[twitter-dev] Re: Accurately accessing favorites
tweet was favorites. So I can't just grab pages of favorites until I reach the date of the most recent favorite from the week before... Is there another way? I was thinking of something like the following to get around it: * retrieve user's latest `favourites_count` from users/lookup * while favourites_count != the count you have stored || reached end of favorites ** iterate over the favorited posts and store But you've still got the issue of dealing with people unfavoriting posts which will screw the whole thing up. Sounds like the only way to make work is to iterate over the whole set and store what you're missing, or beg and plead for the API team to store a favorited_at datetime that you can order by. -- Glenn http://glenngillen.com/
[twitter-dev] What is the best way to find all the replies to a tweet?
I can think of only one efficient way which is to use the status mentions. Is there any other quicker way? http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-statuses-mentions
[twitter-dev] Mobile OAuth Summary
Hello, I migrated my mobile web site to OAuth. Now, I have a lot of users complaining that the OAuth page of twitter is not mobile friendly.Some of them are getting just a blank screen or just cannot open it. My honest question is - this is being discussed many times but where are we with this? Are all those users really suppose to get such a bad user experience? Why would you need a javascript on a login page?Is it so hard to create such page just for mobile browsers? Is anybody handling this - I mean it is an obvious problem that we have for more than a year already. Any comments on this are highly appreciated.
[twitter-dev] Re: xAuth Approval?
Well I don't like that.. does anybody here think about user experience? What is a rock solid security model good for, when nobody uses it because it's just cumbersome? As always in life, trade offs need to be made. I could design a black box where nothing would ever get in or out, but this box wouldn't be useful for anything... Also I can't find the word Browser in Twitter Client, and what's so secure about the Browser anyway? There's no reason to trust it! It's just another program, like the Twitter Client of your choice is too. Or can you make Mozilla responsible if someone gets his Accounts hacked while using Firefox? :P PS: My client uses xAuth too, but I dismiss the password instantly after the Request has been send, I think that's is a suitable solution. On Apr 27, 4:59 am, M. Edward (Ed) Borasky zn...@comcast.net wrote: On 04/26/2010 05:16 PM, Cameron Kaiser wrote: xAuth is a method for which to exchange usernames and passwords for those tokens, without send the user through the workflow. this is for two reasons: 1. mobile/desktop application authors have complained that it makes their UX fugly when they bring up a web browser (i'll hold my opinions on this); and 2. web applications that have been storing usernames and passwords need a method to bulk convert all their users over to oauth tokens. and 3. Browserless environments. I'm pretty sure that was one of the initial motivators way back when the crud was flying. Yeah ... but I *like* having the browser involved. -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Mobile OAuth Summary
hi. i'll follow up on this - do you have a notion of what browsers, what phones, etc. your users are coming from On Thu, Apr 29, 2010 at 1:49 AM, twittme_mobi nlupa...@googlemail.comwrote: Hello, I migrated my mobile web site to OAuth. Now, I have a lot of users complaining that the OAuth page of twitter is not mobile friendly.Some of them are getting just a blank screen or just cannot open it. My honest question is - this is being discussed many times but where are we with this? Are all those users really suppose to get such a bad user experience? Why would you need a javascript on a login page?Is it so hard to create such page just for mobile browsers? Is anybody handling this - I mean it is an obvious problem that we have for more than a year already. Any comments on this are highly appreciated. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Duplicate Statuses in Public Timeline
hi matt. are you using since_id on your public timeline calls? On Thu, Apr 29, 2010 at 4:54 AM, mattarnold1977 matt.arnold.1...@gmail.comwrote: This is the third time I've reported this issue in the last couple of weeks. I still have not received any word back from Twitter support regarding this issue. My server log is filling up with duplicate status errors coming from the public timeline. I'm waiting to hit the timeline until after the cache period, so it's not that. And, yes it's not just duplicate status ids I'm seeing, it's also duplicate statuses as well. Every time I hit the public timeline I compare the results against a months worth of data that I have saved. Is anyone else having this issue? -Matt -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] About update limits
This is what the FAQ has to say about status update limits: Updates: 1,000 per day. The daily update limit is further broken down into smaller limits for semi-hourly intervals. Retweets are counted as updates. I'm a little unclear as to what exactly is meant by further broken down into smaller limits for semi-hourly intervals. Is the 1000 per day limit divided evenly between the 48 half hours each day (around 20 or so tweets per half an hour?). Also, I'm assuming this limit applies to each unique account? Is this limit absolutely fixed? Or is there some equivalent to whitelisting for status/update limits as well? Thanks...
[twitter-dev] Rate limit status with authentication credentials for authenticated user account.
Hi there, We are developing an app in which we need little of your help. may I know how to get rate-limit status if we provide authentication credentials of an authenticated user. is it possible if we provide user name and password manually through code instead of twitter OAuth. If it is, how can we do that? waiting for reply eagerly, Thank you very much in advance.
Re: [twitter-dev] About update limits
the numbers are roughly broken up over the day. and the limit applies to an account. and yes - there is a whitelisting for status/updates -- please e-mail a...@twitter to ask for it. On Thu, Apr 29, 2010 at 5:26 AM, akaii chibiak...@gmail.com wrote: This is what the FAQ has to say about status update limits: Updates: 1,000 per day. The daily update limit is further broken down into smaller limits for semi-hourly intervals. Retweets are counted as updates. I'm a little unclear as to what exactly is meant by further broken down into smaller limits for semi-hourly intervals. Is the 1000 per day limit divided evenly between the 48 half hours each day (around 20 or so tweets per half an hour?). Also, I'm assuming this limit applies to each unique account? Is this limit absolutely fixed? Or is there some equivalent to whitelisting for status/update limits as well? Thanks... -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Duplicate Statuses in Public Timeline
What is your goal for this application? Are you trying to get a sampling of statuses for analysis, or for occasional casual display? If the former, you should use a sample method on the Streaming API. If the later, please persist in your quest for a reasonably unique result set. The public timeline isn't used much anymore and regressions could theoretically and regrettably, exist for a bit without anyone noticing. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. On Thu, Apr 29, 2010 at 4:54 AM, mattarnold1977 matt.arnold.1...@gmail.com wrote: This is the third time I've reported this issue in the last couple of weeks. I still have not received any word back from Twitter support regarding this issue. My server log is filling up with duplicate status errors coming from the public timeline. I'm waiting to hit the timeline until after the cache period, so it's not that. And, yes it's not just duplicate status ids I'm seeing, it's also duplicate statuses as well. Every time I hit the public timeline I compare the results against a months worth of data that I have saved. Is anyone else having this issue? -Matt
[twitter-dev] 413 errors from streaming api
I'm connecting to the streaming API with many userids in the filter param, and quickly went over my URL request length and got HTTP 413. Can I send post params? How else can I get updates from a large set of users in a streaming fashion? Thanks Paul
Re: [twitter-dev] get public replies (or mentions) to following
Hi, In my apps, I want to (1)get all recent official replies (or mentions) to my following and also the tweet's ids that replies reply to OR (2)get all replies to a tweet Here's a discussion on this feature - won't come very soon, I think: http://code.google.com/p/twitter-api/issues/detail?id=142 Niklas
Re: [twitter-dev] 413 errors from streaming api
There are several conditions that will result in a 413. You'll get a short text message back with the error code that should describe the problem. Note that the default access role limits you to following just 400 userids. You'll need elevated access to follow more. Yes, please send POST params. URL params are useful for prototyping and general hackery, but the length is limited. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. On Wed, Apr 28, 2010 at 8:23 PM, Paul Tarjan ptar...@gmail.com wrote: I'm connecting to the streaming API with many userids in the filter param, and quickly went over my URL request length and got HTTP 413. Can I send post params? How else can I get updates from a large set of users in a streaming fashion? Thanks Paul
[twitter-dev] Iphone search option question
Hi! Im trying to put an twitter-search option (so no sign-in) in my iphone application, for an assignment, but dont understand how to do so. All the resources seem to be for webbased applications.. Can somebody please help me get started?Would be very much appriciated!!! Thanks!
Re: [twitter-dev] Re: server app publishing twitter status updates with oauth?
Hi Simon, You've figured out all the right answers! Glad to hear. SignPost should work fine for you with Twitter, but I'll just mention that it has some issues with other services with stricter OAuth implementations. Wish you luck in finding your way to OAuth, and we're here to help if you get stuck along the way. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Wed, Apr 28, 2010 at 4:32 PM, Simon simon.kitch...@airnz.co.nz wrote: To reply to myself: I've figured most of this out now. (1) Yes, the app should be registered. Log on to the twitter account that messages will be published to, then go to dev.twitter.com/apps and add a new app. (2) When an app is defined by an account, the app is automatically added to that account's connections. (3) No, xauth is not the right tool. On the app page (either just after defining the app, or later by account settings | connections), the my access token button will create an authentication (token, secret) pair that can be used to authenticate the server app against the account. The web-based authentication step is then unnecessary. These auth tokes do not expire (unless you explicitly log onto the account and revoke the token). (4) It looks like the signing is not too complicated, but also non- trivial; oauth is simply more complex than basic auth. So using a lib is probably the best solution. The Signpost project (google) appears to have a nice small implementation.
Re: [twitter-dev] Re: Invalid / used nonce but only for certain user names?
We have a weird error condition in the OAuth implementation right now that throws invalid nonce errors when it's not necessarily the issue. We're still tracking what exactly causes this down, but believe that it's not applicable to the OAuth implementation rewrite we'll soon be rolling out. In the meantime, when you get this error and you're fairly certain you've never used the nonce before, if you can provide a signature base string and authorization header corresponding to the failed request it will give us better visibility into possible causation. Thanks! Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Wed, Apr 28, 2010 at 7:15 PM, Dewald Pretorius dpr...@gmail.com wrote: Cory, I have had similar issues. When you get that 401 error, you need to back off for a second or two, recalculate the nonce, and then resubmit the request. On Apr 28, 10:52 pm, Cory cory.imdi...@gmail.com wrote: Anyone have any ideas about this? I'm really not sure where to go or what to check from here, and I need to get this taken care of. Any information would be appreciated!
[twitter-dev] Re: get public replies (or mentions) to following
You could try requesting an invite here: http://api.replyto.it/ On Apr 28, 11:57 pm, athanhcong athanhc...@gmail.com wrote: Hi all, In my apps, I want to (1)get all recent official replies (or mentions) to my following and also the tweet's ids that replies reply to OR (2)get all replies to a tweet I found that I can use search API to get all recent replies to a username or m, but the results don't give me the tweet's id that each search result reply to. To get that id I need to use statuses/show/ id API to get full information of result-tweet. But this approach costs a lot of requests to server. Do you have any idea to solve this? Thanks.
Re: [twitter-dev] Re: server app publishing twitter status updates with oauth?
Squeaky wheel here again. Some of us have been asking for oauth examples for our single user web apps (currently basic auth) that automatically post updates via either php curl or classic asp xhttp. While we're all trying to wrap our heads around oauth, it seems to me that there certainly must be lots of duplication of effort and wasted time. Does anyone have a simple working example of either that doesn't require a PHP in computer programming to understand? 2 legged oauth for dummies, anyone? ;)
Re: [twitter-dev] Iphone search option question
Today, the Search API is accessible on http://search.twitter.com and doesn't require OAuth. You identify yourself by setting a HTTP User-Agent with the HTTP library you use to perform searches. You'll be issuing requests like http://search.twitter.com/search.json?q=twitter Then consuming the output by likely consuming the JSON output into a hash structure and working from there. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 29, 2010 at 7:28 AM, dw I gwendou...@gmail.com wrote: Hi! Im trying to put an twitter-search option (so no sign-in) in my iphone application, for an assignment, but dont understand how to do so. All the resources seem to be for webbased applications.. Can somebody please help me get started?Would be very much appriciated!!! Thanks!
[twitter-dev] Trouble with OAuth Consumer example in Java
So I'm trying to implement an OAuth consumer* and running into some trouble. As a sanity check I'm trying to replicate the example provided in the dev documentation (http://dev.twitter.com/pages/ auth#request-token). I'm stuck when generating the signature for the request. That is, if I use the example parameters and example secret key, the signature in the example doesn't match the signature I'm generating. So I took another step back to see if I can use the net.oauth Java implementation, and _that_ doesn't create a signature matching what's in the example either! So either I'm doing something painfully wrong or the Twitter documentation is incorrect. If I take the 'base string' in the documentation and try to sign it with the 'signing key' from the example, it's only a couple lines of Groovy to use the net.oauth API: import net.oauth.signature.HMAC_SHA1 // string from the example def str = 'POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Frequest_tokenoauth_callback%3Dhttp%253A%252F%252Flocalhost %253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id %253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce %3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method %3DHMAC_SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0' // use the consumer secret from the example: def hmac = new HMAC_SHA1(consumerSecret:'MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98') println hmac.getSignature(str) // prints 'cz+LlAuzclTvE2YQiNogw3dC4yo= // Example gives: 8wUi7m5HFQy76nowoCThusfgB+Q= Any ideas? Let me reiterate -- I know i can't use the example secret key parameters in my own code... I'm trying to use some 'known constant' to verify that at least I'm performing the hash operation correctly. My _real_ code uses javax.crypto.Mac similar to what's being done by net.oauth...HMAC_SHA1. You can see the code here: http://oauth.googlecode.com/svn/code/java/core/commons/src/main/java/net/oauth/signature/HMAC_SHA1.java So my theory is, either the Twitter documentation is wrong and I shouldn't trust it as a basis for implementing my own oauth consumer code, or there's some problem with how javax.crypto.Mac is being used... Or I'm doing something else totally idiotic. Any ideas? Thanks. * partially as just an academic exercise, I know there are other OAuth implementations for Java. So please don't ask why don't you just use Twitter4j or OAuth library ? :)
Re: [twitter-dev] Trouble with OAuth Consumer example in Java
Hi Thom, I like your approach. I think there are two things possibly wrong in your implementation. The first: Your signing key needs to have the character at the end, even when there's no additional oauth_token_secret in the request. Instead, of your signing key being MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98 it should be MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98 (this part is mentioned as part of the examples in this section on our auth document) The second: One detail I may have omitted in the documentation that might be key for you here is the following snippet from the OAuth specification: oauth_signature is set to S, first base64-encoded per [RFC2045] (Freed, N. and N. Borenstein, “Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies,” .) http://oauth.net/core/1.0a/#RFC2045section 6.8, then URL-encoded per Parameter Encoding (Parameter Encoding)http://oauth.net/core/1.0a/#encoding_parameters . Hope this helps! The second point of information is often a non-relevant, but it's good to keep in mind. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 29, 2010 at 8:56 AM, Thom Nichols tmnich...@gmail.com wrote: So I'm trying to implement an OAuth consumer* and running into some trouble. As a sanity check I'm trying to replicate the example provided in the dev documentation (http://dev.twitter.com/pages/ auth#request-token). I'm stuck when generating the signature for the request. That is, if I use the example parameters and example secret key, the signature in the example doesn't match the signature I'm generating. So I took another step back to see if I can use the net.oauth Java implementation, and _that_ doesn't create a signature matching what's in the example either! So either I'm doing something painfully wrong or the Twitter documentation is incorrect. If I take the 'base string' in the documentation and try to sign it with the 'signing key' from the example, it's only a couple lines of Groovy to use the net.oauth API: import net.oauth.signature.HMAC_SHA1 // string from the example def str = 'POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Frequest_tokenoauth_callback%3Dhttp%253A%252F%252Flocalhost %253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id %253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce %3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method %3DHMAC_SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0' // use the consumer secret from the example: def hmac = new HMAC_SHA1(consumerSecret:'MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98') println hmac.getSignature(str) // prints 'cz+LlAuzclTvE2YQiNogw3dC4yo= // Example gives: 8wUi7m5HFQy76nowoCThusfgB+Q= Any ideas? Let me reiterate -- I know i can't use the example secret key parameters in my own code... I'm trying to use some 'known constant' to verify that at least I'm performing the hash operation correctly. My _real_ code uses javax.crypto.Mac similar to what's being done by net.oauth...HMAC_SHA1. You can see the code here: http://oauth.googlecode.com/svn/code/java/core/commons/src/main/java/net/oauth/signature/HMAC_SHA1.java So my theory is, either the Twitter documentation is wrong and I shouldn't trust it as a basis for implementing my own oauth consumer code, or there's some problem with how javax.crypto.Mac is being used... Or I'm doing something else totally idiotic. Any ideas? Thanks. * partially as just an academic exercise, I know there are other OAuth implementations for Java. So please don't ask why don't you just use Twitter4j or OAuth library ? :)
[twitter-dev] Geolocation bug?
Hey sorry to report a bug here.. (I did finally find http://twitter.com/HELP via Google, but there's no confirmation that the report was received. Upon submission of the bug report I was redirected to http://twitter.com/help/start.) Anyway, it is sort of a developer thing, concerning geolocated tweets. Some tweets that include geodata are tagged via [appname] from [neighborhood] while others are tagged via [appname] from here. (There's been a lot of weirdness in the neighborhood names, at least here in Europe.) Problem is, on Firefox under both Ubuntu 9.10 and Windows 7, clicking on the neighborhood links doesn't work. No response, no little map- in-a-box. The from here ones work fine. Is it only me?
[twitter-dev] Re: Geolocation bug?
Here is the error from clicking on a neighborhood link, copied from Firebug: I.geometry is null http://a1.twimg.com/a/1272477713/javascripts/geov1.js?1272481439 Line 1
Re: [twitter-dev] Re: one application authentication
Hi Abava, There's a feature now to get your access token for any app you have registered. You can find this by navigating to one of your application detail pages on http://dev.twitter.com/apps and clicking on the My Token link. Then you can use the access token and secret given to you in your own application easily. There are more tips on the single access token model here: http://bit.ly/1token Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Apr 27, 2010 at 2:28 AM, Abava dnam...@gmail.com wrote: I'll see if there's anything we can do about offering a give me /my/ access yes, please let us know. That is why I wrote this qyuestion. I think this option should be somewhere within 'my account' settings on Twitter On Apr 26, 6:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Obtaining a single access token for your application without necessarily implementing the entire OAuth dance shouldn't be too difficult -- there are many OAuth libraries that include command-line tools to acquire access tokens in this way. You could also use Twurl ( http://github.com/marcel/twurl). My OAuth Dancer ( http://bit.ly/oauth-dancer) tool also lets you do this through a server interface your run on your own machine. I don't recommend sharing your consumer key or secret to any third-party website to acquire this information, but using a tool locally on your own machine is likely the best method. I'll see if there's anything we can do about offering a give me /my/ access token access token secret for my application feature on dev.twitter.comto help with this. It'd then be as simple as porting those two pieces of information into whatever database, configuration file, or otherwise you would use to store the access token and access token secret. As with any of these kind of keys though, it wouldn't be appropriate to distribute access tokens of any kind with your software -- whether on github, in a desktop application, or in plaintext in a Javascript file. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Mon, Apr 26, 2010 at 5:29 AM, Ken k...@cimas.ch wrote: With OAuthcalypse looming, there is an urgent need for your service. I doubt that every API user with a Twitter-spitter even knows about the deadline. If you can convince them of your benign intent, great. If you have thought of a way to make it pay, even better! On Apr 26, 10:26 am, Harshad RJ harshad...@gmail.com wrote: On Mon, Apr 26, 2010 at 1:50 PM, Ken k...@cimas.ch wrote: For security reasons this service should be left to Twitter, but a third party could deliver the same tokens if provided with the app's Consumer key and secret. A bit messy though - need to change the requesting app's callback URL - but it's doable. Is someone already doing this? Would that violate ToS? Just FYI, I am working on a similar concept. Waiting for clarifications from Twitter before releasing it publicly. -- Harshad RJhttp://hrj.wikidot.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] how do I put Twitter on my site in flash?
I have a flash website, but I do not know how to view messages in the twitter page on my site, someone could help me with this
[twitter-dev] Incorrect signature when calling update url /1/statuses/update.xml
Folks, I have been trying this and have already spent lot of time on this but what i don't understand is how is getting the access token working and post to update is not working when i am using the same signature generation method for both the requests. Here is my complete scenario. 1. fetch the request token 2. redirect the user to the authurize page 3. get the verifier from the new called back url 4. getting the access token by passing oauth_token and auth_verifier 5. create a new post request for update and sign the request with HMAC.sign(toSign, consumerSecret + '' + tokenSecret) Note: toSign is the request with the following headers : oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, oauth_consumer_key 6. Send the request. Also if helpfull, i am using following values oauth_nonce=MD5.hexHash(getTimestampInSeconds()) oauth_signature_method=HMAC-SHA1 oauth_version=1.0 I have verified most of the things and looks good to me, also there is very less possibility of generating wrong signature as I have used the same signature to get the access token and was able to successfully receive it. Any pointers highly appreciated. Thanks, Rahul
Re: [twitter-dev] Incorrect signature when calling update url /1/statuses/update.xml
Hi Rahul, When you are POSTing to statuses/update.xml -- are you including the status that you are posting in your signature base string? As a URL-encoded parameter, it should be included in both your POST body and the signature base string (but not in the HTTP authorization header). Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 29, 2010 at 9:35 AM, Rahul rahul.jun...@gmail.com wrote: Folks, I have been trying this and have already spent lot of time on this but what i don't understand is how is getting the access token working and post to update is not working when i am using the same signature generation method for both the requests. Here is my complete scenario. 1. fetch the request token 2. redirect the user to the authurize page 3. get the verifier from the new called back url 4. getting the access token by passing oauth_token and auth_verifier 5. create a new post request for update and sign the request with HMAC.sign(toSign, consumerSecret + '' + tokenSecret) Note: toSign is the request with the following headers : oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, oauth_consumer_key 6. Send the request. Also if helpfull, i am using following values oauth_nonce=MD5.hexHash(getTimestampInSeconds()) oauth_signature_method=HMAC-SHA1 oauth_version=1.0 I have verified most of the things and looks good to me, also there is very less possibility of generating wrong signature as I have used the same signature to get the access token and was able to successfully receive it. Any pointers highly appreciated. Thanks, Rahul
[twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
Taylor, Thanks for taking a look at it. and to answer your question yes I do pass the status in the signature basetring. Also below is my string which i pass to the below mentioned toSign variable. toSign: POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%xxx%26oauth_nonce %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645- xxx%26oauth_version%3D1.0%26status %3Dhurray Mac mac = Mac.getInstance(HMAC_SHA1); mac.init(key); byte[] bytes = mac.doFinal(toSign.getBytes(UTF8)); and in the key i pass: consumerSecret + '' + tokenSecret Thanks, Rahul On Apr 29, 12:46 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, When you are POSTing to statuses/update.xml -- are you including the status that you are posting in your signature base string? As a URL-encoded parameter, it should be included in both your POST body and the signature base string (but not in the HTTP authorization header). Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 9:35 AM, Rahul rahul.jun...@gmail.com wrote: Folks, I have been trying this and have already spent lot of time on this but what i don't understand is how is getting the access token working and post to update is not working when i am using the same signature generation method for both the requests. Here is my complete scenario. 1. fetch the request token 2. redirect the user to the authurize page 3. get the verifier from the new called back url 4. getting the access token by passing oauth_token and auth_verifier 5. create a new post request for update and sign the request with HMAC.sign(toSign, consumerSecret + '' + tokenSecret) Note: toSign is the request with the following headers : oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, oauth_consumer_key 6. Send the request. Also if helpfull, i am using following values oauth_nonce=MD5.hexHash(getTimestampInSeconds()) oauth_signature_method=HMAC-SHA1 oauth_version=1.0 I have verified most of the things and looks good to me, also there is very less possibility of generating wrong signature as I have used the same signature to get the access token and was able to successfully receive it. Any pointers highly appreciated. Thanks, Rahul
Re: [twitter-dev] Rate limit status with authentication credentials for authenticated user account.
http://dev.twitter.com/doc/get/account/rate_limit_status http://dev.twitter.com/doc/get/account/rate_limit_statusYou should avoid using username/password to authenticate as you will just have to update the code in June when BasicAuth is removed. Abraham On Thu, Apr 29, 2010 at 03:58, Rushikesh Bhanage rishibhan...@gmail.comwrote: Hi there, We are developing an app in which we need little of your help. may I know how to get rate-limit status if we provide authentication credentials of an authenticated user. is it possible if we provide user name and password manually through code instead of twitter OAuth. If it is, how can we do that? waiting for reply eagerly, Thank you very much in advance. -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Re: Is /users/show broken or is it just me?
Hi Mark, My code has been running for 2 days so far without this happening. If it happens again I will get you a new set of IDs and cursors. R. On Apr 27, 10:38 pm, Mark McBride mmcbr...@twitter.com wrote: And... now this user works. Can you still reproduce this issue? If so, can you get me a new set of user IDs? ---Mark http://twitter.com/mccv On Tue, Apr 27, 2010 at 1:47 PM, Ryan Rosario uclamath...@gmail.com wrote: Thanks. Posted. R. On Apr 25, 3:51 pm, Mark McBride mmcbr...@twitter.com wrote: I can reproduce this, so we should be good to go. Can one of you open an issue on the code tracker so we can track it? ---Mark http://twitter.com/mccv On Sun, Apr 25, 2010 at 11:25 AM, Ryan Rosario uclamath...@gmail.com wrote: Here are the ones I have found so far. For the first one, I am able to reproduce the error on this one cursor. http://api.twitter.com/1/statuses/followers/pothos.json?cursor=129860... User numeric ID: 3598791 (cursor unknown) R. On Apr 25, 10:26 am, Raffi Krikorian ra...@twitter.com wrote: this shouldn't happen - feel free to give a sample of the poison user IDs, and we'll investigate them. we already have one, and we'll look into more. On Sun, Apr 25, 2010 at 10:16 AM, Ryan Rosario uclamath...@gmail.comwrote: I've found that all of my 500 isses are related to poison users. For whatever reason, I can never get their followers. I retry on 500, so I end up with an infinite loop of 500s for these users. When 500s happen with other users, my program usually succeeds after 1 or 2 retries. The only way to resolve it is to kill my process, add the user to a blacklist, and start over. It's really frustrating. Ryan On Apr 25, 5:31 am, Dossy Shiobara do...@panoptic.com wrote: From my logged errors ... here's an example: http://api.twitter.com/1/users/show.xml?id=4583991 On 4/25/10 12:37 AM, Mark McBride wrote: Without more details this is going to be really hard to troubleshoot. Can you reliably reproduce this? What are the exact URIs you're calling that return 500s? What user are you using to make these calls? What authentication method? -- Dossy Shiobara | do...@panoptic.com |http://dossy.org/ Panoptic Computer Network |http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70) -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
Re: [twitter-dev] Re: xAuth Approval?
On Thu, Apr 29, 2010 at 03:17, Ivo ivo.wet...@googlemail.com wrote: Also I can't find the word Browser in Twitter Client, and what's so secure about the Browser anyway? There's no reason to trust it! It's just another program, like the Twitter Client of your choice is too. Or can you make Mozilla responsible if someone gets his Accounts hacked while using Firefox? :P How is Google Chrome, a browser built by one of the largest corporations on the planet based off an open source project of which I can audit the code anytime I wish, not more trustworthy than Generic Twitter Client 5000™ built by Bob in his mom's basement? Abraham -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] What is the best way to find all the replies to a tweet?
There is no quicker way other then maybe using the Streaming API but you will not get any historical data from the Stream. Abraham On Thu, Apr 29, 2010 at 00:07, Dushyant dushyantaror...@gmail.com wrote: I can think of only one efficient way which is to use the status mentions. Is there any other quicker way? http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-statuses-mentions -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Search API - from:xxx not returning @ replies
Thursday 2010.04.29 - 11:33am PDT Search API : No posted @ replies are found I tried from:comcastbonnie from:al3x from:raffi Search web is OK.
Re: [twitter-dev] Search API - from:xxx not returning @ replies
The API worked for me. http://hurl.it/hurls/b038fc2feab35f899dad30dc3d30de8b310b8520/016284e356b27667be31737e2aeb7d6593ea87dc On Thu, Apr 29, 2010 at 11:39, mikawhite mikawh...@me.com wrote: Thursday 2010.04.29 - 11:33am PDT Search API : No posted @ replies are found I tried from:comcastbonnie from:al3x from:raffi Search web is OK. -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Re: Search API - from:xxx not returning @ replies
Comcastbonnie confirms this is not unusual: http://twitter.com/ComcastBonnie/statuses/13083585494 That this error happens for some and not others is not surprising. With new focus on the Search API this type of issue can be addressed :)
Re: [twitter-dev] Re: Search API - from:xxx not returning @ replies
Probably related to this: http://groups.google.com/group/twitter-development-talk/msg/3af17ba93d66abbf On Thu, Apr 29, 2010 at 11:52, mikawhite mikawh...@me.com wrote: Comcastbonnie confirms this is not unusual: http://twitter.com/ComcastBonnie/statuses/13083585494 That this error happens for some and not others is not surprising. With new focus on the Search API this type of issue can be addressed :) -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] API Suggestion - Add Meta Data to twitter links...
One thought that I have had, is that 3rd party developers can't ADD any more detail to Twitter posts, than what is contained inside the 120 characters, except for maybe location data. However with the growth of embedding LINKS inside of tweets, would it make sense to develop a Twitter XML Meta data SCHEMA to add meta data INSIDE THE LINK. For example, if the link points to a VIDEO, than the inside the URL, the user could add standard tweet meta data explaining to twitter clients that the tweet itself contains a video, that could be directly embedded into a client. I know Google Buzz is doing some intelligent dipping into embedded links, but this would establish a Twitter Standard for any twitter with a link in it. Therefore, ANY tweet containing an URL, could be quickly queried for the XML metadata, and be able to extract things like a PHOTO, VIDEO, or even widgets, feeds, people, places, etc. You could also include the original full message that exceed the 140 character limit, in the case where a message was truncated from another source. Maybe even a way to embed the required embed code so that twitter clients properly display the item inside a client. Is there anything like this already?
[twitter-dev] API call to turn on location-based tweets?
Is there an API call where I can turn on an auth'd user's location setting? I'm referring to the setting Add a location to your tweets. In my app, I want to give the users a choice on whether they can attach their location to their tweet, but it only works if the user has that setting in the profile checked. Since it's an opt-in, not many people have that setting on. Is there a way I can activate that setting for the user if they so choose? Thanks, S
[twitter-dev] Re: Trouble with OAuth Consumer example in Java
Hi Taylor, Thanks for your quick response. So I did notice the ampersand at the end of the consumer secret (normally it's between the consumer secret and the token secret, right?) The HMAC_SHA1 class that I'm attempting to use in my above example does that (line 69 of HMAC_SHA1.java), and in my code I did the same. As for url-encoding the signature, well, you can see that's not the difference between what I'm generating and what the doc shows. For what it's worth, my code and net.oauth.signature.HMAC_SHA1 generate the same signature, but it's different from what's in the Twitter documentation :| I've put up an example of my code on PasteBin so you can run it entirely independent of any other libraries. If anyone can get it to generate the same signature that the documentation says it should be, I'll be thrilled :) http://thomnichols.pastebin.com/w6i47wNA Thanks. -Tom On Apr 29, 12:13 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Thom, I like your approach. I think there are two things possibly wrong in your implementation. The first: Your signing key needs to have the character at the end, even when there's no additional oauth_token_secret in the request. Instead, of your signing key being MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98 it should be MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98 (this part is mentioned as part of the examples in this section on our auth document) The second: One detail I may have omitted in the documentation that might be key for you here is the following snippet from the OAuth specification: oauth_signature is set to S, first base64-encoded per [RFC2045] (Freed, N. and N. Borenstein, “Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies,” .) http://oauth.net/core/1.0a/#RFC2045section 6.8, then URL-encoded per Parameter Encoding (Parameter Encoding)http://oauth.net/core/1.0a/#encoding_parameters . Hope this helps! The second point of information is often a non-relevant, but it's good to keep in mind. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 8:56 AM, Thom Nichols tmnich...@gmail.com wrote: So I'm trying to implement an OAuth consumer* and running into some trouble. As a sanity check I'm trying to replicate the example provided in the dev documentation (http://dev.twitter.com/pages/ auth#request-token). I'm stuck when generating the signature for the request. That is, if I use the example parameters and example secret key, the signature in the example doesn't match the signature I'm generating. So I took another step back to see if I can use the net.oauth Java implementation, and _that_ doesn't create a signature matching what's in the example either! So either I'm doing something painfully wrong or the Twitter documentation is incorrect. If I take the 'base string' in the documentation and try to sign it with the 'signing key' from the example, it's only a couple lines of Groovy to use the net.oauth API: import net.oauth.signature.HMAC_SHA1 // string from the example def str = 'POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Frequest_tokenoauth_callback%3Dhttp%253A%252F%252Flocalhost %253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id %253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce %3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method %3DHMAC_SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0' // use the consumer secret from the example: def hmac = new HMAC_SHA1(consumerSecret:'MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98') println hmac.getSignature(str) // prints 'cz+LlAuzclTvE2YQiNogw3dC4yo= // Example gives: 8wUi7m5HFQy76nowoCThusfgB+Q= Any ideas? Let me reiterate -- I know i can't use the example secret key parameters in my own code... I'm trying to use some 'known constant' to verify that at least I'm performing the hash operation correctly. My _real_ code uses javax.crypto.Mac similar to what's being done by net.oauth...HMAC_SHA1. You can see the code here: http://oauth.googlecode.com/svn/code/java/core/commons/src/main/java/... So my theory is, either the Twitter documentation is wrong and I shouldn't trust it as a basis for implementing my own oauth consumer code, or there's some problem with how javax.crypto.Mac is being used... Or I'm doing something else totally idiotic. Any ideas? Thanks. * partially as just an academic exercise, I know there are other OAuth implementations for Java. So please don't ask why don't you just use Twitter4j or OAuth library ? :)
[twitter-dev] Is there a popup sized or small dimensions version of the oauth login page?
My twitter application is a web application in a tiny widget without a lot of height or width, forwarding the user to the default oauth login form on Twitter is an undesirable user experience give that the existing page does not fit in the widgets dimensions. Facebook allows developers to provide a popup param for their login which provides a compact login page, does Twitter offer anything similar?
Re: [twitter-dev] API Suggestion - Add Meta Data to twitter links...
Twitter Annotations have been announced. Lets you add lots of metadata to statuses. http://groups.google.com/group/twitter-development-talk/msg/e6394e433b6582c5 Abraham On Thu, Apr 29, 2010 at 11:39, mishagray mishag...@gmail.com wrote: One thought that I have had, is that 3rd party developers can't ADD any more detail to Twitter posts, than what is contained inside the 120 characters, except for maybe location data. However with the growth of embedding LINKS inside of tweets, would it make sense to develop a Twitter XML Meta data SCHEMA to add meta data INSIDE THE LINK. For example, if the link points to a VIDEO, than the inside the URL, the user could add standard tweet meta data explaining to twitter clients that the tweet itself contains a video, that could be directly embedded into a client. I know Google Buzz is doing some intelligent dipping into embedded links, but this would establish a Twitter Standard for any twitter with a link in it. Therefore, ANY tweet containing an URL, could be quickly queried for the XML metadata, and be able to extract things like a PHOTO, VIDEO, or even widgets, feeds, people, places, etc. You could also include the original full message that exceed the 140 character limit, in the case where a message was truncated from another source. Maybe even a way to embed the required embed code so that twitter clients properly display the item inside a client. Is there anything like this already? -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
Any Clues or suggestions ? Thanks, Rahul On Apr 29, 1:19 pm, Rahul rahul.jun...@gmail.com wrote: Taylor, Thanks for taking a look at it. and to answer your question yes I do pass the status in the signature basetring. Also below is my string which i pass to the below mentioned toSign variable. toSign: POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%xxx%26oauth_nonce %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645- xxx%26oauth_version%3D1.0%26status %3Dhurray Mac mac = Mac.getInstance(HMAC_SHA1); mac.init(key); byte[] bytes = mac.doFinal(toSign.getBytes(UTF8)); and in the key i pass: consumerSecret + '' + tokenSecret Thanks, Rahul On Apr 29, 12:46 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, When you are POSTing to statuses/update.xml -- are you including the status that you are posting in your signature base string? As a URL-encoded parameter, it should be included in both your POST body and the signature base string (but not in the HTTP authorization header). Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 9:35 AM, Rahul rahul.jun...@gmail.com wrote: Folks, I have been trying this and have already spent lot of time on this but what i don't understand is how is getting the access token working and post to update is not working when i am using the same signature generation method for both the requests. Here is my complete scenario. 1. fetch the request token 2. redirect the user to the authurize page 3. get the verifier from the new called back url 4. getting the access token by passing oauth_token and auth_verifier 5. create a new post request for update and sign the request with HMAC.sign(toSign, consumerSecret + '' + tokenSecret) Note: toSign is the request with the following headers : oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, oauth_consumer_key 6. Send the request. Also if helpfull, i am using following values oauth_nonce=MD5.hexHash(getTimestampInSeconds()) oauth_signature_method=HMAC-SHA1 oauth_version=1.0 I have verified most of the things and looks good to me, also there is very less possibility of generating wrong signature as I have used the same signature to get the access token and was able to successfully receive it. Any pointers highly appreciated. Thanks, Rahul
[twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
Taylor, A quick update on this. I tried generating the signature from my library and the page mentioned below they both seems tbe exactly the same. http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ What else can be the reason and how come twitter is responding with Incorrect Signature ? Thanks, Rahul On Apr 29, 1:19 pm, Rahul rahul.jun...@gmail.com wrote: Taylor, Thanks for taking a look at it. and to answer your question yes I do pass the status in the signature basetring. Also below is my string which i pass to the below mentioned toSign variable. toSign: POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%xxx%26oauth_nonce %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645- xxx%26oauth_version%3D1.0%26status %3Dhurray Mac mac = Mac.getInstance(HMAC_SHA1); mac.init(key); byte[] bytes = mac.doFinal(toSign.getBytes(UTF8)); and in the key i pass: consumerSecret + '' + tokenSecret Thanks, Rahul On Apr 29, 12:46 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, When you are POSTing to statuses/update.xml -- are you including the status that you are posting in your signature base string? As a URL-encoded parameter, it should be included in both your POST body and the signature base string (but not in the HTTP authorization header). Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 9:35 AM, Rahul rahul.jun...@gmail.com wrote: Folks, I have been trying this and have already spent lot of time on this but what i don't understand is how is getting the access token working and post to update is not working when i am using the same signature generation method for both the requests. Here is my complete scenario. 1. fetch the request token 2. redirect the user to the authurize page 3. get the verifier from the new called back url 4. getting the access token by passing oauth_token and auth_verifier 5. create a new post request for update and sign the request with HMAC.sign(toSign, consumerSecret + '' + tokenSecret) Note: toSign is the request with the following headers : oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, oauth_consumer_key 6. Send the request. Also if helpfull, i am using following values oauth_nonce=MD5.hexHash(getTimestampInSeconds()) oauth_signature_method=HMAC-SHA1 oauth_version=1.0 I have verified most of the things and looks good to me, also there is very less possibility of generating wrong signature as I have used the same signature to get the access token and was able to successfully receive it. Any pointers highly appreciated. Thanks, Rahul
Re: [twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
Hi Rahul, I'm trying to think of other reasons. We might be throwing the invalid signature error in a case where the signature is not in fact invalid. How about requests are not of the type POST? Have you had a GET (other than OAuth token negotiation steps) work for you? When you were doing the token negotiation steps, were you using POSTs or GETs? When performing a POST, are you setting your HTTP Content-Type header to application/x-www-form-urlencoded? What's the exact response from the server? There's usually a payload included with the response that may give more clarity to the error. We have some upcoming enhancements to the OAuth implementation that will return to you the signature base string we calculated which would be useful here now.. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 29, 2010 at 1:12 PM, Rahul rahul.jun...@gmail.com wrote: Taylor, A quick update on this. I tried generating the signature from my library and the page mentioned below they both seems tbe exactly the same. http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ What else can be the reason and how come twitter is responding with Incorrect Signature ? Thanks, Rahul On Apr 29, 1:19 pm, Rahul rahul.jun...@gmail.com wrote: Taylor, Thanks for taking a look at it. and to answer your question yes I do pass the status in the signature basetring. Also below is my string which i pass to the below mentioned toSign variable. toSign: POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%xxx%26oauth_nonce %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645- xxx%26oauth_version%3D1.0%26status %3Dhurray Mac mac = Mac.getInstance(HMAC_SHA1); mac.init(key); byte[] bytes = mac.doFinal(toSign.getBytes(UTF8)); and in the key i pass: consumerSecret + '' + tokenSecret Thanks, Rahul On Apr 29, 12:46 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, When you are POSTing to statuses/update.xml -- are you including the status that you are posting in your signature base string? As a URL-encoded parameter, it should be included in both your POST body and the signature base string (but not in the HTTP authorization header). Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 9:35 AM, Rahul rahul.jun...@gmail.com wrote: Folks, I have been trying this and have already spent lot of time on this but what i don't understand is how is getting the access token working and post to update is not working when i am using the same signature generation method for both the requests. Here is my complete scenario. 1. fetch the request token 2. redirect the user to the authurize page 3. get the verifier from the new called back url 4. getting the access token by passing oauth_token and auth_verifier 5. create a new post request for update and sign the request with HMAC.sign(toSign, consumerSecret + '' + tokenSecret) Note: toSign is the request with the following headers : oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, oauth_consumer_key 6. Send the request. Also if helpfull, i am using following values oauth_nonce=MD5.hexHash(getTimestampInSeconds()) oauth_signature_method=HMAC-SHA1 oauth_version=1.0 I have verified most of the things and looks good to me, also there is very less possibility of generating wrong signature as I have used the same signature to get the access token and was able to successfully receive it. Any pointers highly appreciated. Thanks, Rahul
[twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
Hello, To answer your questions. The following is the body response i receive back ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml/request errorIncorrect signature/error /hash Also, I am not setting any content type header at this point I am using POST only for token negotiation. and have not tried any get restricted resource yet. I did try some but they seem to be public timeline etc which seems to be working good. Any help on this is highly appreciated. Thanks, Rahul On Apr 29, 4:22 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, I'm trying to think of other reasons. We might be throwing the invalid signature error in a case where the signature is not in fact invalid. How about requests are not of the type POST? Have you had a GET (other than OAuth token negotiation steps) work for you? When you were doing the token negotiation steps, were you using POSTs or GETs? When performing a POST, are you setting your HTTP Content-Type header to application/x-www-form-urlencoded? What's the exact response from the server? There's usually a payload included with the response that may give more clarity to the error. We have some upcoming enhancements to the OAuth implementation that will return to you the signature base string we calculated which would be useful here now.. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 1:12 PM, Rahul rahul.jun...@gmail.com wrote: Taylor, A quick update on this. I tried generating the signature from my library and the page mentioned below they both seems tbe exactly the same. http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... What else can be the reason and how come twitter is responding with Incorrect Signature ? Thanks, Rahul On Apr 29, 1:19 pm, Rahul rahul.jun...@gmail.com wrote: Taylor, Thanks for taking a look at it. and to answer your question yes I do pass the status in the signature basetring. Also below is my string which i pass to the below mentioned toSign variable. toSign: POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%xxx%26oauth_nonce %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645- xxx%26oauth_version%3D1.0%26status %3Dhurray Mac mac = Mac.getInstance(HMAC_SHA1); mac.init(key); byte[] bytes = mac.doFinal(toSign.getBytes(UTF8)); and in the key i pass: consumerSecret + '' + tokenSecret Thanks, Rahul On Apr 29, 12:46 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, When you are POSTing to statuses/update.xml -- are you including the status that you are posting in your signature base string? As a URL-encoded parameter, it should be included in both your POST body and the signature base string (but not in the HTTP authorization header). Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 9:35 AM, Rahul rahul.jun...@gmail.com wrote: Folks, I have been trying this and have already spent lot of time on this but what i don't understand is how is getting the access token working and post to update is not working when i am using the same signature generation method for both the requests. Here is my complete scenario. 1. fetch the request token 2. redirect the user to the authurize page 3. get the verifier from the new called back url 4. getting the access token by passing oauth_token and auth_verifier 5. create a new post request for update and sign the request with HMAC.sign(toSign, consumerSecret + '' + tokenSecret) Note: toSign is the request with the following headers : oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, oauth_consumer_key 6. Send the request. Also if helpfull, i am using following values oauth_nonce=MD5.hexHash(getTimestampInSeconds()) oauth_signature_method=HMAC-SHA1 oauth_version=1.0 I have verified most of the things and looks good to me, also there is very less possibility of generating wrong signature as I have used the same signature to get the access token and was able to successfully receive it. Any pointers highly appreciated. Thanks, Rahul
[twitter-dev] Re: Avatar change - JSON issue
This seems to be a good thread to ask about a roadmap issue about avatar handling, because it brings up the issue of timeline accuracy with respect to the avatar. If you use a mobile user agent to view twitter (I used iPhone 3.0) you will see an interesting layout difference with respect to avatars. Each tweet on a single user's page has its own copy of the avatar place to the left of the tweet. http://mobile.twitter.com/twitter for example. There have been many occasions (and these use cases will only increase over time) in which the avatar was changed and is referenced in the tweet itself. The green overlay meme for iranelection was such a time. Another was when @whitehouse, in the run-up to the health care reform bill, changed their avatar every day (with a number in a blue field) to refer to an issue that they wanted to highlight. http://www.flickr.com/photos/como8/4471337214/sizes/o/in/set-72157623597762275/ This contextual history is currently lost forever. How cool would it have been to see this tweet (@jack s first ever tweet: http://twitter.com/jack/status/29 ) with the historically accurate avatar instead of his current one?? Hey twitter guys, does this sound like something you'd like to build into the platform? -H On Apr 27, 2:06 pm, Edi edi@gmail.com wrote: Thank you. That's all I needed to know :) On Apr 26, 7:41 pm, Mark McBride mmcbr...@twitter.com wrote: It's in the bug tracker, and on my list of stuff to look at. Caching in general is a high priority issue at the moment. ---Mark http://twitter.com/mccv -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] API call to turn on location-based tweets?
unfortunately, no. you could send the user to the settings page, and there is also a mobile optimized page with just that checkbox on twitter.com that you could use too. On Thu, Apr 29, 2010 at 11:56 AM, sabernar sha...@gmail.com wrote: Is there an API call where I can turn on an auth'd user's location setting? I'm referring to the setting Add a location to your tweets. In my app, I want to give the users a choice on whether they can attach their location to their tweet, but it only works if the user has that setting in the profile checked. Since it's an opt-in, not many people have that setting on. Is there a way I can activate that setting for the user if they so choose? Thanks, S -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
Since you're sending a status, you should be setting a Content-Type header to indicate the type of payload -- it's best never to assume that a HTTP server or a HTTP library will know how to understand a payload without being explicitly told what kind of payload that is. The signature might be mis-calculating on the Twitter side due to not including your parameters when constructing it. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 29, 2010 at 1:36 PM, Rahul rahul.jun...@gmail.com wrote: Hello, To answer your questions. The following is the body response i receive back ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml/request errorIncorrect signature/error /hash Also, I am not setting any content type header at this point I am using POST only for token negotiation. and have not tried any get restricted resource yet. I did try some but they seem to be public timeline etc which seems to be working good. Any help on this is highly appreciated. Thanks, Rahul On Apr 29, 4:22 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, I'm trying to think of other reasons. We might be throwing the invalid signature error in a case where the signature is not in fact invalid. How about requests are not of the type POST? Have you had a GET (other than OAuth token negotiation steps) work for you? When you were doing the token negotiation steps, were you using POSTs or GETs? When performing a POST, are you setting your HTTP Content-Type header to application/x-www-form-urlencoded? What's the exact response from the server? There's usually a payload included with the response that may give more clarity to the error. We have some upcoming enhancements to the OAuth implementation that will return to you the signature base string we calculated which would be useful here now.. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 1:12 PM, Rahul rahul.jun...@gmail.com wrote: Taylor, A quick update on this. I tried generating the signature from my library and the page mentioned below they both seems tbe exactly the same. http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin. .. What else can be the reason and how come twitter is responding with Incorrect Signature ? Thanks, Rahul On Apr 29, 1:19 pm, Rahul rahul.jun...@gmail.com wrote: Taylor, Thanks for taking a look at it. and to answer your question yes I do pass the status in the signature basetring. Also below is my string which i pass to the below mentioned toSign variable. toSign: POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%xxx%26oauth_nonce %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645- xxx%26oauth_version%3D1.0%26status %3Dhurray Mac mac = Mac.getInstance(HMAC_SHA1); mac.init(key); byte[] bytes = mac.doFinal(toSign.getBytes(UTF8)); and in the key i pass: consumerSecret + '' + tokenSecret Thanks, Rahul On Apr 29, 12:46 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, When you are POSTing to statuses/update.xml -- are you including the status that you are posting in your signature base string? As a URL-encoded parameter, it should be included in both your POST body and the signature base string (but not in the HTTP authorization header). Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 9:35 AM, Rahul rahul.jun...@gmail.com wrote: Folks, I have been trying this and have already spent lot of time on this but what i don't understand is how is getting the access token working and post to update is not working when i am using the same signature generation method for both the requests. Here is my complete scenario. 1. fetch the request token 2. redirect the user to the authurize page 3. get the verifier from the new called back url 4. getting the access token by passing oauth_token and auth_verifier 5. create a new post request for update and sign the request with HMAC.sign(toSign, consumerSecret + '' + tokenSecret) Note: toSign is the request with the following headers : oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, oauth_consumer_key 6. Send the request. Also if helpfull, i am using following values oauth_nonce=MD5.hexHash(getTimestampInSeconds()) oauth_signature_method=HMAC-SHA1 oauth_version=1.0 I have verified most of the things and looks good to me, also there is very
[twitter-dev] Re: API call to turn on location-based tweets?
there is also a mobile optimized page with just that checkbox on twitter.com that you could use too. could be useful.. what's the URL? thanks Ken
[twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
So what are trying to say is that i should explicitly add Content-type header in the message going out and that too before creating the signature? Thanks, Rahul On Apr 29, 4:58 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Since you're sending a status, you should be setting a Content-Type header to indicate the type of payload -- it's best never to assume that a HTTP server or a HTTP library will know how to understand a payload without being explicitly told what kind of payload that is. The signature might be mis-calculating on the Twitter side due to not including your parameters when constructing it. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 1:36 PM, Rahul rahul.jun...@gmail.com wrote: Hello, To answer your questions. The following is the body response i receive back ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml/request errorIncorrect signature/error /hash Also, I am not setting any content type header at this point I am using POST only for token negotiation. and have not tried any get restricted resource yet. I did try some but they seem to be public timeline etc which seems to be working good. Any help on this is highly appreciated. Thanks, Rahul On Apr 29, 4:22 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, I'm trying to think of other reasons. We might be throwing the invalid signature error in a case where the signature is not in fact invalid. How about requests are not of the type POST? Have you had a GET (other than OAuth token negotiation steps) work for you? When you were doing the token negotiation steps, were you using POSTs or GETs? When performing a POST, are you setting your HTTP Content-Type header to application/x-www-form-urlencoded? What's the exact response from the server? There's usually a payload included with the response that may give more clarity to the error. We have some upcoming enhancements to the OAuth implementation that will return to you the signature base string we calculated which would be useful here now.. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 1:12 PM, Rahul rahul.jun...@gmail.com wrote: Taylor, A quick update on this. I tried generating the signature from my library and the page mentioned below they both seems tbe exactly the same. http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin. .. What else can be the reason and how come twitter is responding with Incorrect Signature ? Thanks, Rahul On Apr 29, 1:19 pm, Rahul rahul.jun...@gmail.com wrote: Taylor, Thanks for taking a look at it. and to answer your question yes I do pass the status in the signature basetring. Also below is my string which i pass to the below mentioned toSign variable. toSign: POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%xxx%26oauth_nonce %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645- xxx%26oauth_version%3D1.0%26status %3Dhurray Mac mac = Mac.getInstance(HMAC_SHA1); mac.init(key); byte[] bytes = mac.doFinal(toSign.getBytes(UTF8)); and in the key i pass: consumerSecret + '' + tokenSecret Thanks, Rahul On Apr 29, 12:46 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, When you are POSTing to statuses/update.xml -- are you including the status that you are posting in your signature base string? As a URL-encoded parameter, it should be included in both your POST body and the signature base string (but not in the HTTP authorization header). Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 9:35 AM, Rahul rahul.jun...@gmail.com wrote: Folks, I have been trying this and have already spent lot of time on this but what i don't understand is how is getting the access token working and post to update is not working when i am using the same signature generation method for both the requests. Here is my complete scenario. 1. fetch the request token 2. redirect the user to the authurize page 3. get the verifier from the new called back url 4. getting the access token by passing oauth_token and auth_verifier 5. create a new post request for update and sign the request with HMAC.sign(toSign, consumerSecret + '' + tokenSecret) Note: toSign is the request with the following headers : oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce,
Re: [twitter-dev] Re: API call to turn on location-based tweets?
https://twitter.com/account/geo On Thu, Apr 29, 2010 at 14:17, Ken k...@cimas.ch wrote: there is also a mobile optimized page with just that checkbox on twitter.comthat you could use too. could be useful.. what's the URL? thanks Ken -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
Whether it matters before creating your signature or not depends entirely on the OAuth library you are using. In spec-compliant OAuth libraries, the signature base string will only contain POST body parameters when they are of the application/x-www-form-urlencoded type -- most OAuth libraries need a way to be instructed on the disposition of the content being passed as the POST body and a common way is to look at an abstract request object of some kind to determine the type of data being piped in rather than just trying to guess or simply assuming that POST bodies will always be of the URL-encoded type. There might be another way to instruct your library on the disposition of data, but it's likely it'll just assume all POST data provided is of the URL encoded variety. I don't think you have any issues with your code in this area today. But as a best practice when dealing with an HTTP-based API of any kind, you should be sending a Content-Type header whenever POSTing or PUTing any kind of payload. You don't pass a Content-Type header on a GET because there is no content being sent. It's likely that your OAuth library automatically sends the proper Content-Type header on the OAuth negotiation steps because those steps are required to use URL-encoded POST bodies by the spec. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 29, 2010 at 2:20 PM, Rahul rahul.jun...@gmail.com wrote: So what are trying to say is that i should explicitly add Content-type header in the message going out and that too before creating the signature? Thanks, Rahul On Apr 29, 4:58 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Since you're sending a status, you should be setting a Content-Type header to indicate the type of payload -- it's best never to assume that a HTTP server or a HTTP library will know how to understand a payload without being explicitly told what kind of payload that is. The signature might be mis-calculating on the Twitter side due to not including your parameters when constructing it. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 1:36 PM, Rahul rahul.jun...@gmail.com wrote: Hello, To answer your questions. The following is the body response i receive back ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml/request errorIncorrect signature/error /hash Also, I am not setting any content type header at this point I am using POST only for token negotiation. and have not tried any get restricted resource yet. I did try some but they seem to be public timeline etc which seems to be working good. Any help on this is highly appreciated. Thanks, Rahul On Apr 29, 4:22 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, I'm trying to think of other reasons. We might be throwing the invalid signature error in a case where the signature is not in fact invalid. How about requests are not of the type POST? Have you had a GET (other than OAuth token negotiation steps) work for you? When you were doing the token negotiation steps, were you using POSTs or GETs? When performing a POST, are you setting your HTTP Content-Type header to application/x-www-form-urlencoded? What's the exact response from the server? There's usually a payload included with the response that may give more clarity to the error. We have some upcoming enhancements to the OAuth implementation that will return to you the signature base string we calculated which would be useful here now.. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 1:12 PM, Rahul rahul.jun...@gmail.com wrote: Taylor, A quick update on this. I tried generating the signature from my library and the page mentioned below they both seems tbe exactly the same. http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin. .. What else can be the reason and how come twitter is responding with Incorrect Signature ? Thanks, Rahul On Apr 29, 1:19 pm, Rahul rahul.jun...@gmail.com wrote: Taylor, Thanks for taking a look at it. and to answer your question yes I do pass the status in the signature basetring. Also below is my string which i pass to the below mentioned toSign variable. toSign: POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%xxx%26oauth_nonce %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645- xxx%26oauth_version%3D1.0%26status %3Dhurray Mac mac = Mac.getInstance(HMAC_SHA1); mac.init(key);
Re: [twitter-dev] twitter oauth
For those of us who use simple Classic ASP scripts and Xhttp to autmatically update statuses for our websites (my site automatically updates its twitter status whenever someone posts a new ad), or for those who use PHP curl for similar things, why not bypass Oauth altogether, and instead of deprecating basic authentication altogether, make a few minor changes to it for our needs? Have us go ahead and register our app with twitter, or the URL which bears the code to send the twitter update. Have twitter issue a key and secret for that url. Have twitter check to make sure the url sending an update is a registered app and that it has the correct key and secret . If/when 2 legged oauth is activated, will it work that way?
[twitter-dev] Re: API call to turn on location-based tweets?
just what we needed! thanks On Apr 29, 11:23 pm, Abraham Williams 4bra...@gmail.com wrote: https://twitter.com/account/geo On Thu, Apr 29, 2010 at 14:17, Ken k...@cimas.ch wrote: there is also a mobile optimized page with just that checkbox on twitter.comthat you could use too. could be useful.. what's the URL? thanks Ken -- Abraham Williams | Developer for hire |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] xAuth problems
Hello everyone, I'm having constant 401 errors when trying xAuth. My application has already been accepted and its permissions granted and refreshed. Any ideas what the problem is?
Re: [twitter-dev] xAuth problems
I'm having constant 401 errors when trying xAuth. My application has already been accepted and its permissions granted and refreshed. Any ideas what the problem is? Post your sig base, if you have it. xAuth is working fine over here. What are you using to do your oAuth signatures? -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- If you have integrity, nothing else matters. -- Alan Simpson ---
Re: [twitter-dev] xAuth problems
Hi Fernando, Happy to help you out. Common issues when trying to get xAuth to work: - You must be using HTTP headers for the OAuth Authorization - You must be using POST as your method - You must be using SSL - Your POST body must contain the x_auth_* parameters as standard application/x-www-form-urlencoded parameters - Your Content-Type should be set to application/x-www-form-urlencoded - If the logins or passwords you are sending have non-url-safe characters, they should be URL encoded in your POST body and encoded again in your signature base string (just like any OAuth request) If you post an example signature base string with your username and passwords redacted, along with a redacted POST body, and the exact URL you are hitting we can help you further. Thanks! Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 29, 2010 at 2:51 PM, Fernando Olivares aeris@gmail.comwrote: Hello everyone, I'm having constant 401 errors when trying xAuth. My application has already been accepted and its permissions granted and refreshed. Any ideas what the problem is?
[twitter-dev] An odd scenario I can't solve
Hi everyone. Hope you'll be kind to a non-programmer here. :-) I think I have an unusual circumstance involving the use of @anywhere on my web site. The site in question is called @U2. Yep, been using the @ symbol on our site since 1998 and it's all over the place. The specific problem I'm having can be seen on this page: http://www.atu2.com/news/larry-mullen-stars-in-canadian-movie.html I'm using the hovercards and you can see the author's name correctly brings up her hovercard for @tassoula. I'm calling the javascript to only show hovercards in this main content window, so that the headings on the right (@U2 Blog Posts, @U2 Calendar, etc.) won't be linked. But ... as you can see in the first sentence of the article, the mention of our site name is also linked to a hovercard for @U2. There's no Twitter account in that name. (The band should own it but doesn't.) Is there any way to solve for this? Thanks in advance. Matt
[twitter-dev] Fix for handling invalid credentials deployed
Until recently, setting bad credentials when making a call to an unauthenticated endpoint would result in a 200 (and the response body). However repeated calls with bad credentials would lock out the account. We recently started returning an error message indicating the account was locked out. Today we're fixing this the rest of the way, and returning a 401 for any calls that have bad credentials passed in. If you start seeing increased 401s on unauthenticated endpoints it's likely that your credentials have always been invalid, we're just letting you know now. ---Mark http://twitter.com/mccv
[twitter-dev] Re: About update limits
To clarify, statuses/update is not affected by rate-limit whitelisting as it's a POST call and we don't maintain a separate whitelist for boosting the daily tweet limit above 1000. While we do not give out the specifics around the sub-limits, they *are* administered on a per-account basis and if you stay around your approximation of 20 tweets per half-hour you should be fine. Brian Sutorius On Apr 29, 6:07 am, Raffi Krikorian ra...@twitter.com wrote: the numbers are roughly broken up over the day. and the limit applies to an account. and yes - there is a whitelisting for status/updates -- please e-mail a...@twitter to ask for it. On Thu, Apr 29, 2010 at 5:26 AM, akaii chibiak...@gmail.com wrote: This is what the FAQ has to say about status update limits: Updates: 1,000 per day. The daily update limit is further broken down into smaller limits for semi-hourly intervals. Retweets are counted as updates. I'm a little unclear as to what exactly is meant by further broken down into smaller limits for semi-hourly intervals. Is the 1000 per day limit divided evenly between the 48 half hours each day (around 20 or so tweets per half an hour?). Also, I'm assuming this limit applies to each unique account? Is this limit absolutely fixed? Or is there some equivalent to whitelisting for status/update limits as well? Thanks... -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
[twitter-dev] Is there small size follow button?
Follow button in @anywhere api is too large. Is there a way to choose a smaller size?
[twitter-dev] How is the limit of 1500 search results calculated?
The docs on both the apiwiki and dev.twitter sites say that the search API is limited to 1,500 results through the combination of the rpp and page arguments. There are no details on the time frame for this search, or whether this applies to a single query string. Since you can only get that many results through multiple calls to the search API, this limit is confusing. Is it 1,500 results for a single q=value argument or multiple q=value arguments? Is this within a single hour, which seems to be a common time frame for rate limiting? I'll be putting the answer to this in an online tutorial and a book I'm writing, so the answer will be available beyond just this list. Thanks for any details.
[twitter-dev] Re: About update limits
I can't think of a use or requirement that would need more than 1,000 tweets per day. Unless you're promoting teeth whitening affiliate links that absolutely must be sent at a rate of one tweet every 30 seconds, because we all know how quickly the teeth of some followers turn yellow. On Apr 29, 8:45 pm, Brian Sutorius bsutor...@twitter.com wrote: To clarify, statuses/update is not affected by rate-limit whitelisting as it's a POST call and we don't maintain a separate whitelist for boosting the daily tweet limit above 1000. While we do not give out the specifics around the sub-limits, they *are* administered on a per-account basis and if you stay around your approximation of 20 tweets per half-hour you should be fine. Brian Sutorius On Apr 29, 6:07 am, Raffi Krikorian ra...@twitter.com wrote: the numbers are roughly broken up over the day. and the limit applies to an account. and yes - there is a whitelisting for status/updates -- please e-mail a...@twitter to ask for it. On Thu, Apr 29, 2010 at 5:26 AM, akaii chibiak...@gmail.com wrote: This is what the FAQ has to say about status update limits: Updates: 1,000 per day. The daily update limit is further broken down into smaller limits for semi-hourly intervals. Retweets are counted as updates. I'm a little unclear as to what exactly is meant by further broken down into smaller limits for semi-hourly intervals. Is the 1000 per day limit divided evenly between the 48 half hours each day (around 20 or so tweets per half an hour?). Also, I'm assuming this limit applies to each unique account? Is this limit absolutely fixed? Or is there some equivalent to whitelisting for status/update limits as well? Thanks... -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
[twitter-dev] Re: Duplicate Statuses in Public Timeline
John, I am using the public timeline for analysis. I haven't examined the streaming API, but it sounds like that's what I need to use. In the mean time I guess I'll just have to ignore the duplicates. Thank you for the response. -Matt On Apr 29, 9:47 am, John Kalucki j...@twitter.com wrote: What is your goal for this application? Are you trying to get a sampling of statuses for analysis, or for occasional casual display? If the former, you should use a sample method on the Streaming API. If the later, please persist in your quest for a reasonably unique result set. The public timeline isn't used much anymore and regressions could theoretically and regrettably, exist for a bit without anyone noticing. -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. On Thu, Apr 29, 2010 at 4:54 AM, mattarnold1977 matt.arnold.1...@gmail.com wrote: This is the third time I've reported this issue in the last couple of weeks. I still have not received any word back from Twitter support regarding this issue. My server log is filling up with duplicate status errors coming from the public timeline. I'm waiting to hit the timeline until after the cache period, so it's not that. And, yes it's not just duplicate status ids I'm seeing, it's also duplicate statuses as well. Every time I hit the public timeline I compare the results against a months worth of data that I have saved. Is anyone else having this issue? -Matt
[twitter-dev] Re: Incorrect signature when calling update url /1/statuses/update.xml
Taylor, I am presently using scribe java library for OAuth and as you said all spec compliant libraries the signature base string will only contain POST body parameter so does this one. Also I will try to add the header 'Content-Type' to the library and let you know how it goes. Thanks, Rahul On Apr 29, 5:38 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Whether it matters before creating your signature or not depends entirely on the OAuth library you are using. In spec-compliant OAuth libraries, the signature base string will only contain POST body parameters when they are of the application/x-www-form-urlencoded type -- most OAuth libraries need a way to be instructed on the disposition of the content being passed as the POST body and a common way is to look at an abstract request object of some kind to determine the type of data being piped in rather than just trying to guess or simply assuming that POST bodies will always be of the URL-encoded type. There might be another way to instruct your library on the disposition of data, but it's likely it'll just assume all POST data provided is of the URL encoded variety. I don't think you have any issues with your code in this area today. But as a best practice when dealing with an HTTP-based API of any kind, you should be sending a Content-Type header whenever POSTing or PUTing any kind of payload. You don't pass a Content-Type header on a GET because there is no content being sent. It's likely that your OAuth library automatically sends the proper Content-Type header on the OAuth negotiation steps because those steps are required to use URL-encoded POST bodies by the spec. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episodOn Thu, Apr 29, 2010 at 2:20 PM, Rahul rahul.jun...@gmail.com wrote: So what are trying to say is that i should explicitly add Content-type header in the message going out and that too before creating the signature? Thanks, Rahul On Apr 29, 4:58 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Since you're sending a status, you should be setting a Content-Type header to indicate the type of payload -- it's best never to assume that a HTTP server or a HTTP library will know how to understand a payload without being explicitly told what kind of payload that is. The signature might be mis-calculating on the Twitter side due to not including your parameters when constructing it. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 1:36 PM, Rahul rahul.jun...@gmail.com wrote: Hello, To answer your questions. The following is the body response i receive back ?xml version=1.0 encoding=UTF-8? hash request/1/statuses/update.xml/request errorIncorrect signature/error /hash Also, I am not setting any content type header at this point I am using POST only for token negotiation. and have not tried any get restricted resource yet. I did try some but they seem to be public timeline etc which seems to be working good. Any help on this is highly appreciated. Thanks, Rahul On Apr 29, 4:22 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Rahul, I'm trying to think of other reasons. We might be throwing the invalid signature error in a case where the signature is not in fact invalid. How about requests are not of the type POST? Have you had a GET (other than OAuth token negotiation steps) work for you? When you were doing the token negotiation steps, were you using POSTs or GETs? When performing a POST, are you setting your HTTP Content-Type header to application/x-www-form-urlencoded? What's the exact response from the server? There's usually a payload included with the response that may give more clarity to the error. We have some upcoming enhancements to the OAuth implementation that will return to you the signature base string we calculated which would be useful here now.. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Thu, Apr 29, 2010 at 1:12 PM, Rahul rahul.jun...@gmail.com wrote: Taylor, A quick update on this. I tried generating the signature from my library and the page mentioned below they both seems tbe exactly the same. http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin. .. What else can be the reason and how come twitter is responding with Incorrect Signature ? Thanks, Rahul On Apr 29, 1:19 pm, Rahul rahul.jun...@gmail.com wrote: Taylor, Thanks for taking a look at it. and to answer your question yes I do pass the status in the signature basetring. Also below is my string which i pass to the below mentioned toSign variable.
[twitter-dev] Consumer Keys vs IP Address and Domain Name
Does a consumer need new keys from twitter if the server ip address changes, even for the same domain name? I recently upgraded my server from my service provider. As a result the ip address of my server changed, even though the domain name is the same. Now Twitter is not servicing my applications' requests. Do I need new consumer keys?
[twitter-dev] Re: xAuth problems
I think I never sent my answer. If I did, please ignore this or I'll
delete it myself.
Anyway, here's a summary of what I'm doing.
- I am using HTTP headers and POST.
- I am a bit confused about SSL. If all I have to do to use SSL is use
https instead of http, then I'm good.
Here's my post Body:
HTTPBody:
x_auth_mode=client_authx_auth_username=olivaresfx_auth_password=edited
For now, the password doesn't have any non-url safe characters. I'll
be sure to check encoding in case there needs to be.
Here's my HTTP Headers
HTTP Header Fields:{
Authorization = OAuth realm=\\, oauth_consumer_key=\key\,
oauth_signature_method=\HMAC-SHA1\, oauth_signature=
\fXz8BNFXbesfsSSE5TKfAyNoRYg%3D\, oauth_timestamp=\1272590525\,
oauth_nonce=\CF34FD8C-ADF6-4A2E-BBE9-8650A8ACF96D\, oauth_version=
\1.0\;
X-Twitter-Client = App;
X-Twitter-Client-Url = http://theapp.com;;
X-Twitter-Client-Version = 0.1;
}
Also, here's the link I'm using: https://api.twitter.com/oauth/access_token
I have no idea what you meant by content-type. Maybe it's that?
Any idea where I went wrong? Anyway, thanks for the help.
[twitter-dev] Re: Basic Auth Deprecation
I think I know the answer to this question (YES), but I wanna clarify: Everywhere in the docs that I see curl followed by credentials, if the topic includes REST, that's an API that I will not be using curl for, because curl doesn't use oauth, so it cannot authenticate. i'll certainly know in 30 days if that's right. ;)
[twitter-dev] Re: xAuth problems
Also, here's my signature string:
POSThttps%3A%2F%2Fapi.twitter.com%2Foauth
%2Faccess_tokenoauth_consumer_key%3DjbEiZQ85zjOamkhVRTclnA
%26oauth_nonce%3DE23ADF41-F137-4E33-
BC51-00AEB7C95439%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1272598628%26oauth_version%3D1.0
Here's how it should look like according to (http://dev.twitter.com/
pages/auth)
httpMethod + +
url_encode( base_uri ) + +
sorted_query_params.each { | k, v |
url_encode ( k ) + %3D +
url_encode ( v )
}.join(%26)
POST
https%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_token
oauth_consumer_key%3DEditedKey
%26
oauth_nonce%3DE23ADF41-F137-4E33-BC51-00AEB7C95439
%26
oauth_signature_method%3DHMAC-SHA1
%26
oauth_timestamp%3D1272598628
%26
oauth_version%3D1.0
I think it's ok, so it's probably my signing?
I'm signing with my consumer secret (URLEncoded) followed by an
ampersand (without encoding).
[twitter-dev] Re: xAuth problems
Got it. The signatureBaseString has to include the parameters, so after the oauth version I was missing the x_auth_mode and the other 2 parameters. Thanks for your help!
