[twitter-dev] OAuth question
Hi all, I am using twitter OAuth which works just fine, but I am not sure what exactly this means on the oauth signup page: Use Twitter for login:Yes, use Twitter for login Does your application intend to use Twitter for authentication? What happens if I check this box? Will there be something different or is this just an internal tracking for Twitter so they know what people intend to do? Cheers Sven
[twitter-dev] Re: OAuth question
Last I heard it changes nothing currently. There might be some features restricted to it in the future like using the faster oauth/authenticate method. Abraham On Wed, Jul 22, 2009 at 01:03, hansamann sven.hai...@googlemail.com wrote: Hi all, I am using twitter OAuth which works just fine, but I am not sure what exactly this means on the oauth signup page: Use Twitter for login:Yes, use Twitter for login Does your application intend to use Twitter for authentication? What happens if I check this box? Will there be something different or is this just an internal tracking for Twitter so they know what people intend to do? Cheers Sven -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: OAuth question
thanx, good to know. I am also wondering about one thing: - if a user has authorized himself (using the authorize URL, not authenticate... will try that out later) and does the same process again, e.g. get's redirected to the authorize URL again, but with a new request token of course, he is AGAIN asked to sign in. I am not sure why, twitter could in this case just know that the user is signed in already. Also looking into the cookies, there is a twitter session established. It could be the default is just to show the login screen again... Or... is this the little difference between the authentication / authorization call. In this case authorization will always ask the user to sign in, and grant access to my app, but not keep the signed in user for the next call (which will not happen many times of course, most people just authorize once per session or even less). Instead, the authentication process truely detects a already present twitter session and will NOT ask the user to sign in even if he should be signed in already. Is that correct? Cheers Sven On Jul 21, 11:26 pm, Abraham Williams 4bra...@gmail.com wrote: Last I heard it changes nothing currently. There might be some features restricted to it in the future like using the faster oauth/authenticate method. Abraham On Wed, Jul 22, 2009 at 01:03, hansamann sven.hai...@googlemail.com wrote: Hi all, I am using twitter OAuth which works just fine, but I am not sure what exactly this means on the oauth signup page: Use Twitter for login: Yes, use Twitter for login Does your application intend to use Twitter for authentication? What happens if I check this box? Will there be something different or is this just an internal tracking for Twitter so they know what people intend to do? Cheers Sven -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: OAuth question
Yes, that is the difference. -Chad On Wed, Jul 22, 2009 at 2:44 AM, hansamannsven.hai...@googlemail.com wrote: thanx, good to know. I am also wondering about one thing: - if a user has authorized himself (using the authorize URL, not authenticate... will try that out later) and does the same process again, e.g. get's redirected to the authorize URL again, but with a new request token of course, he is AGAIN asked to sign in. I am not sure why, twitter could in this case just know that the user is signed in already. Also looking into the cookies, there is a twitter session established. It could be the default is just to show the login screen again... Or... is this the little difference between the authentication / authorization call. In this case authorization will always ask the user to sign in, and grant access to my app, but not keep the signed in user for the next call (which will not happen many times of course, most people just authorize once per session or even less). Instead, the authentication process truely detects a already present twitter session and will NOT ask the user to sign in even if he should be signed in already. Is that correct? Cheers Sven On Jul 21, 11:26 pm, Abraham Williams 4bra...@gmail.com wrote: Last I heard it changes nothing currently. There might be some features restricted to it in the future like using the faster oauth/authenticate method. Abraham On Wed, Jul 22, 2009 at 01:03, hansamann sven.hai...@googlemail.com wrote: Hi all, I am using twitter OAuth which works just fine, but I am not sure what exactly this means on the oauth signup page: Use Twitter for login: Yes, use Twitter for login Does your application intend to use Twitter for authentication? What happens if I check this box? Will there be something different or is this just an internal tracking for Twitter so they know what people intend to do? Cheers Sven -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: OAuth question
On Wed, Jul 22, 2009 at 01:44, hansamann sven.hai...@googlemail.com wrote: thanx, good to know. I am also wondering about one thing: - if a user has authorized himself (using the authorize URL, not authenticate... will try that out later) and does the same process again, e.g. get's redirected to the authorize URL again, but with a new request token of course, he is AGAIN asked to sign in. I am not sure why, twitter could in this case just know that the user is signed in already. Also looking into the cookies, there is a twitter session established. I've found that if you go to twitter.com and sign in you will never get prompted to sign in for OAuth. But signing in for OAuth does not sign you in to twitter.com making you have to sign in for each OAuth allow. It could be the default is just to show the login screen again... Or... is this the little difference between the authentication / authorization call. In this case authorization will always ask the user to sign in, and grant access to my app, but not keep the signed in user for the next call (which will not happen many times of course, most people just authorize once per session or even less). Authenticate / authorize does not change if you have to sign in or not. Just if you have to click allow or if you just jump back to the application. Check out the flow chart at: http://apiwiki.twitter.com/Sign-in-with-Twitter Instead, the authentication process truely detects a already present twitter session and will NOT ask the user to sign in even if he should be signed in already. Is that correct? Cheers Sven On Jul 21, 11:26 pm, Abraham Williams 4bra...@gmail.com wrote: Last I heard it changes nothing currently. There might be some features restricted to it in the future like using the faster oauth/authenticate method. Abraham On Wed, Jul 22, 2009 at 01:03, hansamann sven.hai...@googlemail.com wrote: Hi all, I am using twitter OAuth which works just fine, but I am not sure what exactly this means on the oauth signup page: Use Twitter for login:Yes, use Twitter for login Does your application intend to use Twitter for authentication? What happens if I check this box? Will there be something different or is this just an internal tracking for Twitter so they know what people intend to do? Cheers Sven -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] API limit confusion
Hi there, I am a little bit confused by the API limits. The server for my application is whitelisted. So it's limit is 2 API hits. I use oAuth to authorize Twitter users. When I check an oAuth'd user's rate limit, he also seems gets 2 API hits. Is that true? Also, when I call the Twitter API using the user's oAuth credentials, which API limit gets that hit? The user's? Or the server's? Thanks, Serge
[twitter-dev] Re: API limit confusion
Hi I am also looking for this. The following post says there is no limit on calls from application http://tweetdeck.posterous.com/what-does-rate-limit-exceeded Rate limit is applicable on Get methods from ip/client. Can someone confirm if one can make unlimited calls (from an app) to get request token? What is this 2 limit? Is it for GET calls for authorized client/ip Regards Srikanth On Wed, Jul 22, 2009 at 1:24 PM, sjespers se...@webkitchen.be wrote: Hi there, I am a little bit confused by the API limits. The server for my application is whitelisted. So it's limit is 2 API hits. I use oAuth to authorize Twitter users. When I check an oAuth'd user's rate limit, he also seems gets 2 API hits. Is that true? Also, when I call the Twitter API using the user's oAuth credentials, which API limit gets that hit? The user's? Or the server's? Thanks, Serge
[twitter-dev] Get friends' screen names instead of friends' ids?
Hi, I would like to know if there is any way to get friends' screen names instead of friends' ids? Thank you in advance. P/S: sorry if this post is duplicate, I cannot find my last post.
[twitter-dev] Re: A question regarding categorization of tweets
TweetDeck (http://www.tweetdeck.com) is the obvious answer, you can group your contacts into different panels and thus not have the noisy drown out the intelligent. Pretty sure other clients do it too, to different extents - a bit of googling and trying them out won't hurt if TD's not to your liking. ;) --j On Wed, Jul 22, 2009 at 11:10 AM, haffi e haff...@gmail.com wrote: I was wondering if there was an app that let's you categorize the people you're following. For example, there are some people I'm following that update their status almost every minute and it's hard to see what your friends are doing unless I stop following these super tweeters. It would be nice if I could put them all in a special category called bored or something and my friends in another category to clean things up. Do you know of any apps that do this? I haven't been searching around much but I'm on a Mac if that helps.
[twitter-dev] Detecting positive / negative / question
Is the attitude (tude) flag stored as part of a tweet? and if so, do any of the data structures returned by API calls have it? The search API allows the search for a tude, but as far as I can see, tude is not part of the data structure returned.
[twitter-dev] Please listen to my idea.
Hi, I'm a Korean twitterer. There are two main social network services in Korea. Blog and cyworld. Most of Korean people have been using them. Recently, I could use twitter at first by my friend's introduction. It's cool, simple and very easy to use but not yet accustomed to using them. So I suggest you that the synchronization module of Blog(and cyworld..) and twitter. If someone write something on their blog, the follower can see the part of its writing on twitter. If this is possible, twitter may widen market share in Korea as a new type of simple social networking service. Please refer to my idea, and if you have any futher question or any idea please let me know. Good Luck,
[twitter-dev] Re: Use sign-in-with-twitter , only return token and no token_secret
That text is not done very well. When the users hits the call back_url you still have to make a call to oauth/access_token. That will return the full token, user_id, screen_name. Abraham On Wed, Jul 22, 2009 at 05:29, CG learn@gmail.com wrote: Hi all, I hv this doubt and hope that somebody can help ... II hv tried to use Sign-in-with-twitter , and when the user click allow , it redirects to my Callback URL with only the ?oauth_token=xx and no token secret. I read the flow of sign-in-with-twitter , it mentioned that Redirect back to callback_url, including access token and token secret if authorized . In my case, does it mean that authentication failed ? if yes, how do I know what error is it ? If no , how can I get the token_secret ? Thanks in advanced for any hints ... Cheers, CG -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: API limit confusion
I recommend that you both read: http://apiwiki.twitter.com/Rate-limiting Serge: If you have an IP that is white listed all applicable calls from that IP will count against the 2 limit. Srikanth: That blog post says that twitter.com has no limit. It says nothing about anybody else not having a limit. The 20k is for GET requests however POST request have their own limits. Abraham On Wed, Jul 22, 2009 at 03:07, srikanth reddy srikanth.yara...@gmail.comwrote: Hi I am also looking for this. The following post says there is no limit on calls from application http://tweetdeck.posterous.com/what-does-rate-limit-exceeded Rate limit is applicable on Get methods from ip/client. Can someone confirm if one can make unlimited calls (from an app) to get request token? What is this 2 limit? Is it for GET calls for authorized client/ip Regards Srikanth On Wed, Jul 22, 2009 at 1:24 PM, sjespers se...@webkitchen.be wrote: Hi there, I am a little bit confused by the API limits. The server for my application is whitelisted. So it's limit is 2 API hits. I use oAuth to authorize Twitter users. When I check an oAuth'd user's rate limit, he also seems gets 2 API hits. Is that true? Also, when I call the Twitter API using the user's oAuth credentials, which API limit gets that hit? The user's? Or the server's? Thanks, Serge -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: Updating the APIs authentication limiting policy
Making calls to protected methods like direct_messages will fail if the token is no longer valid. It is also possible that the test method will fail with incorrect authentication info/oauth token. I have not tried it though. Abraham On Wed, Jul 22, 2009 at 03:10, Goblin stu...@abovetheinternet.org wrote: I've been updating my site to use OAuth and have found this to be a big problem. Without the ability to call verify_credentials I haven’t found a reliable way to ensure that logged in users with a valid session are still authorised with Twitter. It's unlikely they will revoke access in the middle of using the site, but the potential is there for an action to fail because of this. With verify_credentials I am able to check their OAuth tokens are still valid and also make sure their profile info is up to date. Spent several hours having a headache over this, especially since the API says these calls are unlimited. I was looking all over for unescaped loops and all sorts :) Agree that either making OAuth calls unlimited (since there shouldn't be a security vulnerability there) or making valid calls unlimited (same reason) whilst limiting invalid calls makes the most sense. As you say, you're still getting the security you want but without penalising legitimate users. If this is going to be a quick fix/ rollback, I'll go back to using the method and deal with the low limit when testing for this week. Stuart On Jul 22, 6:49 am, Jesse Stay jesses...@gmail.com wrote: Josh, is there a way, without verify_credentials, to identify that users have changed their Twitter passwords (and therefore you are no longer able to authenticate for them)? For client apps, I don't see this being as much of a problem, but for server-based apps that run regular scripts on behalf of users this could become a regular issue, which is why we were running it. In addition, what is the best way with OAuth to identify the screen name of an individual? verify_credentials is the only way I'm aware of, unless there's something I'm missing (which is probably very likely). I'd love to know if there's a better way. A best practices doc on how to retrieve user information, and how to best verify users have not changed their passwords would certainly be useful I think. I'd like to know how Twitter recommends we do this. Jesse On Tue, Jul 21, 2009 at 8:50 PM, Josh Perry j...@6bit.com wrote: To be honest ever since the x-rate-limit HTTP headers were added we removed the call to verify_credentials from our Twitter API layer. Every time that our Twitter API layer does an HTTP request it squirrels away the header values and any requests to our API from the application for rate-limit information is just fulfilled from those saved variables. So we don't need verify_credentials for rate-limit information Every time that our API does an HTTP request it watches for unauthorized HTTP responses, so we don't need verify_credentials to verify that our app is still authorized on the account or that the user's password is still the same. Every single twitter API method could be used to brute-force by sending HTTP auth headers and watching the HTTP response, but you are rate-limited to 150 requests/hour/ip, if this rate-limit is good enough for all the other attack vectors it should probably be good enough for verify_credentials. In fact verify_credentials is basically a nop function, which IMHO really isn't needed any longer. Josh On Jul 21, 7:00 pm, Doug Williams d...@twitter.com wrote: Devs --A change shipped last week that limited the number of times a user could access the account/verify_credentials method [1] in a given hour. This change proved hasty and short-sighted as pointed out by the subsequent discussion [2]. We apologize to any developer that was adversely affected. Given the problems, we want to fix this in a public and transparent manner. Like most web services, we limit the number of attempts users can make to login to their accounts on Twitter.com to prevent brute force dictionary attacks. This same security is not extended to the platform and leaves accounts vulnerable to the same method of attack through the API. The change we shipped to limit user accounts to 15 calls an hour to the account/verify_credentials method [1] was intended to mitigate this risk. It was thought to limit the number of tests a potential attack could run in the hour, even in a distributed fashion. However, we only protected a single resource which still leaves all other authenticated methods exposed as a vector of attack (limited only by the API rate limit). Our thinking is now that we will limit the total number of unsuccessful attempts to access authenticated resources to 15 an hour per user per IP address. If a single IP
[twitter-dev] Re: API limit confusion
@Abraham: If that were true then calling rate_limit_status should give the same result... which it doesn't! On Jul 22, 3:26 pm, Abraham Williams 4bra...@gmail.com wrote: I recommend that you both read:http://apiwiki.twitter.com/Rate-limiting Serge: If you have an IP that is white listed all applicable calls from that IP will count against the 2 limit. Srikanth: That blog post says that twitter.com has no limit. It says nothing about anybody else not having a limit. The 20k is for GET requests however POST request have their own limits. Abraham On Wed, Jul 22, 2009 at 03:07, srikanth reddy srikanth.yara...@gmail.comwrote: Hi I am also looking for this. The following post says there is no limit on calls from application http://tweetdeck.posterous.com/what-does-rate-limit-exceeded Rate limit is applicable on Get methods from ip/client. Can someone confirm if one can make unlimited calls (from an app) to get request token? What is this 2 limit? Is it for GET calls for authorized client/ip Regards Srikanth On Wed, Jul 22, 2009 at 1:24 PM, sjespers se...@webkitchen.be wrote: Hi there, I am a little bit confused by the API limits. The server for my application is whitelisted. So it's limit is 2 API hits. I use oAuth to authorize Twitter users. When I check an oAuth'd user's rate limit, he also seems gets 2 API hits. Is that true? Also, when I call the Twitter API using the user's oAuth credentials, which API limit gets that hit? The user's? Or the server's? Thanks, Serge -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: Get friends' screen names instead of friends' ids?
Nope. http://code.google.com/p/twitter-api/issues/detail?id=265 On Wed, Jul 22, 2009 at 05:14, link2caro tran.minhq...@link2caro.comwrote: Hi, I would like to know if there is any way to get friends' screen names instead of friends' ids? Thank you in advance. P/S: sorry if this post is duplicate, I cannot find my last post. -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: API limit confusion
In your first email you said When I check an oAuth'd user's rate limit, he also seems gets 2 API hits. so I'm not sure what you are seeing. Also it used to be that user requests from a whitelisted IP would reflect on the users limit unless they had hit their rate limit at which point it would count against the IP. I'm not sure if it still works this way though. Abraham On Wed, Jul 22, 2009 at 08:43, sjespers se...@webkitchen.be wrote: @Abraham: If that were true then calling rate_limit_status should give the same result... which it doesn't! On Jul 22, 3:26 pm, Abraham Williams 4bra...@gmail.com wrote: I recommend that you both read:http://apiwiki.twitter.com/Rate-limiting Serge: If you have an IP that is white listed all applicable calls from that IP will count against the 2 limit. Srikanth: That blog post says that twitter.com has no limit. It says nothing about anybody else not having a limit. The 20k is for GET requests however POST request have their own limits. Abraham On Wed, Jul 22, 2009 at 03:07, srikanth reddy srikanth.yara...@gmail.comwrote: Hi I am also looking for this. The following post says there is no limit on calls from application http://tweetdeck.posterous.com/what-does-rate-limit-exceeded Rate limit is applicable on Get methods from ip/client. Can someone confirm if one can make unlimited calls (from an app) to get request token? What is this 2 limit? Is it for GET calls for authorized client/ip Regards Srikanth On Wed, Jul 22, 2009 at 1:24 PM, sjespers se...@webkitchen.be wrote: Hi there, I am a little bit confused by the API limits. The server for my application is whitelisted. So it's limit is 2 API hits. I use oAuth to authorize Twitter users. When I check an oAuth'd user's rate limit, he also seems gets 2 API hits. Is that true? Also, when I call the Twitter API using the user's oAuth credentials, which API limit gets that hit? The user's? Or the server's? Thanks, Serge -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: Registering our application as browser-based or desktop
Eh, ideally I wouldn't require my users to enter the PIN into our application. Should I just register my app as Browser-based one and redirect my users to our company's website? Also, this may be a question for the maker of our twitter library (twitter4j) but at what point after the user has authorized our application to connect to their account am I able to extract the security token from the request token? If I pause my application and wait for them to acknowledge that they successfully allowed the connection in twitter, should I be able to access that security token immediately. Thanks, Bradley On Tue, Jul 21, 2009 at 6:40 PM, Hedley Robertsonhedley.robert...@gmail.com wrote: If you set the oauth_callback with a value of oob, it will not redirect the user, but provide the PIN style authorization behavior. See this older post on the new style of calling these params: http://groups.google.com/group/twitter-api-announce/browse_thread/thread/472500cfe9e7cdb9 Hope this helps. Hedley On Tue, Jul 21, 2009 at 2:06 PM, Bradley Wagner bradley.wag...@gmail.com wrote: Hi, I work on a Content Management System solution in which we're currently trying to integrate Twitter. Here is the issue: Our software is installed, so while it is browser-based there is not a consistent URL to redirect people to and thus nothing that really makes sense to fill out when registering our application. That said, I'd like to avoid to requiring the users of our software to visit a url and copy/paste a PIN to authorize our application to send updates to their twitter accounts. Is there a recommended way to do this? Where should that URL be redirecting them to? It's my understanding that if they visit the URL, an access token can be generated without the use of a pin (we're using twitter4j for this part). I guess we could just redirect them to our product's website or some page that says go back into our app and click OK to enable the twitter connection. Thanks, Bradley
[twitter-dev] Authentication problem when using j2me
Hello, I am implementing an application for mobile phones using j2me. I am having problems when trying to authenticate using basic authentication. I have reviewed the documentation and Twitter4J source codes but when I debug Twitter4J code the authentication works perfect, when i do the same from my code using J2ME it fails sending me the message 401:couldn't authenticate you. The only difference is that since Twitter4J works with Java, it uses java.net.HttpURLConnection and I am using javax.microedition.io.HttpConnection. any idea why it is not working? i have made the simplest test just with the Authorization using the same algorithm that Twitter4J uses and nothing else as headers. Thanks.
[twitter-dev] Re: Get friends' screen names instead of friends' ids?
Abraham, I noticed you added this discussion into that issue, so hopefully that will keep adding some visibility to that issue. It seems like this is a pretty popular request that keeps coming up on this list, yet the issue has a status of Won't Fix. Twitter dev team, is there anyway that you guys can reconsider this issue? The last time you guys evaluated it was back in February and I would image that the demand for a call like this has increased since then. On Jul 22, 7:32 am, Abraham Williams 4bra...@gmail.com wrote: Nope.http://code.google.com/p/twitter-api/issues/detail?id=265 On Wed, Jul 22, 2009 at 05:14, link2caro tran.minhq...@link2caro.comwrote: Hi, I would like to know if there is any way to get friends' screen names instead of friends' ids? Thank you in advance. P/S: sorry if this post is duplicate, I cannot find my last post. -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: Get friends' screen names instead of friends' ids?
On Wed, Jul 22, 2009 at 5:14 AM, link2carotran.minhq...@link2caro.com wrote: I would like to know if there is any way to get friends' screen names instead of friends' ids? On Wed, Jul 22, 2009 at 10:44 AM, whoiskbwhoi...@gmail.com wrote: Twitter dev team, is there anyway that you guys can reconsider this issue? See the bottom of this page. http://apiwiki.twitter.com/V2-Roadmap No, I don't work at Twitter. -damon -- http://twitter.com/damon
[twitter-dev] OAuth necessary when I don't need to take over people's accounts?
Hi, I am still a bit confused about OAuth. I see the point for apps that take over people's accounts (ie send messages to their streams etc.). But what if my app only accesses it's own account? The API Wiki sounds as if I should use OAuth in any case, but I don't really see the point? It only seems to make things more complicated? Many thanks in advance for any pointers! Björn
[twitter-dev] Re: Please listen to my idea.
See: Twitterfeed www.twitterfeed.com Thanks- - Andy Badera - and...@badera.us - Google me: http://www.google.com/search?q=andrew+badera - This email is: [ ] bloggable [x] ask first [ ] private On Wed, Jul 22, 2009 at 8:13 AM, WilliamH williamh1...@gmail.com wrote: Hi, I'm a Korean twitterer. There are two main social network services in Korea. Blog and cyworld. Most of Korean people have been using them. Recently, I could use twitter at first by my friend's introduction. It's cool, simple and very easy to use but not yet accustomed to using them. So I suggest you that the synchronization module of Blog(and cyworld..) and twitter. If someone write something on their blog, the follower can see the part of its writing on twitter. If this is possible, twitter may widen market share in Korea as a new type of simple social networking service. Please refer to my idea, and if you have any futher question or any idea please let me know. Good Luck,
[twitter-dev] Re: OAuth necessary when I don't need to take over people's accounts?
It will improve the security of your account since it won't be sending username/password in plaintext anymore. It's not that much more complicated to do. In fact, if you are just doing it for one account, you can run the sample code for oauth, write down the access token and secret, and just hard code them into your app instead of putting in the username and password.
[twitter-dev] Re: Search API error {error:since_id too recent, poll less frequently}
Matt, Here is another thread pseudo-related to the issue. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/b7b6859620327bad/77927af246c77907#77927af246c77907 Again, thanks to Chad. Brooks On Jul 21, 1:35 pm, matthew jesc...@gmail.com wrote: Chad, Good to know. Thanks for your help. Matthew On Jul 21, 2:13 pm, Chad Etzel jazzyc...@gmail.com wrote: That usually happens when the search servers get out of sync and the since_id tweet hasn't been indexed on the other server(s) yet, so it thinks it's a tweet from the future. -Chad On Tue, Jul 21, 2009 at 12:38 PM, matthewjesc...@gmail.com wrote: I am polling the Search API and intermittently receive the following error: {error:since_id too recent, poll less frequently} Is this to be expected or this something going wrong on the server side? Matthew Schrock
[twitter-dev] Re: Detecting positive / negative / question
Joseph,I assume you mean the sentiment portion of the Search API? That is not available as structured data through an API call. Thanks, Doug On Wed, Jul 22, 2009 at 3:36 AM, Joseph northwest...@gmail.com wrote: Is the attitude (tude) flag stored as part of a tweet? and if so, do any of the data structures returned by API calls have it? The search API allows the search for a tude, but as far as I can see, tude is not part of the data structure returned.
[twitter-dev] Re: Please listen to my idea.
Another option is to use HootSuite RSS-Twitter feature On Jul 22, 5:13 am, WilliamH williamh1...@gmail.com wrote: Hi, I'm a Korean twitterer. There are two main social network services in Korea. Blog and cyworld. Most of Korean people have been using them. Recently, I could use twitter at first by my friend's introduction. It's cool, simple and very easy to use but not yet accustomed to using them. So I suggest you that the synchronization module of Blog(and cyworld..) and twitter. If someone write something on their blog, the follower can see the part of its writing on twitter. If this is possible, twitter may widen market share in Korea as a new type of simple social networking service. Please refer to my idea, and if you have any futher question or any idea please let me know. Good Luck,
[twitter-dev] Logging Out of Twitter Through API
Hello everyone, Just a quick question here - I originally though the the 'http:// twitter.com/account/end_session.xml' API function logs the user out of Twitter - however that doesn't appear to be the case with my application. Every time that I run that function - it doesn't log them out of Twitter (i.e basically the session variables with Twitter are not destroyed). Is that the way the function is supposed to be used? It is meant to completely log the user out of Twitter? Thanks, Greg
[twitter-dev] Re: Detecting positive / negative / question
That's what I meant. Short of doing a search, with tude[]=%3A) and store it in my cache (which will eat up a lot of API calls), do you have any hints on how to extract this out of the API? Thanks, Joseph On Jul 22, 10:52 am, Doug Williams d...@twitter.com wrote: Joseph,I assume you mean the sentiment portion of the Search API? That is not available as structured data through an API call. Thanks, Doug On Wed, Jul 22, 2009 at 3:36 AM, Joseph northwest...@gmail.com wrote: Is the attitude (tude) flag stored as part of a tweet? and if so, do any of the data structures returned by API calls have it? The search API allows the search for a tude, but as far as I can see, tude is not part of the data structure returned.
[twitter-dev] Search API: geocode operator not working?
Did the geocode operator stop working? I just tried a couple of geocoded searches and got back 0 results. Here is a search for San Francisco, CA within 15 miles. curl http://search.twitter.com/search.json?q=geocode%3A37.779160%2C-122.420049%2C15m Users are complaining to me as well, so I know it's not just my machine/IP Is it working for anyone else? -Chad
[twitter-dev] Create Favourite API Not returning new status
I recently posted this as a bug and was hoping if anyone else can verify it: http://code.google.com/p/twitter-api/issues/detail?id=855 Basically this has changed, it used to return the status values once the favourite had been applied so favourited would equal true, now its always false.
[twitter-dev] Can't get friends/followers list after page 101
Hi, I have been trying to get the friends/followers list using the REST API but I always get an empty users node after page 101. The GET request URL looks like this: http://www.twitter.com/statuses/followers.xml?screen_name=barackobamapage=102 I get the same result regardless of type, XML or JSON, and it happens when retrieving the friends list as well. All my requests are authenticated using OAuth, but even if I use the web browser to make an unauthenticated request and the put the above URL in I get the same result. At first I thought it was a rate limit issue but the IP address I am making the requests from is white listed and when I made the request I checked my rate limit and it was more than 10k at the time. We all know Barack Obama has more than 101 pages of followers so it can't be the last page. Any help or advice will be appreciated. Thanks
[twitter-dev] Re: Updating the APIs authentication limiting policy
My concern with this proposal is that it opens up denials of service, not to twitter.com, but to associated sites such as twitpic, or my site twxlate, among others For example, Lance Armstrong is a heavy user of twitpic. It is very easy for anyone to find Lance's twitter ID (@lancearmstrong), view his status updates, and see that he is a frequent user of twitpic. Now, someone that is unhappy with Lance, say one of George Hincapie's ardent fans that really believes that Lance was a significant contributor to George not winning the maillot jeune last Sunday, could go to twitpic, fail to login as Lance the requisite number of times, and deny Lance access to twitpic. Not only celebrities would or could be subject to such denials of service. I notice that @dougw occasionally uses twitpic! :-) One solution to this problem is to add to each twitter account another private ID. By default this private ID would be equal to the existing (public) ID (If not equal to the account's public ID, it would have to be unique among all twitter IDs, both public and private.). The public ID would be used just as the existing twitter ID is now: others would use it to follow, mention, DM, etc., the user. But the user MUST use their private ID for authenticated requests through the API, and CAN also use it for non-authenticated requests. In either case, twitter would treat a request from a private ID as if it came from the corresponding public ID. Blocking the public ID because of excessive authentication failures would NOT block the associated private ID unless they were equal. Changing your public ID would also change your private ID if the two were the same before the change, i.e., they would remain the same after the change. It may seem onerous to require all users to also have a private ID, but since it defaults to be the same as their public ID, only those concerned about their service being denied would change it and subsequently use it instead of their public ID to access associated sites such as twitpic or twxlate. In fact, I think this change, though potentially large on the twitter side, could be implemented without any changes to users or associated sites, with one small, obscure exception: now, if I attempt to create a new twitter account or change the ID of an existing account, and find that the ID I want is in use, I can view that account; if this were implemented and I attempted to use a private ID that was not the same as its associated public ID, I could not view the account using the denied ID. Comments expected and welcome. Jim Renkel On Jul 21, 6:00 pm, Doug Williams d...@twitter.com wrote: Devs --A change shipped last week that limited the number of times a user could access the account/verify_credentials method [1] in a given hour. This change proved hasty and short-sighted as pointed out by the subsequent discussion [2]. We apologize to any developer that was adversely affected. Given the problems, we want to fix this in a public and transparent manner. Like most web services, we limit the number of attempts users can make to login to their accounts on Twitter.com to prevent brute force dictionary attacks. This same security is not extended to the platform and leaves accounts vulnerable to the same method of attack through the API. The change we shipped to limit user accounts to 15 calls an hour to the account/verify_credentials method [1] was intended to mitigate this risk. It was thought to limit the number of tests a potential attack could run in the hour, even in a distributed fashion. However, we only protected a single resource which still leaves all other authenticated methods exposed as a vector of attack (limited only by the API rate limit). Our thinking is now that we will limit the total number of unsuccessful attempts to access authenticated resources to 15 an hour per user per IP address. If a single IP address makes 15 attempts to access a protected resource unsuccessfully for a given user (as indicated by an HTTP 401), then the user will be locked out of authenticated resources from that IP address for 1 hour. This scheme has all of the positive effects that we need, however we want to make sure that we have thought through all of the potential problems on the developer's side before we proceed with this change. Please contribute to the subsequent discussion if you have an opinion or concern. Once we come to an agreement, we will update with details and a timeline for shipping this update. 1.http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0ve... 2.http://groups.google.com/group/twitter-development-talk/browse_thread... Regards, Doug
[twitter-dev] Re: Search API: geocode operator not working?
Chad, It looks like your mi units parameter has been truncated to m. When I add i to the string it works for me. It may be that it is returning results withing 5 meters. Matthew On Jul 22, 3:25 pm, Chad Etzel jazzyc...@gmail.com wrote: Did the geocode operator stop working? I just tried a couple of geocoded searches and got back 0 results. Here is a search for San Francisco, CA within 15 miles. curlhttp://search.twitter.com/search.json?q=geocode%3A37.779160%2C-122.42... Users are complaining to me as well, so I know it's not just my machine/IP Is it working for anyone else? -Chad
[twitter-dev] facing problem in twitter serach API access
Hi All, I am trying write a simple Android program to get public timelines from twitter corressponding to a keyword. Given below is the snapshot of the code ...below code is blocking on request.getResponseCode() call. Anybody has idea what could be the problem? -- URL url = *new* URL(http://search.twitter.com/search.json?q=pune); URLConnection connection; connection = url.openConnection(); HttpURLConnection request = (HttpURLConnection) connection; int responsecode = request.getResponseCode() ; // Code is just blocking here -- I have broadband internet connection at home. From home PC I am trying to execute program which has above code. The Internet permissions are granted by adding uses-permission android:name=*android.permission.INTERNET* / line to the manifest file. I have a firewall configured and running on my PC. I am trying to launch android emulater via eclipse version 3.4.2 (ADT has been added to the eclipse). Please let me know if anybody has faced similar problems. Thanks Regards, Narendra
[twitter-dev] Re: API limit confusion
@Abraham: Does it mean my consumer app (not Desktop client) cannot serve more than 150 authorized users/hour(if it is not white listed). It is hard to believe. If it is desktop client the 150 limit is understandable. The blog post says This limit applies to your Twitter account rather than the applications which make the calls to the API i.e. you have 100 API calls per hour in total regardless of which Twitter applications you use - it is NOT 100 API calls per application As you said Also it used to be that user requests from a whitelisted IP would reflect on the users limit unless they had hit their rate limit at which point it would count against the IP. its probably first user and then IP. POST request have their own limits yes i do not mean infinite calls but my consumer app should be able to get more than 20k request tokens Thanks for your time. Really helpful Srikanth On Wed, Jul 22, 2009 at 7:41 PM, Abraham Williams 4bra...@gmail.com wrote: In your first email you said When I check an oAuth'd user's rate limit, he also seems gets 2 API hits. so I'm not sure what you are seeing. Also it used to be that user requests from a whitelisted IP would reflect on the users limit unless they had hit their rate limit at which point it would count against the IP. I'm not sure if it still works this way though. Abraham On Wed, Jul 22, 2009 at 08:43, sjespers se...@webkitchen.be wrote: @Abraham: If that were true then calling rate_limit_status should give the same result... which it doesn't! On Jul 22, 3:26 pm, Abraham Williams 4bra...@gmail.com wrote: I recommend that you both read:http://apiwiki.twitter.com/Rate-limiting Serge: If you have an IP that is white listed all applicable calls from that IP will count against the 2 limit. Srikanth: That blog post says that twitter.com has no limit. It says nothing about anybody else not having a limit. The 20k is for GET requests however POST request have their own limits. Abraham On Wed, Jul 22, 2009 at 03:07, srikanth reddy srikanth.yara...@gmail.comwrote: Hi I am also looking for this. The following post says there is no limit on calls from application http://tweetdeck.posterous.com/what-does-rate-limit-exceeded Rate limit is applicable on Get methods from ip/client. Can someone confirm if one can make unlimited calls (from an app) to get request token? What is this 2 limit? Is it for GET calls for authorized client/ip Regards Srikanth On Wed, Jul 22, 2009 at 1:24 PM, sjespers se...@webkitchen.be wrote: Hi there, I am a little bit confused by the API limits. The server for my application is whitelisted. So it's limit is 2 API hits. I use oAuth to authorize Twitter users. When I check an oAuth'd user's rate limit, he also seems gets 2 API hits. Is that true? Also, when I call the Twitter API using the user's oAuth credentials, which API limit gets that hit? The user's? Or the server's? Thanks, Serge -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: Search API: geocode operator not working?
On Wed, Jul 22, 2009 at 4:03 PM, matthewjesc...@gmail.com wrote: Chad, It looks like your mi units parameter has been truncated to m. When I add i to the string it works for me. It may be that it is returning results withing 5 meters. Doh! You're right... added the 'i' and all is well. Sorry for the noise, -Chad
[twitter-dev] facing problem in twitter search API access
Hi All, I am trying write a simple Android program to get public timelines from twitter corressponding to a keyword. Given below is the snapshot of the code ...below code is blocking on request.getResponseCode() call. Anybody has idea what could be the problem? -- URL url = new URL(http://search.twitter.com/search.json?q=pune); URLConnection connection; connection = url.openConnection(); HttpURLConnection request = (HttpURLConnection) connection; int responsecode = request.getResponseCode() ; // Code is just blocking here -- I have broadband internet connection at home. From home PC I am trying to execute program which has above code. The Internet permissions are granted by adding uses-permission android:name=android.permission.INTERNET / line to the manifest file. I have a firewall configured and running on my PC. I am trying to launch android emulater via eclipse version 3.4.2 (ADT has been added to the eclipse). Please let me know if anybody has faced similar problems. Thanks Regards, Narendra
[twitter-dev] Re: Updating the APIs authentication limiting policy
One solution to this problem is to add to each twitter account another private ID. Jim, Wouldn't it make more sense to implement this private id thing on your own server? My thought here is that your service should maintain its own database of users, and issue a unique private id for each of these users. Then when the visitor tries to login, your code can check to see if the private id the visitor has entered is in your own database. If so the person is allowed to login, and if not they get an error. Would this work to solve the problem of am I missing something here? Owkaye
[twitter-dev] Re: Can't get friends/followers list after page 101
Seems to be working now, I guess it was a temporary thing. Would help if I knew what caused it :) thanks. On Jul 22, 3:55 pm, atifzshaikh atif.zsha...@gmail.com wrote: Hi, I have been trying to get the friends/followers list using the REST API but I always get an empty users node after page 101. The GET request URL looks like this: http://www.twitter.com/statuses/followers.xml?screen_name=barackobama... I get the same result regardless of type, XML or JSON, and it happens when retrieving the friends list as well. All my requests are authenticated using OAuth, but even if I use the web browser to make an unauthenticated request and the put the above URL in I get the same result. At first I thought it was a rate limit issue but the IP address I am making the requests from is white listed and when I made the request I checked my rate limit and it was more than 10k at the time. We all know Barack Obama has more than 101 pages of followers so it can't be the last page. Any help or advice will be appreciated. Thanks
[twitter-dev] How to get consumer and secret key
Hi, I want to integrate my ruby on rails website with twitter. For all the tutorials I have gone through they require me to use oauth Oauth requires a consumer key and secret key from twitter.com (http:// twitter.com/oauth_clients/new) However, my project is still in development phase (localhost) and I am coding locally In order to register, I need things like Callback URL, Application Website:, etc. I dont have these yet. HOW DO I GET A CONSUMER KEY AND SECRET KEY? Please advise.
[twitter-dev] Re: How to get consumer and secret key
you could get a key and use the OOB (pin) flow. On Wed, Jul 22, 2009 at 15:20, Ritvvij ritvi...@gmail.com wrote: Hi, I want to integrate my ruby on rails website with twitter. For all the tutorials I have gone through they require me to use oauth Oauth requires a consumer key and secret key from twitter.com (http:// twitter.com/oauth_clients/new) However, my project is still in development phase (localhost) and I am coding locally In order to register, I need things like Callback URL, Application Website:, etc. I dont have these yet. HOW DO I GET A CONSUMER KEY AND SECRET KEY? Please advise. -- Internets. Serious business.
[twitter-dev] Re: How to get consumer and secret key
what is OOB (pin) flow? Sorry for the dumb questions am new to this On Jul 22, 4:40 pm, JDG ghil...@gmail.com wrote: you could get a key and use the OOB (pin) flow. On Wed, Jul 22, 2009 at 15:20, Ritvvij ritvi...@gmail.com wrote: Hi, I want to integrate my ruby on rails website with twitter. For all the tutorials I have gone through they require me to use oauth Oauth requires a consumer key and secret key from twitter.com (http:// twitter.com/oauth_clients/new) However, my project is still in development phase (localhost) and I am coding locally In order to register, I need things like Callback URL, Application Website:, etc. I dont have these yet. HOW DO I GET A CONSUMER KEY AND SECRET KEY? Please advise. -- Internets. Serious business.
[twitter-dev] Re: How to get consumer and secret key
You will want to set oauth_callback when you get a request token. Check out OAuth 1.0a in the Twitter API docs. You can set it to be localhost. On Wed, Jul 22, 2009 at 16:47, Ritvvij ritvi...@gmail.com wrote: what is OOB (pin) flow? Sorry for the dumb questions am new to this On Jul 22, 4:40 pm, JDG ghil...@gmail.com wrote: you could get a key and use the OOB (pin) flow. On Wed, Jul 22, 2009 at 15:20, Ritvvij ritvi...@gmail.com wrote: Hi, I want to integrate my ruby on rails website with twitter. For all the tutorials I have gone through they require me to use oauth Oauth requires a consumer key and secret key from twitter.com (http:// twitter.com/oauth_clients/new) However, my project is still in development phase (localhost) and I am coding locally In order to register, I need things like Callback URL, Application Website:, etc. I dont have these yet. HOW DO I GET A CONSUMER KEY AND SECRET KEY? Please advise. -- Internets. Serious business. -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: Create Favourite API Not returning new status
Verified and accepted this defect. In the future, let's keep noise down on this list by leaving this discussion to the issue tracker itself. Thanks, Doug On Wed, Jul 22, 2009 at 12:34 PM, Coderanger d...@coderanger.com wrote: I recently posted this as a bug and was hoping if anyone else can verify it: http://code.google.com/p/twitter-api/issues/detail?id=855 Basically this has changed, it used to return the status values once the favourite had been applied so favourited would equal true, now its always false.
[twitter-dev] Re: The Gardenhose Cooperative
I wonder if there is a way that Twitter could do the verification. Self verification is always vulnerable. It'd be nice if Twitter had some sort of way to be involved, and tell the provider of the backed up data what level of access that a user has. On Wed, Jul 22, 2009 at 3:41 PM, braver delivera...@gmail.com wrote: After we lost a few days of gardenhose, I'm wondering whether it would be OK for us gardenhosers to back up each other. In case we do research, for instance -- as we do at Dartmouth. I suggest the following: say you lost a day or a few within the range since you were authorized, and are a member of our garden variety cooperative. You ask me to fill you in, and tell me the day you started gathering the hose. I pick a day for which you have data, and ask you to verify a few tweets somehow -- e.g. tell me which tweet ids there are for a certain user id. Would it be OK to self-organize like that, and who'd be our buddy? Cheers, Alexy
[twitter-dev] Re: Updating the APIs authentication limiting policy
Scott,This change will only affect Basic Auth, and will not affect OAuth applications. Thanks, Doug On Tue, Jul 21, 2009 at 4:27 PM, Scott haw...@gmail.com wrote: Thanks for the update Doug. Does this still apply to OAuth apps? Also, if a user goes through an app and unsuccessfully attempts to login 15 times will that app be blocked from authenticating anybody for an hour or just that user? The previous change seemed to block the entire app from making an authentication request on anybody once the limit had been hit.
[twitter-dev] Lowering rate limits for unidentified Search API traffic
All --Last month we sent out the following call to developers [1] to add identifying User Agents and HTTP Referrer strings to their Search API traffic. This is part of a drawn out push to incent as much of our search traffic as possible to include this identifying data. To identify your application to the Search API, you should always include a uniquely identifying User Agent. A HTTP Referrer is also expected, but not required. Within the next week, we will begin to throttle unidentified search traffic with a lower rate limit. The rate limit will still be sufficient for most applications (as seen in our logs) but will be lower than the default that is given to consumers identifying themselves. This change should not break properly developed applications that are expecting the HTTP 503 responses that are returned during rate limiting [2]. To be clear, applications using the Search API and including a User Agent (and hopefully an HTTP Referrer) will receive the same rate limit. Applications failing to include a User Agent will receive a lower limit. Our goal here is to gain understanding into search traffic. With this data, we will be better informed to build and support the Search API into the future. 1. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/f7cd82f2c43a77d0 2. http://apiwiki.twitter.com/Rate-limiting Thanks, Doug
[twitter-dev] Re: The Gardenhose Cooperative
I don't see anything vulnerable in a reasonably done verification -- e.g., I'll ask you to grep a word in a day you have and tell me the count. I'll google you, and preferably see you here or on twitter. Heck, Twitter, I'll pay you guys a $1/day for backup fetch! Preferably then to the starting point of the hoses. Cheers, Alexy
[twitter-dev] Re: How to get consumer and secret key
Can someone please help? I want to start development but oauth requires the consumer token and secret key as basic things to start. And I dont have 'em. Still operating on localhost. Can you please be very exact when you mention how to (am a newbie) On Jul 22, 5:46 pm, Ritvvij ritvi...@gmail.com wrote: Still cant find it :( On Jul 22, 4:56 pm, Abraham Williams 4bra...@gmail.com wrote: You will want to set oauth_callback when you get a request token. Check out OAuth 1.0a in the Twitter API docs. You can set it to be localhost. On Wed, Jul 22, 2009 at 16:47, Ritvvij ritvi...@gmail.com wrote: what is OOB (pin) flow? Sorry for the dumb questions am new to this On Jul 22, 4:40 pm, JDG ghil...@gmail.com wrote: you could get a key and use the OOB (pin) flow. On Wed, Jul 22, 2009 at 15:20, Ritvvij ritvi...@gmail.com wrote: Hi, I want to integrate my ruby on rails website with twitter. For all the tutorials I have gone through they require me to use oauth Oauth requires a consumer key and secret key from twitter.com (http:// twitter.com/oauth_clients/new) However, my project is still in development phase (localhost) and I am coding locally In order to register, I need things like Callback URL, Application Website:, etc. I dont have these yet. HOW DO I GET A CONSUMER KEY AND SECRET KEY? Please advise. -- Internets. Serious business. -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: The Gardenhose Cooperative
Section 5) ii) b) and e) of the Gardenhose EULA cover this issue. On Jul 22, 3:41 pm, braver delivera...@gmail.com wrote: After we lost a few days of gardenhose, I'm wondering whether it would be OK for us gardenhosers to back up each other. In case we do research, for instance -- as we do at Dartmouth. I suggest the following: say you lost a day or a few within the range since you were authorized, and are a member of our garden variety cooperative. You ask me to fill you in, and tell me the day you started gathering the hose. I pick a day for which you have data, and ask you to verify a few tweets somehow -- e.g. tell me which tweet ids there are for a certain user id. Would it be OK to self-organize like that, and who'd be our buddy? Cheers, Alexy
[twitter-dev] Re: The Gardenhose Cooperative
Did you just propose NNTP for Tweets? I hope we don't go reinventing the wheel. How many developers here were even alive in 1986? ;-) On 7/22/09 6:41 PM, braver wrote: After we lost a few days of gardenhose, I'm wondering whether it would be OK for us gardenhosers to back up each other. In case we do research, for instance -- as we do at Dartmouth. I suggest the following: say you lost a day or a few within the range since you were authorized, and are a member of our garden variety cooperative. You ask me to fill you in, and tell me the day you started gathering the hose. I pick a day for which you have data, and ask you to verify a few tweets somehow -- e.g. tell me which tweet ids there are for a certain user id. Would it be OK to self-organize like that, and who'd be our buddy? -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
[twitter-dev] Re: Search API error {error:since_id too recent, poll less frequently}
Brooks, Thanks for the link - helps me understand some of the stuff I've been seeing. Matthew On Jul 22, 1:15 pm, Brooks Bennett bsbenn...@gmail.com wrote: Matt, Here is another thread pseudo-related to the issue. http://groups.google.com/group/twitter-development-talk/browse_thread... Again, thanks to Chad. Brooks On Jul 21, 1:35 pm, matthew jesc...@gmail.com wrote: Chad, Good to know. Thanks for your help. Matthew On Jul 21, 2:13 pm, Chad Etzel jazzyc...@gmail.com wrote: That usually happens when the search servers get out of sync and the since_id tweet hasn't been indexed on the other server(s) yet, so it thinks it's a tweet from the future. -Chad On Tue, Jul 21, 2009 at 12:38 PM, matthewjesc...@gmail.com wrote: I am polling the Search API and intermittently receive the following error: {error:since_id too recent, poll less frequently} Is this to be expected or this something going wrong on the server side? Matthew Schrock
[twitter-dev] Re: The Gardenhose Cooperative
Did you just propose NNTP for Tweets? I laughed and sprayed milk everywhere. Bill for keyboard in mail. I hope we don't go reinventing the wheel. How many developers here were even alive in 1986? ;-) *feels old* -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Save a horse, starve a fever. Wait, what? -- Alex Payne
[twitter-dev] Random updates coming from API
I keep receiving random updated coming from API, are you able to check the mater out and stop them from randomly posting on my profile, Thank you
[twitter-dev] Random updates coming from API
I 've been receiving random profile updates coming from API on my profile for the last 4 weeks, i have send request to solve the issue, yet it still happening thank you
[twitter-dev] how to destroy the tweet by HTTP POST?
I manage to post a tweet with HTTP POST. Then I dumped the result. It was in the XML format. I got this value within XML tag id2774581598/ id when I posted it successfully. I believe this is a twit numeric identifier we can use to destroy it but I'm getting 404 error. Now I wish to delete (destroy) the same twit...I'm trying with following code but it does NOT work. cfhttp url=http://twitter.com/statuses/destroy/ #arguments.statusID#.xml method=post username=#arguments.username# password=#arguments.password# useragent=twitterCFC cfhttpparam name=id value=#arguments.statusID# type=formfield / /cfhttp where arguments.statusID = 2774581598. Can someone help me please? Thanks.
[twitter-dev] Re: How to get consumer and secret key
RTFM On Wed, Jul 22, 2009 at 10:26 PM, Ritvvij ritvi...@gmail.com wrote: Can someone please help? I want to start development but oauth requires the consumer token and secret key as basic things to start. And I dont have 'em. Still operating on localhost. Can you please be very exact when you mention how to (am a newbie) On Jul 22, 5:46 pm, Ritvvij ritvi...@gmail.com wrote: Still cant find it :( On Jul 22, 4:56 pm, Abraham Williams 4bra...@gmail.com wrote: You will want to set oauth_callback when you get a request token. Check out OAuth 1.0a in the Twitter API docs. You can set it to be localhost. On Wed, Jul 22, 2009 at 16:47, Ritvvij ritvi...@gmail.com wrote: what is OOB (pin) flow? Sorry for the dumb questions am new to this On Jul 22, 4:40 pm, JDG ghil...@gmail.com wrote: you could get a key and use the OOB (pin) flow. On Wed, Jul 22, 2009 at 15:20, Ritvvij ritvi...@gmail.com wrote: Hi, I want to integrate my ruby on rails website with twitter. For all the tutorials I have gone through they require me to use oauth Oauth requires a consumer key and secret key from twitter.com(http:// twitter.com/oauth_clients/new) However, my project is still in development phase (localhost) and I am coding locally In order to register, I need things like Callback URL, Application Website:, etc. I dont have these yet. HOW DO I GET A CONSUMER KEY AND SECRET KEY? Please advise. -- Internets. Serious business. -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: How to get consumer and secret key
You get them after you create the link on the page you linked to in your first email. For a callback url put http://google.com. When you get request tokens make sure you add an oauth_callback parameter that is set to your localhost based on these instructions: http://groups.google.com/group/twitter-api-announce/browse_frm/thread/472500cfe9e7cdb9?hl=enpli=1 On Wed, Jul 22, 2009 at 21:26, Ritvvij ritvi...@gmail.com wrote: Can someone please help? I want to start development but oauth requires the consumer token and secret key as basic things to start. And I dont have 'em. Still operating on localhost. Can you please be very exact when you mention how to (am a newbie) On Jul 22, 5:46 pm, Ritvvij ritvi...@gmail.com wrote: Still cant find it :( On Jul 22, 4:56 pm, Abraham Williams 4bra...@gmail.com wrote: You will want to set oauth_callback when you get a request token. Check out OAuth 1.0a in the Twitter API docs. You can set it to be localhost. On Wed, Jul 22, 2009 at 16:47, Ritvvij ritvi...@gmail.com wrote: what is OOB (pin) flow? Sorry for the dumb questions am new to this On Jul 22, 4:40 pm, JDG ghil...@gmail.com wrote: you could get a key and use the OOB (pin) flow. On Wed, Jul 22, 2009 at 15:20, Ritvvij ritvi...@gmail.com wrote: Hi, I want to integrate my ruby on rails website with twitter. For all the tutorials I have gone through they require me to use oauth Oauth requires a consumer key and secret key from twitter.com(http:// twitter.com/oauth_clients/new) However, my project is still in development phase (localhost) and I am coding locally In order to register, I need things like Callback URL, Application Website:, etc. I dont have these yet. HOW DO I GET A CONSUMER KEY AND SECRET KEY? Please advise. -- Internets. Serious business. -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Re: New OAuth app signup
Use oauth_callback while getting the request tokens: http://groups.google.com/group/twitter-api-announce/browse_frm/thread/472500cfe9e7cdb9?hl=enpli=1 On Wed, Jul 22, 2009 at 18:54, earscrew earsc...@gmail.com wrote: Using the form provided: http://twitter.com/oauth_clients/ If I have an application in the early developmental stage (no associated domain/callback), how do I go about testing? Thanks, T -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] Weird stuff in /followers/ids and /friends/ids
Hi there, I maintain a small unfollower notification tool at http:// twitdiff.appspot.com/. It relies on the /followers/ids and /friends/ ids API endpoints in order to track changes. Every 24 hours or so it compares the content of /followers/ids with its content at the time of the previous check, and if changed, calls /users/show for each ID that has been removed from the list. When /users/show indicates an account has been suspended, the application reports this as The following accounts were suspended and removed from your follower list (they were probably spammers) Over the past week or so I've started getting a much larger number of suspended IDs appearing in /followers/ids and /friends/ids lists. Some users with large accounts (in one case a user with 36k followers/ friends) are now receiving mails indicating up to 2000 accounts were suspended, much to their puzzlement. At last check my own account, davidbelfast had 20 suspended IDs added to its /followers/ids list, despite the fact I have checked my followers via Tweetie on a number of occasions in the intervening period, and noticed no new accounts. Any idea what's going on? Do you perhaps delay you have a new follower! notification when the new follower is marked as spam, yet perhaps put it in /followers/ids immediately? David