on that would get you to consider Twitter a platform worthy of building your business on. I look forward to your feedback. Best, Ryan On Fri, Sep 11, 2009 at 6:36 AM, WyoKnott mycro...@lifewithindustry.com wrote: A few months ago I was introduced to the Twitter API by a prospective client who wanted a custom application. I took the time to learn the API and wrote a quick and dirty standalone windows app. The project fell through (the client could not get financing) but I have continued to be a twitter user and have subscribed to this group email. I stopped development on the project because the API does not yet seem stable enough for me to try to produce a marketable product on my own while at the same time chasing an API around. Is my opinion way off the mark or are some of the other developers out there feeling the same way. I am considering restarting development on the project if the Twitter API is likely to get more stable in the near future. Thanks for tolerating my ravings WyoKnott -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Comments for the group and Twitter staff
We're planning on doing just that: communicating more, monitoring the API via a third-party service from a variety of locales, and providing better documentation. We've got more developer support hires lined up, and more. Thanks for the list of what you'd like to see, and thanks for bearing with us. On Tue, Sep 15, 2009 at 12:13, zippy_monster alex.zep...@gmail.com wrote: On Sep 15, 11:04 am, Alex Payne a...@twitter.com wrote: Please understand that the denormalized lists are currently provided to developers on a best-effort basis. For the vast majority of Twitter applications, this data isn't necessary. A specialized class of applications need this data, and we're doing our best to provide it. As a developer, implementation details are mainly a recreational interest. My primary concern is the end result (does it work? or not?). Excuses and apologies are nice, but not a substitute for more explicit testing and communication. So far I've run into two disruptive changes: - Today, for a brief period, API queries were returning twice the number of responses they should have. Instead of showing the proper 6 DMs, I was getting 12 back. Oops. - Previously, the way POST + OAuth requests were being handled changed. The code I was using (MGTwitterEngine + various OAuth hacks) was sending GET arguments with every request (even POST). For a while this worked, but in the past few weeks this broke with no warning. Yeah, that was sloppy client-side code, but the documentation was silent on this, and certainly the error message (invalid/re-used nonce) was not terribly helpful as a proper nonce was being generated each time. Additionally, Internet rumblings about how OAuth was handled lend credence to the idea that the API just isn't terribly stable... both from the idea that you're pushing people to use what is officially considered an experimental API, and that it's being treated as an experimental API (OAuth specific outages for instance). Or, the current pagination problems. The threads I see here seem to all be started by API consumers. What's missing from the picture is an announcement from Twitter that some feature is broken. That smacks of really poor (well, non-existent) communication. So, yeah, after spending time tracking down the above problems, and reading general internet rumblings, my gut feeling is that the Twitter API simply isn't terribly stable. Specifically, I wonder how serious Twitter is about testing things in a non-production environment. If I had to propose a solution, it would be to keep a more explicit list (blog, regular group postings, whatever) of what changes... even if you think it's insignificant. When something breaks, no matter how small, a formal announcement would be great. If such a thing exists, I sure don't know about it. The API blog hasn't been updated since July. The third hit on Google for twitter api is a post to this group begging for documentation. The API changelog is out there, but it too seems like it's not consistently updated. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Paging STILL broken
Just wanted to follow up on this thread. We've pushed out a change and associated documentation that should allow for reliable, fast pagination through lists of denormalized IDs. Please kick the tires on the new cursor-based pagination: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friends%C2%A0ids http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-followers%C2%A0ids On Mon, Sep 14, 2009 at 09:33, Ryan Sarver rsar...@twitter.com wrote: Waldron, I wish I had an exact ETA for you, but unfortunately these types of issues are never simple. As soon as we can identify exactly what is causing the problem we should be able to know when it can be resolved. I will update you with an ETA as soon as we can. Thanks, rs On Mon, Sep 14, 2009 at 5:23 AM, Waldron Faulkner waldronfaulk...@gmail.com wrote: That's awesome, Ryan, thanks. Can I get an ETA on a fix please? This is extremely important to my business, I need to know when I can begin selling. This bug has caused a delay, because I can't sell a broken product, even if it is Twitter's bug and not my own. So... ETA?? Thanks! On Sep 13, 5:49 pm, Ryan Sarver rsar...@twitter.com wrote: Waldron, Thanks for the email. I am working with our team internally to track down the issue and figure out how to resolve it. I will get back to you with an update shortly, but know that we are listening and working on this. Best, Ryan On Sun, Sep 13, 2009 at 8:55 AM, Waldron Faulkner waldronfaulk...@gmail.com wrote: PLEASE, can someone on the API team let us know when the paging bug(s) with followers/ids (and friends/ids) will be addressed? There have been problems with it for weeks, but now it's just downright broken. We can't get lists of followers for users with large numbers of followers. That's a basic, fundamental API feature that's just BROKEN. There's a reproduced, accepted, high priority bug against this issue in the issues area, starred by many, and we've had neither a fix, nor a comment as to whether it's even being addressed. I need to know that I can expect problems with the platform's basic functionality to be resolved within a reasonable time-frame. This is killing my business development efforts. If Twitter wants people to build businesses on this platform, they HAVE to support it. PLEASE guys, give us something. Don't make me throw away months of work and go focus on something unrelated to Twitter. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Comments for the group and Twitter staff
The main twitter.com site already uses the API in some places. Our revised mobile site is built entirely on the API, and our Facebook application has been built off our API for some time. Dogfooding! We support it. On Tue, Sep 15, 2009 at 14:08, Jim Renkel james.ren...@gmail.com wrote: I emphatically second and support the idea of twitter.com having to use the API. We had similar quality problems at a place I formerly worked, and they were solved, completely, when such a policy was instituted. Yeah, it puts pressure on the API team and may inconvenience the UI team, or whatever you call them, but in the long run it will be worth it. Side effects that we saw were a simpler, cleaner, more consistent architecture for the whole system, and lower total costs to develop and maintain the system. Bite the bullet and do it now. The longer you wait, the more difficult and expensive it will be. Jim Renkel -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of Scott Haneda Sent: Tuesday, September 15, 2009 15:55 To: twitter-development-talk@googlegroups.com Subject: [twitter-dev] Re: Comments for the group and Twitter staff Probably too late for this, but perhaps moving forward, it could be done... Twitter.com should move to using their own API. The tools they use to power their own site should be the same tools we use and rely on. In all reality, this seems a simpler approach, rather than pushing out code for their stuff, and then essentially backporting that to an API, just work on making the API, and then integrate that into the twitter.com site. As far as I can tell, this would solve pretty much every problem the API has, as there can not be a case where twitter is down, but the API is up, or the API is down, and twitter is up. Twitter should be eating their own dog food :) -- Scott * If you contact me off list replace talklists@ with scott@ * -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Friends Ids API
Hi guys, I don't seem to have found any trace of this report before, so I thought I should post it. According to the http://apiwiki.twitter.com/Twitter-REST-API-Method:-friends ids documentation, you can actually get the results using any of the following 4 URIs: http://twitter.com/friends/ids/numeric_id.json http://twitter.com/friends/ids/screen_name.json http://twitter.com/friends/ids/ids.json?user_id=numeric_id http://twitter.com/friends/ids/ids.json?screen_name=screen_name Now, I know this may sound weird or I've just missed this par, but the results I'm getting back from the first 2 requests are different to the ones for the last 2 URIs. The size of the second result set is significantly smaller than the first one. As an additional clarification: I am testing these against an account that doesn't follow more than 5000 users. 2. I have found the first line from the doc a bit confusing: [q] Returns an array of numeric IDs for every user the specified user is following.[/q] I'd suggest rephrasing it to something like: [q]Returns the array of numeric IDs of all users following the specified user.[/q] Looking forward to hearing your comment on the first issue. Thanks in advance, ./alex
[twitter-dev] Alert: Twitpocalypse II coming Friday, September 11th - make sure you can handle large status IDs!
As mentioned previously, the Twitter operations team will artificially increase the maximum status ID to 4294967296 this coming Friday, September 11th. This action is part of routine database upgrades and maintenance. If your Twitter API application stores status IDs, please be sure that your datastore is configured to handle integers of that size. Thanks. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Geocoded OR search broken?
Another note: the Search API documentation has been updated to reflect that querying based on geocode is not compatible with disjunctions (OR queries). Please see the Operator Limits section of http://apiwiki.twitter.com/Twitter-Search-API-Method:-search. On Wed, Sep 9, 2009 at 11:19, Samuel Luckenbills...@twitter.com wrote: Hey Folks, The bug is specifically that all queries using the geocode parameter with no query string return no results. We'll launch a bug fix today. In the interim, you can use the geocode: operator in the query string or add a bogus string as someone else has suggested. Sorry for the inconvenience and we appreciate your patience. Sam On Sep 8, 6:25 pm, Jose Tinoco jose.tin...@gmail.com wrote: Geocoded API searches are also broken. This is the geocoding example from the API documentation, which used to work and now doesn't: http://search.twitter.com/search.atom?geocode=40.757929%2C-73.985506%... My website (blablabra.net) does similar searches and now receives only 403 Forbidden errors or an empty XML/JSON with You must enter a query if I try this search on my browser window. On Sep 8, 10:05 pm, Alex Payne a...@twitter.com wrote: Our Search Team informs me that they shipped a new query parser today. This is likely a bug in the new parser, and I've let them know about it. On Tue, Sep 8, 2009 at 17:48, Mack D. Malemaster...@gmail.com wrote: Until a couple of hours ago, searching for something like edmonton OR #yeg OR near:edmonton (or the API equivalent) worked just fine. Now it doesn't return anything new, and seems to return an odd set of old results. You can search for them separately, as in edmonton OR #yeg and near:edmonton but not together. What gives? -- Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Alert: Twitpocalypse II coming Friday, September 11th - make sure you can handle large status IDs!
Sorry, an error in phrasing. It was previously mentioned that this change was pending. We had not previously announced a date for the change. Normally, we prefer to provide more advance notice where possible, but I'm letting you all know immediately after our operations team informed me that it was necessary to make this change on Friday. On Wed, Sep 9, 2009 at 12:13, Hwee-Boon Yarhweeb...@gmail.com wrote: May I know when and where was it mentioned that it will be artificially increased this coming Friday? -- Hwee-Boon On Sep 10, 2:49 am, Alex Payne a...@twitter.com wrote: As mentioned previously, the Twitter operations team willartificially increase the maximum status ID to 4294967296 this coming Friday, September 11th. This action is part of routine database upgrades and maintenance. If your Twitter API application stores status IDs, please be sure that your datastore is configured to handle integers of that size. Thanks. -- Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: 2 week advance notice: changes to /friends/ids and /followers/ids
It hasn't been deployed yet, but it's still gonna happen. Will update when I know more. On Tue, Sep 8, 2009 at 13:59, Yu-Shan Fungambivale...@gmail.com wrote: I remember reading about this a while back. Has this been deployed yet? The wiki doesn't look like it has any info about cursors. Thanks! Yu-Shan On Tue, Aug 4, 2009 at 10:18 AM, Alex Payne a...@twitter.com wrote: Once we deprecate the page parameter, it will simply be ignored and the method will attempt to return the entire result set. On Sun, Aug 2, 2009 at 15:15, janoles...@mobileways.de wrote: Hi Alex, In two weeks, we'll be addressing this with a change in back-end infrastructure. The page parameter will be replaced with a cursor does this mean the page parameter won't work anymore after the change? What's happening to those calls to the API still containing the page=x parameter? Cheers Ole -- Jan Ole Suhr s...@mobileways.de http://twitter.com/janole -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x -- “When nothing seems to help, I go look at a stonecutter hammering away at his rock perhaps a hundred times without as much as a crack showing in it. Yet at the hundred and first blow it will split in two, and I know it was not that blow that did it, but all that had gone before.” — Jacob Riis -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Geocoded OR search broken?
Our Search Team informs me that they shipped a new query parser today. This is likely a bug in the new parser, and I've let them know about it. On Tue, Sep 8, 2009 at 17:48, Mack D. Malemaster...@gmail.com wrote: Until a couple of hours ago, searching for something like edmonton OR #yeg OR near:edmonton (or the API equivalent) worked just fine. Now it doesn't return anything new, and seems to return an odd set of old results. You can search for them separately, as in edmonton OR #yeg and near:edmonton but not together. What gives? -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: 200 errors
hi Ryan, any update on this issue ?
[twitter-dev] Re: Either destroy is/was failing, or my understanding of destroy is/was failing
We've got a fix for this going out tomorrow. On Wed, Sep 2, 2009 at 09:38, Ted Newardted.new...@gmail.com wrote: I’ve been hacking on the Twitter API, and I’m running into some serious weirdness with destroy. I post a message: C:\ curl -u name:pass -d status=Testing http://twitter.com/statuses/update.xml ?xml version=1.0 encoding=UTF-8? status created_atWed Sep 02 10:10:23 + 2009/created_at id3708721364/id textTesting/text sourcelt;a href=quot;http://apiwiki.twitter.com/quot; rel=quot;nofollowquot;gt;APIlt;/agt;/source truncatedfalse/truncated in_reply_to_status_id/in_reply_to_status_id in_reply_to_user_id/in_reply_to_user_id favoritedfalse/favorited in_reply_to_screen_name/in_reply_to_screen_name user id70927096/id nameTed Neward/name screen_nameTestingScitter/screen_name location/location description/description profile_image_urlhttp://s.twimg.com/a/1251845223/images/default_profile_normal.png/profile_image_url url/url protectedfalse/protected followers_count1/followers_count profile_background_color9ae4e8/profile_background_color profile_text_color00/profile_text_color profile_link_colorff/profile_link_color profile_sidebar_fill_colore0ff92/profile_sidebar_fill_color profile_sidebar_border_color87bc44/profile_sidebar_border_color friends_count6/friends_count created_atWed Sep 02 09:49:13 + 2009/created_at favourites_count0/favourites_count utc_offset/utc_offset time_zone/time_zone profile_background_image_urlhttp://s.twimg.com/a/1251845223/images/themes/theme1/bg.gif/profile_background_image_url profile_background_tilefalse/profile_background_tile statuses_count4/statuses_count notificationsfalse/notifications verifiedfalse/verified followingfalse/following /user /status … which is all good, but then I try to delete that message: C:\ curl -u name:pass --http-request DELETE http://twitter.com/statuses/destroy/3708721364.xml ?xml version=1.0 encoding=UTF-8? hash request/statuses/destroy/3708721364.xml/request errorWe could not delete that status for some reason./error /hash What gives? Is this something that I’m doing wrong on my end? Momentary server weirdness? (Though it seems to have been pretty consistent all night.) Ted Neward Java, .NET, XML Services Consulting, Teaching, Speaking, Writing http://www.tedneward.com -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Track API Limit message meaning
Hi guys, I am currently testing a library for using the track API in order to make sure that I'm following all the rules exposed on the docs. While running against the real API I have noticed sporadic messages in the form: {limit:{track:121564}} According to the docs: [q]Track streams may also contain limitation notices, where the integer track is an enumeration of statuses that matched the track predicate but were administratively limited. [/q] I am not very sure that I'm correctly interpreting the above text as: 1. the track value seems to always be a single value 2. the track value seems to be growing in time 3. the track value doesn't seem to be a twitter message id Could you please clarify a bit the meaning of these messages? Many thanks in advance, ./alex PS: I've asked John (@jkalucki) about this and while I've got an answer from him (thanks a bunch John), I'm still not sure I'm getting it.
[twitter-dev] https on twimg.com?
Our app uses https during the user session and in order to prevent errors in some browsers we must make sure that all files (including images) are loading via https as well. Up until now we were just taking the profile image URL and swapping http for https in the URL, and everything worked fine. For example: https://s3.amazonaws.com/twitter_production/profile_images/52714790/aj_normal.gif However I am noticing that as profile images get migrated to twimg.com the SSL is no longer working, and as a result we are not able to load the images for those users. For example, @garyvee's profile image is: http://a3.twimg.com/profile_images/333261519/twitterProfilePhoto_normal.jpg But it will not load if we request: https://a3.twimg.com/profile_images/333261519/twitterProfilePhoto_normal.jpg Do you have plans to support https requests on the twimg.com subdomains? Thanks.
[twitter-dev] Service Update for August 17, 2009
All, Thanks for bearing with us as we continue to fend off a Distributed Denial of Service (DDoS) attack. In order to help us better assist you, please supply the following information when reporting API connectivity and performance issues to a...@twitter.com: 1. The IP of the machine making requests to the Twitter API. If you're behind NAT, please be sure to send us your *external* IP. 2. The IP address of the machine you're contacting in the Twitter cluster. You can find this on UNIX machines via the host or nslookup commands, and on Windows machines via the nbslookup command. 3. The Twitter API URL (method) you're requesting and any other details about the request (GET vs. POST, parameters, headers, etc.). 4. Your host operating system, browser (including version), relevant cookies, and any other pertinent information about your environment. 5. What kind of network connection you have and from which provider, and what kind of network connectivity devices you're using. Without this information, we cannot adequately troubleshoot your issue while responding to the ongoing attack. Thanks for your consideration. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Issues with the API this morning?
Just sent out an update on the sort of information we need to help you guys out. We're working on it. Expect things to open up for a bit as we tune some settings for the next hour. On Mon, Aug 17, 2009 at 12:07, Sean P.seantpa...@gmail.com wrote: I was starting to worry that something was wrong with Twobile (basic auth). Any news from the mothership on what's happening? On Aug 17, 10:42 am, Aaron Forgue for...@gmail.com wrote: My app, too, appears to be blocked. I can't even get status codes - the requests just timeout with no response. On Aug 17, 12:24 pm, Dewald Pretorius dpr...@gmail.com wrote: So, the general message is: Mayhem rules. I have no issues with Basic Auth (on low volume API calls). Login no problem. Dewald On Aug 17, 1:04 pm, Sean Callahan seancalla...@gmail.com wrote: The issue we're seeing at TweetPhoto is that no one can login to their account when using basic auth. Was informed by Twitter support that they are aware of the issue and are looking for a fix. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Platform downtime is expected
There are other threads going about these ongoing issues, including instructions for what to send us to help troubleshoot. On Mon, Aug 17, 2009 at 12:41, Adamadamarticul...@gmail.com wrote: Hi Ryan, Still meeting? Anxiously waiting since we are now dead in the water for 3 days now. Thanks. Adam On Aug 17, 1:39 pm, Ryan Sarver rsar...@twitter.com wrote: Everyone, I am meeting with Ops right now to get a status update and will follow up with the list as soon as we are done. Stay tuned. Best, Ryan On Mon, Aug 17, 2009 at 6:39 AM, jonat...@scribblelivemitc...@gmail.com wrote: The Twitter OAuth login is working about 50% of the time for us. Sometimes we get failures making the initial request for a token. If that works, and the user gets to the Decline/Accept screen, when they click Accept the connection often times out before they get a response. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Service Update for August 17, 2009
23 hours ago, we posted this: http://status.twitter.com/post/164410057/trouble-with-oauth-and-api-clients On Mon, Aug 17, 2009 at 13:35, Paul McDonaldpaul0...@gmail.com wrote: Alex - Is there ANY way you guys could post information to your status page that a DDOS or issue is going on? Something we can point our customers to so they don't think it is our service/product? Right now many of my users think the problem is our product, when in fact, it is simply the IPs they are coming from being blocked. This would really help out with customer perception of what is going on. -paul On Aug 17, 3:10 pm, Alex Payne a...@twitter.com wrote: All, Thanks for bearing with us as we continue to fend off a Distributed Denial of Service (DDoS) attack. In order to help us better assist you, please supply the following information when reporting API connectivity and performance issues to a...@twitter.com: 1. The IP of the machine making requests to the Twitter API. If you're behind NAT, please be sure to send us your *external* IP. 2. The IP address of the machine you're contacting in the Twitter cluster. You can find this on UNIX machines via the host or nslookup commands, and on Windows machines via the nbslookup command. 3. The Twitter API URL (method) you're requesting and any other details about the request (GET vs. POST, parameters, headers, etc.). 4. Your host operating system, browser (including version), relevant cookies, and any other pertinent information about your environment. 5. What kind of network connection you have and from which provider, and what kind of network connectivity devices you're using. Without this information, we cannot adequately troubleshoot your issue while responding to the ongoing attack. Thanks for your consideration. -- Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] API Changes for August 12, 2009
A day late and a bug short... - FIXED: /account/verify_credentials no longer enforces a rate limit that's inconsistent with the rest of the API. Thanks. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Uploaded new pic to Twitter and it isn't showing up
This is an intermittent bug as we improve our static asset hosting. In the future, please use this group for questions that are strictly API-related. Thanks! On Thu, Aug 13, 2009 at 11:51, SharayahR handballch...@hotmail.com wrote: Ok so every single time I upload a picture to Twitter to change my profile pic it never shows up. Just has an X on it. It says it's uploaded, but nothing is there. Only one of my pictures works... and I'm tired of that one so I wanted to change it. Anything I'm doing wrong?? Is this a common problem? -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: 401 Unauthorized...
To the best of my knowledge, we're not doing any unusual blocking. Rate limits are as they have been. On Wed, Aug 12, 2009 at 08:08, AccountingSoftwareGuy virga.rob...@gmail.com wrote: Is Twitter still blocking posts to the API from non-white listed apps? Since the DDOS attack we can't seem to send any posts through the API using oAuth. Nothing in our code has changed but all was working prior to the attack. Is anyone out there havine any success sending messages with oauth (non-whitelisted app)??? Can someone/anyone please comment, I need to get our app working but considering our code has not changed I don't want to spend a lot of time chasing something down that is not my fault and out of my control. PLEASE HELP -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Following Churn: Specific guidance needed
An update on this thread: we have an inquiry out to our spam team to get more information about the metrics they use when policing mass-following/unfollowing. On Mon, Aug 10, 2009 at 15:12, IDOLpeeps belm...@grandcentralholdings.comwrote: Twitter recently started suspending accounts which bulk unfollow those who don't follow back for Terms of Service Violation (see: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/1aeb1f40ff665f78/955da80afd36ca4d?lnk=gstq=follower+churn#955da80afd36ca4d ). This policy has it's supporters and detractors. What it does not yet have is specific guidance describing the specific limitations on bulk unfollowing which, when not done for following churn, has it's legitimate purposes. Heretofore several utility applications provided a bulk unfollow function to end users (most commonly as a method of recruiting followers by following people in the hope they'd follow back and then unfollowing those who didn't) and some real twitter users (ie, not spammers) used this method to building their followers. As there are still bona fide rreasons for bulk unfollowing friends, it would be extremely helpulf if Twitter can provide more clear guidance about what type of bulk unfollowing exactly will flag an account for suspension? For example, does unfollowing several hundred friends whether they are following an account or not constitute the type of bulk unfollowing that will get an account suspended? Popular blogger Robert Scoble just had a script unfollow ALL his friends (http://scobleizer.com/ 2009/08/05/you-are-so-unfollowed/) successfully, yet a friend of mine unfollowed all his friends and his account was suspended later that same day. And another friend used a third party unfollow script to get her friends number below the 2,000 limit and her account was suspended. What are the specific rules regarding the type, quantity, and timing of bulk unfollowing that will result in account suspension? It's very difficult to manage twitter accounts with the specter of seemingly arbitrary account suspensions looming without having more specific guidance on how TOS are interpreted. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: OAuth vs. Basic authentication strictly on iPhone
For the case of a dedicated application on a rich mobile platform like iPhone, I agree that OAuth does not offer a particularly different user experience. It does, however, provide us at Twitter the information we need to provide detailed usage analytics back to developers, as well as the data we need to better understand our platform and help it grow. OAuth also provides a mechanism for users to revoke access to applications that aren't behaving as they expected; on the iPhone, removing a misbehaving application is as simple as deleting it, but for some non-technical users it may be helpful for them to visit their Twitter settings and see the list of applications they've authorized. We're working with our mobile team on improving the iPhone-optimized version of the OAuth workflow. It may not be an enormous improvement over password-based authentication, but once it's done, it certainly won't be a hinderance. Twitter is one of many companies moving to OAuth, and you can already find iPhone applications like TripIt that rely solely on OAuth for authentication. On Mon, Aug 10, 2009 at 14:16, Bradley S. O'Hearne brad.ohea...@gmail.comwrote: All, I don't want to kick this subject to death, as there was a lengthy thread on general OAuth vs. Basic auth -- I want to restrict this question strictly to the scope of iPhone apps. Having pored over the OAuth vs. Basic authentication process, I have a question, given the following assumptions: - The iPhone app is communicating directly with Twitter, i.e. not through some third-party means. - The iPhone app requires authentication at the beginning of each application runtime (i.e. each time the app is run the user has to type in their password). - The password is cached only in memory, for the life of that specific runtime (i.e. when the user quits the app, the password is released). - The password is NEVER persisted anywhere, i.e. never stored to disk. - All network communication with Twitter takes place over HTTPS. If all of those things are true in an iPhone app, how is OAuth superior in any way to basic authentication from a security standpoint? Furthermore, given having to introduce a foreign UI element and extra authentication steps over the web, could OAuth even be considered inferior when evaluated as a whole as an authentication means for the iPhone, when app branding, integration, and ease of use are considered? Mind you, the purpose of this post is not in any way to incite a religious war or stir the pot, it is to definitively establish the true pros and cons of each authentication means within the specific use case of the iPhone only. Many of the other OAuth / Basic auth threads are somewhat overridden with personally charged statements that I'd rather ignore them. Anyway, your constructive views are most appreciated. Regards, Brad -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Format of 'favorite status' URL
Even if passing id as a parameter works, it's not the documented behavior and isn't guaranteed to be supported indefinitely. Please specify IDs in-URL. On Tue, Aug 11, 2009 at 02:37, Mariusz mariusz...@gmail.com wrote: Hi I am making small Twitter client in Java. Currently I make option 'farourite status' and I have a strange problem. I always use format of url like this (for example for 'follow user'): http://twitter.com/friendships/create.json?id= It works well in almost all cases. However it doesn't work in 'favourite status'. If I try: http://twitter.com/favorites/create.json?id=11 I will get error. But if I try: http://twitter.com/favorites/create/11.json everything works well. Could somebody tell me why I can't use first way of the URL? I would like to use link with parameters after '?' character. Why doesn't it work in 'favorite status'? Mariusz -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: External API Team App Test Site
One of the projects on our list is a continuous testing system, running from a machine outside our cluster. We have the test suite built to do it, just not the production-safe fixture data. On Mon, Aug 10, 2009 at 10:20, Dewald Pretorius dpr...@gmail.com wrote: Does the API team have a test third-party app, from where you can experience and test the API from a consumer's perspective? If not, I think it may be helpful to you to have something like that. You don't need to run it at full stress all the time. When you roll out a mod to the API, or at times like these, you can run tests and do detail logging. That will enable you to detect and fix issues long before we start yelling at you. Dewald -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: TwitterLand - Ruby wrapper for many Twitter-related APIs
Very cool! Thanks much. I've added it to http://apiwiki.twitter.com/Libraries#Ruby On Mon, Aug 10, 2009 at 10:18, Wynn Netherland wynn.netherl...@gmail.comwrote: I'd like to thank those of you who have released your own APIs for the apps you've built on top of Twitter. If you're using Ruby, we've bundled up our wrappers for many of them into a new gem called TwitterLand. Please check it out and let us know if you'd like to see new APIs added or fork us on GitHub and contribute. http://www.rubyinside.com/twitterland-5-twitter-data-apis-in-a-single-gem-2215.html Thanks, Wynn Netherland // @pengwynn -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Tweepy -- python library
Thanks for your library, Josh! I've added it to http://apiwiki.twitter.com/Libraries#Python On Mon, Aug 10, 2009 at 09:50, Josh Roesslein jroessl...@gmail.com wrote: Hello twitter developers: Just posting here to announce a library for python I have been putting together. It supports pretty much the entire twitter API's endpoints. This includes the search and streaming APIs. The library also works fine with OAuth authentication. I have the library hosted here: http://gitorious.org/tweepy or if you are on Github: http://github.com/joshthecoder/tweepy If you are searching for a python library for twitter check it out. If you have any questions ask here or on twe...@googegroups.com Also if someone with write permission on the api wiki could list my library under the python category I would much appreciate it. Thank you for your time and hope you enjoy this library and find it useful. Josh -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Timeouts and API Errors, Tuesday August 11th
We're currently experiencing another wave of Distributed Denial of Service (DDoS) attacks against our system. Expect periodic slowness and errors until the attack passes or is countered by our operations team and hosting provider. Updates will be provided as we get them. Thanks for your patience. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Timeouts and API Errors, Tuesday August 11th
Our operations staff has informed me that the attack ceased several minutes ago. Site performance should be returning to normal. On Tue, Aug 11, 2009 at 12:23, Alex Payne a...@twitter.com wrote: We're currently experiencing another wave of Distributed Denial of Service (DDoS) attacks against our system. Expect periodic slowness and errors until the attack passes or is countered by our operations team and hosting provider. Updates will be provided as we get them. Thanks for your patience. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: created_at format
We do intend to move to unified format. This inconsistency is the result of the Search system being developed independently of Twitter before it was acquired. On Tue, Aug 11, 2009 at 13:33, Jonas boxnumbe...@gmail.com wrote: I am using search.json and track.json and I noticed that the date format for created_at is different. search.json: Tue, 11 Aug 2009 20:23:36 + track.json: Tue Aug 11 20:23:36 + 2009 Is there a reason why Twitter uses different formats for the same information? Is there any interest in using just one format? I would prefer the format outputted by search.json because it is easily parsed by the DateTime object in .NET. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Timeouts and API Errors, Tuesday August 11th
Yes, I've just been informed that the attack has resumed, and that our service provider is putting network hardware in place to counter the attack. We're trying to work with them to ensure minimal impact to the API, but in the near term there may be issues with OAuth and the Streaming API. This is a bit of a juggling act, as we're trying to coordinate our team, the operations team, our service provider's staff, and specialists that they've brought in for this issue. Please bear with us. On Tue, Aug 11, 2009 at 13:54, Dewald Pretorius dpr...@gmail.com wrote: My guess is it's still ongoing. I'm seeing far more rejections per second, and the number of backed-off retries have also increased. Dewald On Aug 11, 5:37 pm, Andrew Badera and...@badera.us wrote: On Tue, Aug 11, 2009 at 4:11 PM, Alex Paynea...@twitter.com wrote: Our operations staff has informed me that the attack ceased several minutes ago. Site performance should be returning to normal. On Tue, Aug 11, 2009 at 12:23, Alex Payne a...@twitter.com wrote: We're currently experiencing another wave of Distributed Denial of Service (DDoS) attacks against our system. Expect periodic slowness and errors until the attack passes or is countered by our operations team and hosting provider. Updates will be provided as we get them. Thanks for your patience. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x Has it resumed? Still getting lots of intermittency here. ∞ Andy Badera ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=(andrew+badera)+OR+(andy+badera) -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Seeing same login issues right now as when DDoD happened
Please see the other thread in this group. On Tue, Aug 11, 2009 at 13:55, Sean Callahan seancalla...@gmail.com wrote: I've tried logging into a handful of sites built around the Twitter API without success. I'm seeing the same login issues right now as when the DDoD happened. Twitter is aware of the downtime issue on their status page, http://status.twitter.com, but are they aware of the API issues (e.g., being able to login)? Sean -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Timeouts and API Errors, Tuesday August 11th
We're aware of these issues; sorry. Our ops team tells me that the countermeasures that are being put in place should not cause the 302 redirect behavior that impacted OAuth and other services late last week. If you're seeing that behavior, please post here and we'll coordinate with them to eliminate it. On Tue, Aug 11, 2009 at 13:58, Sean Callahan seancalla...@gmail.com wrote: Alex, Did not see this post and posted a new message. Still receiving lots of errors and no one can login on our site, tweetphoto.com, right now along with a handful of others (that I've tried myself). Just wanted to give you a heads up. Thanks! Sean On Aug 11, 1:11 pm, Alex Payne a...@twitter.com wrote: Our operations staff has informed me that the attack ceased several minutes ago. Site performance should be returning to normal. On Tue, Aug 11, 2009 at 12:23, Alex Payne a...@twitter.com wrote: We're currently experiencing another wave of Distributed Denial of Service (DDoS) attacks against our system. Expect periodic slowness and errors until the attack passes or is countered by our operations team and hosting provider. Updates will be provided as we get them. Thanks for your patience. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Timeouts and API Errors, Tuesday August 11th
Just found out that our hosting provider put some hardware in place that may cause disruptions. Our operations team just spoke them, and they should be taking it down in 15 - 30 minutes. On Tue, Aug 11, 2009 at 14:03, Andrew Badera and...@badera.us wrote: On Tue, Aug 11, 2009 at 5:01 PM, Andrew Baderaand...@badera.us wrote: On Tue, Aug 11, 2009 at 4:57 PM, Alex Paynea...@twitter.com wrote: Yes, I've just been informed that the attack has resumed, and that our service provider is putting network hardware in place to counter the attack. We're trying to work with them to ensure minimal impact to the API, but in the near term there may be issues with OAuth and the Streaming API. This is a bit of a juggling act, as we're trying to coordinate our team, the operations team, our service provider's staff, and specialists that they've brought in for this issue. Please bear with us. Thanks for the update Alex. No worries here, you all seem to be keeping us much more comfortably updated than most of Friday. --ab *Thursday, not Friday -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: php curl api calls no returns about 90% of the time
If you include the full headers in your response output, that would be helpful in tracking this down. On Tue, Aug 11, 2009 at 17:17, freefall tehgame...@googlemail.com wrote: It's quite impressive but I get nothing back from most of the curl api request I make to twitter. Fully whitelisted on ip, lots of ratelimit spare, total failures from twitter all the time. A new favourite appeared today from a http://twitter.com/friends/ids/accountname.xml get: ?xml version=1.0 encoding=UTF-8 ? ids / I'd love to know why this is happening, anyone got any ideas? Thanks -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Updating the APIs authentication limiting policy
We've just heard from our operations and deploy staff that we won't be able to deploy any code (for the API or otherwise) until Monday due to the DDoS attack and other issues. That means that the revert to the old rate limiting policy for this method won't go out this week. My apologies. On Thu, Aug 6, 2009 at 02:43, Goblinstu...@abovetheinternet.org wrote: Alex, is that *not* estimated or was it an iPhone being daft and changing now to not? On Aug 5, 7:11 pm, Alex Payne a...@twitter.com wrote: The change did not go live yesterday due to some deploy issues. It's not estimated to go out tomorrow. Once again, sorry for the delay. On Wed, Aug 5, 2009 at 07:48, Dewald Pretoriusdpr...@gmail.com wrote: Alex, Did the change go live on Tuesday? I have very irate users due to this issue. There are spam bots out there that got hold of users' credentials. The users have changed their Twitter passwords to get rid of the spam tweets published in their timelines, but now those bots are locking them out 24x7 from all apps that use the API. On Aug 3, 2:56 pm, Alex Payne a...@twitter.com wrote: The rollback should be deployed tomorrow. Sorry for the delay. On Sat, Aug 1, 2009 at 23:36, Jesse Stayjesses...@gmail.com wrote: A timeframe would be very helpful. This is turning out to be a headache as I'm testing. If my own user is having to log in over and over to test my app, I'm quickly hitting the verify_credentials limit (and I'm even using OAuth). I'm getting really frustrated. Jesse On Fri, Jul 31, 2009 at 8:01 PM, Bob Thomson stormid...@googlemail.com wrote: Hi Doug, Is there a timescale for rolling back / making the change to the new scheme? We're just putting the finishing touches to moving to OAuth and we're experiencing the issue when using verify_credentials to get the users basic details once we've got the token back from the authentication process. We're experiencing the issue when: 1. Testing our login and authentication processes 2. When users login and logout of our application frequently A heads up on when these changes will be made would be useful. Thanks, Bob On Jul 29, 6:37 pm, Grant Emsley grant.ems...@gmail.com wrote: Locked out of authenticated resources for that account, or will that IP not be able to login to any account? On Jul 29, 1:14 pm, Doug Williams d...@twitter.com wrote: Ray,For clarity, we will roll back the current restriction of 15 calls per user per hour to account/verify_credentials, and implement the proposed scheme: ... we will limit the total number of unsuccessful attempts to access authenticated resources to 15 an hour per user per IP address. If a single IP address makes 15 attempts to access a protected resource unsuccessfully for a given user (as indicated by an HTTP 401), then the user will be locked out of authenticated resources from that IP address for 1 hour. Thanks, Doug On Wed, Jul 29, 2009 at 9:51 AM, Ray rvizz...@testlabs.com wrote: Doug, I'm in a similar situation as that voiced by TinBlue. This change has affected our iPhone App. We also want to encourage you to rollback this change ASAP. When you say This approach is what we are going to take., do you mean rolling back the fix so as not to affect multiple, successful, authorized logins? I'm hopeful that this approach means that our apps will not be affected yet again by changing to a new auth approach. I appreciate you all keeping this thread informed. Ray On Jul 27, 11:23 am, Doug Williams d...@twitter.com wrote: Thanks to everyone who has contributed feedback. This approach is what we are going to take. Alex will be making this change shortly. I will update this thread when there is timeframe to share. Thanks, Doug On Mon, Jul 27, 2009 at 7:52 AM, TinBlue tinb...@gmail.com wrote: What is happening? This rollback is taking far too long for something that has affected a lot of people! On Jul 25, 2:32 pm, Dewald Pretorius dpr...@gmail.com wrote: Doug, I would prefer to adopt OAuth instead of writing code for Basic Auth. So, you guys need to move OAuth out of public beta into full production sooner rather than later. :-) I manage 100,000+ Twitter accounts, and I simply cannot take on the support workload of answering user tickets when there's a snag with OAuth beta. I monitor these forums and the API Issues and still see too many OAuth issues being reported to give me
[twitter-dev] Re: API Calls During DoS Attack
We're talking to our operations team about it, who in turn is talking to our hosting provider. It seems that some aggressive IP filtering may have been catching some web-based third-party Twitter applications, as well as data centers used by mobile providers. On Thu, Aug 6, 2009 at 12:52, Jonathantwitcaps.develo...@gmail.com wrote: I would also appreciate an answer to this question. My calls to the Search API are failing because of circular redirection, and curl http://twitter.com returns nothing at all from my production server, which seems like a sign that its IP has been blocked. My app works fine from my dev box. -jonathan On Aug 6, 1:35 pm, Dewald Pretorius dpr...@gmail.com wrote: Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...
Things are going to be a little wonky until we're out of the woods on this DDoS attack. On Thu, Aug 6, 2009 at 13:51, Haewoonhaewoon.k...@gmail.com wrote: me, too. In my case, one of 10 IPs has reverted. On Aug 7, 5:43 am, chinaski007 chinaski...@gmail.com wrote: Even worse... IPs are showing 0/150 remaining hits constantly, thus bringing my app to a total HALT. On Aug 6, 1:39 pm, chinaski007 chinaski...@gmail.com wrote: UGH! All of my whitelisted IPs have reverted from 20k/hour limit to a 150/hour limit. Anyone else?? What the heck?! -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Updating the APIs authentication limiting policy
The change did not go live yesterday due to some deploy issues. It's not estimated to go out tomorrow. Once again, sorry for the delay. On Wed, Aug 5, 2009 at 07:48, Dewald Pretoriusdpr...@gmail.com wrote: Alex, Did the change go live on Tuesday? I have very irate users due to this issue. There are spam bots out there that got hold of users' credentials. The users have changed their Twitter passwords to get rid of the spam tweets published in their timelines, but now those bots are locking them out 24x7 from all apps that use the API. On Aug 3, 2:56 pm, Alex Payne a...@twitter.com wrote: The rollback should be deployed tomorrow. Sorry for the delay. On Sat, Aug 1, 2009 at 23:36, Jesse Stayjesses...@gmail.com wrote: A timeframe would be very helpful. This is turning out to be a headache as I'm testing. If my own user is having to log in over and over to test my app, I'm quickly hitting the verify_credentials limit (and I'm even using OAuth). I'm getting really frustrated. Jesse On Fri, Jul 31, 2009 at 8:01 PM, Bob Thomson stormid...@googlemail.com wrote: Hi Doug, Is there a timescale for rolling back / making the change to the new scheme? We're just putting the finishing touches to moving to OAuth and we're experiencing the issue when using verify_credentials to get the users basic details once we've got the token back from the authentication process. We're experiencing the issue when: 1. Testing our login and authentication processes 2. When users login and logout of our application frequently A heads up on when these changes will be made would be useful. Thanks, Bob On Jul 29, 6:37 pm, Grant Emsley grant.ems...@gmail.com wrote: Locked out of authenticated resources for that account, or will that IP not be able to login to any account? On Jul 29, 1:14 pm, Doug Williams d...@twitter.com wrote: Ray,For clarity, we will roll back the current restriction of 15 calls per user per hour to account/verify_credentials, and implement the proposed scheme: ... we will limit the total number of unsuccessful attempts to access authenticated resources to 15 an hour per user per IP address. If a single IP address makes 15 attempts to access a protected resource unsuccessfully for a given user (as indicated by an HTTP 401), then the user will be locked out of authenticated resources from that IP address for 1 hour. Thanks, Doug On Wed, Jul 29, 2009 at 9:51 AM, Ray rvizz...@testlabs.com wrote: Doug, I'm in a similar situation as that voiced by TinBlue. This change has affected our iPhone App. We also want to encourage you to rollback this change ASAP. When you say This approach is what we are going to take., do you mean rolling back the fix so as not to affect multiple, successful, authorized logins? I'm hopeful that this approach means that our apps will not be affected yet again by changing to a new auth approach. I appreciate you all keeping this thread informed. Ray On Jul 27, 11:23 am, Doug Williams d...@twitter.com wrote: Thanks to everyone who has contributed feedback. This approach is what we are going to take. Alex will be making this change shortly. I will update this thread when there is timeframe to share. Thanks, Doug On Mon, Jul 27, 2009 at 7:52 AM, TinBlue tinb...@gmail.com wrote: What is happening? This rollback is taking far too long for something that has affected a lot of people! On Jul 25, 2:32 pm, Dewald Pretorius dpr...@gmail.com wrote: Doug, I would prefer to adopt OAuth instead of writing code for Basic Auth. So, you guys need to move OAuth out of public beta into full production sooner rather than later. :-) I manage 100,000+ Twitter accounts, and I simply cannot take on the support workload of answering user tickets when there's a snag with OAuth beta. I monitor these forums and the API Issues and still see too many OAuth issues being reported to give me a level of comfort that I can safely switch over to OAuth. On Jul 24, 5:46 pm, Doug Williams d...@twitter.com wrote: Well said Joshua. Dewald, you have identified the risk of using basic authentication. If your users being locked out due to malicious behavior, you should either implement further user-level rate limiting on your side or adopt OAuth. Are there any other glaring omissions in our thinking or should we proceed with this as our solution? Thanks, Doug On Fri, Jul 24, 2009 at 11:08 AM, Joshua Perryj...@6bit.com wrote
[twitter-dev] Re: 2 week advance notice: changes to /friends/ids and /followers/ids
Graphs of more than several thousand users, following or followed by. On Fri, Jul 31, 2009 at 11:09, Arik Fraimovicharik...@gmail.com wrote: On Jul 31, 9:03 pm, Alex Payne a...@twitter.com wrote: To clarify, since several people have asked: this pending change does NOT mean that pagination is required. You can still attempt to retrieve all IDs in one call, but be aware that this is likely to time out or fail for users with large social graphs. What is defined as large social graphs? -- Arik Fraimovich follow me on twitter: http://twitter.com/arikfr -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: 2 week advance notice: changes to /friends/ids and /followers/ids
What our infrastructure team has told me is that they can support both behaviors for a limited period of time. On Fri, Jul 31, 2009 at 12:06, Isaiahsupp...@yourhead.com wrote: First off, thanks for the heads up and giving us a large lead time. It's what I asked for in a previous email, and even if you never read that email and this isn't a response to me at all. I'll say thanks anyway, because it's great. :-) But, forgive me if I'm off base, but you're saying this change is going to happen just like a switch. One minute the API will behave one way, then next minute the API will behave differently? Doesn't this level of behavior change merit a bit of a deprecation period where both behaviors function? After a sudden change any app still using the old behavior is guaranteed to fail. If the app fixes early then it will fail up until the api change. In other words, ALL APPS that use this api call WILL be guaranteed to FAIL for some period of time. That seems like a pretty ugly prospect. Many api temper this sort of change in behavior by adding a new method call or a new argument to the method call. And for some period of time letting both function while marking the old method deprecated, use at the risk of being abandoned without warning at the next update. This lets apps update from one functioning call to another functioning call without users experiencing any downtime. I understand that some changes might need to be rolled in quickly to avert infrastructure disaster or to patch security holes, but with 2 weeks notice, I'm guessing that's not what we're dealing with here. Isaiah YourHead Software supp...@yourhead.com http://www.yourhead.com On Jul 31, 2009, at 11:09 AM, Arik Fraimovich wrote: On Jul 31, 9:03 pm, Alex Payne a...@twitter.com wrote: To clarify, since several people have asked: this pending change does NOT mean that pagination is required. You can still attempt to retrieve all IDs in one call, but be aware that this is likely to time out or fail for users with large social graphs. What is defined as large social graphs? -- Arik Fraimovich follow me on twitter: http://twitter.com/arikfr -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: 2 week advance notice: changes to /friends/ids and /followers/ids
It will be a hash with 'ids' as one of the elements. On Sat, Aug 1, 2009 at 18:26, Dewald Pretoriusdpr...@gmail.com wrote: Alex, For non-paged calls, will the result set be [1,2,3,...] or will it be {ids: [1,2,3]} ? Dewald On Jul 31, 3:03 pm, Alex Payne a...@twitter.com wrote: To clarify, since several people have asked: this pending change does NOT mean that pagination is required. You can still attempt to retrieve all IDs in one call, but be aware that this is likely to time out or fail for users with large social graphs. On Fri, Jul 31, 2009 at 10:35, Alex Paynea...@twitter.com wrote: The Twitter API currently has two methods for returning a user's denormalized social graph: /friends/ids [1] and /followers/ids [2]. These methods presently allow pagination by use of a ?page=n parameter; without that parameter, they attempt to return all user IDs in the specified set. If you've used this methods, particularly for exploring the social graphs of users that are following or followed by a large number of other users, you've probably run into lag and server errors. In two weeks, we'll be addressing this with a change in back-end infrastructure. The page parameter will be replaced with a cursor parameter, which in turn will result in a change in the response bodies for these two methods. Whereas currently you'd receive an array response like this (in JSON): [1,2,3,...] You will now receive: {ids: [1,2,3], next_id: 1231232} You can then use the next_id value to paginate through the set: /followers/ids.json?cursor=1231232 To start paginating: /followers/ids.json?cursor=-1 The negative one (-1) indicates that you want to begin paginating. When the next_id value is zero (0), you're at the last page. Documentation of the new functionality will, of course, be provided on the API Wiki in advance of the change going live. If you have any questions or concerns, please contact us as soon as possible. [1] http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friends%C2%A0ids [2] http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-followers%C2%A0ids -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: 2 week advance notice: changes to /friends/ids and /followers/ids
Once we deprecate the page parameter, it will simply be ignored and the method will attempt to return the entire result set. On Sun, Aug 2, 2009 at 15:15, janoles...@mobileways.de wrote: Hi Alex, In two weeks, we'll be addressing this with a change in back-end infrastructure. The page parameter will be replaced with a cursor does this mean the page parameter won't work anymore after the change? What's happening to those calls to the API still containing the page=x parameter? Cheers Ole -- Jan Ole Suhr s...@mobileways.de http://twitter.com/janole -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Updating the APIs authentication limiting policy
The rollback should be deployed tomorrow. Sorry for the delay. On Sat, Aug 1, 2009 at 23:36, Jesse Stayjesses...@gmail.com wrote: A timeframe would be very helpful. This is turning out to be a headache as I'm testing. If my own user is having to log in over and over to test my app, I'm quickly hitting the verify_credentials limit (and I'm even using OAuth). I'm getting really frustrated. Jesse On Fri, Jul 31, 2009 at 8:01 PM, Bob Thomson stormid...@googlemail.com wrote: Hi Doug, Is there a timescale for rolling back / making the change to the new scheme? We're just putting the finishing touches to moving to OAuth and we're experiencing the issue when using verify_credentials to get the users basic details once we've got the token back from the authentication process. We're experiencing the issue when: 1. Testing our login and authentication processes 2. When users login and logout of our application frequently A heads up on when these changes will be made would be useful. Thanks, Bob On Jul 29, 6:37 pm, Grant Emsley grant.ems...@gmail.com wrote: Locked out of authenticated resources for that account, or will that IP not be able to login to any account? On Jul 29, 1:14 pm, Doug Williams d...@twitter.com wrote: Ray,For clarity, we will roll back the current restriction of 15 calls per user per hour to account/verify_credentials, and implement the proposed scheme: ... we will limit the total number of unsuccessful attempts to access authenticated resources to 15 an hour per user per IP address. If a single IP address makes 15 attempts to access a protected resource unsuccessfully for a given user (as indicated by an HTTP 401), then the user will be locked out of authenticated resources from that IP address for 1 hour. Thanks, Doug On Wed, Jul 29, 2009 at 9:51 AM, Ray rvizz...@testlabs.com wrote: Doug, I'm in a similar situation as that voiced by TinBlue. This change has affected our iPhone App. We also want to encourage you to rollback this change ASAP. When you say This approach is what we are going to take., do you mean rolling back the fix so as not to affect multiple, successful, authorized logins? I'm hopeful that this approach means that our apps will not be affected yet again by changing to a new auth approach. I appreciate you all keeping this thread informed. Ray On Jul 27, 11:23 am, Doug Williams d...@twitter.com wrote: Thanks to everyone who has contributed feedback. This approach is what we are going to take. Alex will be making this change shortly. I will update this thread when there is timeframe to share. Thanks, Doug On Mon, Jul 27, 2009 at 7:52 AM, TinBlue tinb...@gmail.com wrote: What is happening? This rollback is taking far too long for something that has affected a lot of people! On Jul 25, 2:32 pm, Dewald Pretorius dpr...@gmail.com wrote: Doug, I would prefer to adopt OAuth instead of writing code for Basic Auth. So, you guys need to move OAuth out of public beta into full production sooner rather than later. :-) I manage 100,000+ Twitter accounts, and I simply cannot take on the support workload of answering user tickets when there's a snag with OAuth beta. I monitor these forums and the API Issues and still see too many OAuth issues being reported to give me a level of comfort that I can safely switch over to OAuth. On Jul 24, 5:46 pm, Doug Williams d...@twitter.com wrote: Well said Joshua. Dewald, you have identified the risk of using basic authentication. If your users being locked out due to malicious behavior, you should either implement further user-level rate limiting on your side or adopt OAuth. Are there any other glaring omissions in our thinking or should we proceed with this as our solution? Thanks, Doug On Fri, Jul 24, 2009 at 11:08 AM, Joshua Perryj...@6bit.com wrote: Jim's concern is valid, fortunately OAuth is immune to brute-force attacks once the access key has been issued to an application. For this reason alone I would urge people to switch to OAuth if at all possible. I would hope (and assume) that if login attempts for an account are locked out that a user would still be able to successfully use an already authorized OAuth driven application. Unfortunately allowing a successful un/pw login while an account is locked out even when the correct password is presented
[twitter-dev] 2 week advance notice: changes to /friends/ids and /followers/ids
The Twitter API currently has two methods for returning a user's denormalized social graph: /friends/ids [1] and /followers/ids [2]. These methods presently allow pagination by use of a ?page=n parameter; without that parameter, they attempt to return all user IDs in the specified set. If you've used this methods, particularly for exploring the social graphs of users that are following or followed by a large number of other users, you've probably run into lag and server errors. In two weeks, we'll be addressing this with a change in back-end infrastructure. The page parameter will be replaced with a cursor parameter, which in turn will result in a change in the response bodies for these two methods. Whereas currently you'd receive an array response like this (in JSON): [1,2,3,...] You will now receive: {ids: [1,2,3], next_id: 1231232} You can then use the next_id value to paginate through the set: /followers/ids.json?cursor=1231232 To start paginating: /followers/ids.json?cursor=-1 The negative one (-1) indicates that you want to begin paginating. When the next_id value is zero (0), you're at the last page. Documentation of the new functionality will, of course, be provided on the API Wiki in advance of the change going live. If you have any questions or concerns, please contact us as soon as possible. [1] http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friends%C2%A0ids [2] http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-followers%C2%A0ids -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: 2 week advance notice: changes to /friends/ids and /followers/ids
To clarify, since several people have asked: this pending change does NOT mean that pagination is required. You can still attempt to retrieve all IDs in one call, but be aware that this is likely to time out or fail for users with large social graphs. On Fri, Jul 31, 2009 at 10:35, Alex Paynea...@twitter.com wrote: The Twitter API currently has two methods for returning a user's denormalized social graph: /friends/ids [1] and /followers/ids [2]. These methods presently allow pagination by use of a ?page=n parameter; without that parameter, they attempt to return all user IDs in the specified set. If you've used this methods, particularly for exploring the social graphs of users that are following or followed by a large number of other users, you've probably run into lag and server errors. In two weeks, we'll be addressing this with a change in back-end infrastructure. The page parameter will be replaced with a cursor parameter, which in turn will result in a change in the response bodies for these two methods. Whereas currently you'd receive an array response like this (in JSON): [1,2,3,...] You will now receive: {ids: [1,2,3], next_id: 1231232} You can then use the next_id value to paginate through the set: /followers/ids.json?cursor=1231232 To start paginating: /followers/ids.json?cursor=-1 The negative one (-1) indicates that you want to begin paginating. When the next_id value is zero (0), you're at the last page. Documentation of the new functionality will, of course, be provided on the API Wiki in advance of the change going live. If you have any questions or concerns, please contact us as soon as possible. [1] http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friends%C2%A0ids [2] http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-followers%C2%A0ids -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: tex
Please see http://help.twitter.com/ for questions about using Twitter over SMS. On Mon, Jul 20, 2009 at 20:07, canpaulcanpau...@gmail.com wrote: i have a metroPCS cell phone i cant get your texes whats up with that. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: using whitelisted account for getting multiple user statuses
It's possible to apply whitelisted rate limits to authenticated requests, whether the request is made with Basic Auth or OAuth. If the requesting user is whitelisted, the higher rate limit will take effect. On Mon, Jul 20, 2009 at 23:38, BGbinug...@gmail.com wrote: My application retrieves status of multiple Twitter users. I have a whitelisted account for a username. The Twitter API documentation recommends that I use whitelisted IP Addresses to get the statuses. However, my IP addresses change pretty often, so I would like to know if it is possible to make more than 150 status requests using a whitelisted account (OAuth). If it isn't possible, what other options do I have? Thanks, BG -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Matt Sanford, signing off.
Matt has done fantastic work while on our team, and will be missed. Incidentally, if you'd like to work on the API, we're hiring: http://static.twitter.com/jobvite_frame.html?c=q8X9VfwTjvi=oAYcVfwp,Job. On Sun, Jul 19, 2009 at 22:05, Doug Williams d...@twitter.com wrote: We will certainly miss having you on the team, Matt. Regards, Doug On Fri, Jul 17, 2009 at 11:19 PM, surya sravanthi sravanthi.su...@gmail.com wrote: All the bast Matt!!! Thanks for all you r help . On Sat, Jul 18, 2009 at 2:48 AM, Matt Sanfordm...@twitter.com wrote: Hi everybody*, Starting next week I'm not going to be responding to mails on the dev list or working on Google Code issues as part of my daily work. I have been working on the Search and API/Platform teams here at Twitter since the acquisition of Summize a year ago and the time has come for a change. I'm leaving both teams to take on the role of technical lead for the new Twitter internationalization team. Anybody who's gotten me talking about language detection or language-specifics (especially in person) knows this is something I have a personal interest in. The other team member are going to continue to keep an eye on the dev list and the Google Code issues. As always you can email a...@twitter.com directly if you need something. I'll continue working on the Google Code issues assigned to me or in some cases someone will take them over next week. I mostly felt like I should send you all a good bye since you're considered an extension of the API/Platform team. This change should be fully backward compatible so I didn't see the need for 7-days notice. Good night, and good luck; – Matt Sanford / @mzsanford Twitter Dev * = Who just said Hi, Dr. Nick. out loud? Your cube neighbor thinks you're crazy. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Failed API returning over capacity HTML page content
JD, Whether talking to the Twitter API or any other API on the web, always check the response code before attempting to do any processing of the response body. Proceed only if you got a 200 (or the response code you expected for that particular operation). Many things can go wrong in the process of making an HTTP request between your computer and our servers. On Wed, Jul 15, 2009 at 10:32, J.D. jeremy.d.mul...@gmail.com wrote: On Jul 15, 9:09 am, Nick Arnett nick.arn...@gmail.com wrote: My code waits a few seconds and tries again if the JSON parse fails. A bunch of fails in a row and it gives up. Thanks. I have similar code around the web calls, but had not put it around the json parse yet. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Following metric is null
This is as designed. That attribute is essentially being deprecated. But in the Streaming API, we don't populate that field because we don't know who the requesting user is that we want to see if the target user is following. On Tue, Jul 14, 2009 at 16:35, Kris Jirapinyo krispyj...@gmail.com wrote: Hi all, Has anyone seen the following field from gardenhose API always returning null? Is this as designed or is it a bug? Thanks, Kris. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Following metric is null
That field already exists under a different name: friends_count On Wed, Jul 15, 2009 at 11:12, Kris Jirapinyo krispyj...@gmail.com wrote: So are there plans to add following_count field like followers_count? I don't need to know exactly who the user's following, just how many users he's following. On Wed, Jul 15, 2009 at 10:55 AM, Alex Payne a...@twitter.com wrote: This is as designed. That attribute is essentially being deprecated. But in the Streaming API, we don't populate that field because we don't know who the requesting user is that we want to see if the target user is following. On Tue, Jul 14, 2009 at 16:35, Kris Jirapinyo krispyj...@gmail.comwrote: Hi all, Has anyone seen the following field from gardenhose API always returning null? Is this as designed or is it a bug? Thanks, Kris. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Rules About Making Money
Lots of people are making money via Twitter. Some sell their applications, others post ads directly on Twitter, others use Twitter content on their sites and include ads there; there are many different possible business models. As long as you stay within our terms of service - which, of course, may be updated at our discretion, so stay current - you should be fine. We do actively police spam and abusive behavior. Some people's conception of legitimate business, it turns out, is everyone else's conception of unsolicited and aggressive marketing. Don't do that. On Wed, Jul 15, 2009 at 13:30, MakeMoney chicagolocalde...@gmail.comwrote: I have a business plan and I am looking to role it out. It involves using Twitter as a median. I have already gotten interest from parties willing to pay for my service, but I beleive it may infringe upon how Twitter will eventually make money. I do not want to invest in this service, and then have Twitter shut it down to replace it with their own. I sent Twitter an email today asking them for a possible discussion time, but I am guessing they get a ton of these and most likely won't respond. If not does anyone know the legality of using there service to make money? And the legality of them being able to shut off my account? Thanks. -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Is it okay to close a connection by opening a new one?
If you're only doing this every hour, that's fine by us. On Tue, Jul 14, 2009 at 15:58, owkaye owk...@gmail.com wrote: The Streaming API docs say we should avoid opening new connections with the same user:pass when that user already has a connection open. But I'm hoping it is okay to do this every hour or so, here's why: My plan is to write the streaming XML data to a text file during each connection -- but I don't want this file to get so big that I have trouble processing it on the back end. Therefore I want to rotate these files every hour ... This means I have to stop writing to the file, close it, move it somewhere else, and create a new file so I can use the new file to continue storing new streaming XML data. The obvious way for me to close these files is to close the connection -- by opening a new connection -- because from what I've read it seems that opening a new connection forces the previous connection to close. Can I do this without running into any black listing or denial of service issues? I mean, is this an acceptable way to close a connection ... by opening a new one in order to force the old connection to close? Any info you can provide that will clarify this issue is greatly appreciated, thanks! Owkaye -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Want to develop a Twitter app/bot for Google Wave?
Do you have a killer Twitter idea for Google Wave? Didn't get into the beta? The Wave team has generously offered up to 100 sandbox accounts to Twitter developers who want to experiment. We're looking forward to seeing what you build. If you're interested, please fill out http://spreadsheets.google.com/viewform?formkey=dHpOUzhhR2ExOTlhamFQM0ktV1Awa3c6MA .. Enjoy! -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Geo location?
Not just yet, but we're working on it. On Tue, Jul 14, 2009 at 16:48, Brother obran...@gmail.com wrote: Can we pass geo tag in status or direct messages? Have not seen this in API but have heard there is or will be support for this. B- -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Twitter Live Event Beaming
We are doing Chinese minblog in China: www.zuosa.com And we have been doing that big screen streaming for the last couple of years at conferences in China. It's a free service. Check out this for the use cases: http://blog.zuosa.com Are you in China? Then it is easy. If not in China, we might help. It can be adapted to twitter pretty quickly. Please contact me offlist. Alex Chinese Twitter: www.zuosa.com On Wed, Jul 8, 2009 at 11:25 AM, Juslin Guojuslin...@gmail.com wrote: Dear All, I not sure if this is the place to ask this question. May i check does anyone know of a full-screen application/flash app/web-apps that allow me to beam on a projector/led screen live updates from twitter. I have an event where we would like to let the stadium audience twitter in. Regards Juslin