[twitter-dev] Re: Basic authentication
i haven't implemented OAuth at the moment but i'm at the verge doing it. although it is complete nonsense for my closed circuit use of posting status updates from website to twitter by fixed set of 2 to 3 users which never change. i wish that Twitter would offer an alternative for scenarios like this. i just wanted to clarify this... On 20 Mai, 19:16, Lil Peck lilp...@gmail.com wrote: On Tue, May 18, 2010 at 2:13 PM, Eric wetr...@gmail.com wrote: We are using the Streaming API and will only be using our own credentials. Our experience with OAuth in other services has not been positive, so like TJ says huge hassle for no gain. Although I was able to finally adapt to Oauth (thanks for Abraham and thanks to Scott), I agree that for folks who have web apps that do not require them to collect other people's logins, or to give their own to a third party, that it does seem a shame that provisions haven't been made to let those apps continue as is. Sorta looks like fixing what aint broke.
[twitter-dev] Re: Favorite create API which is the right one?
I would imagine this one as it is on dev which is more up to date and seems more in keeping with their other REST formats. http://api.twitter.com/version/favorites/:id/create.format On May 21, 6:21 am, Jebu Ittiachen jebu.ittiac...@gmail.com wrote: As per apiwiki.twitter.com create favorite is http://api.twitter.com/1/favorites/create/*id*.*format* dev.twitter.com says itshttp://api.twitter.com/*version*/favorites/:id/create.*format *So which is the right one? -- Jebu Ittiachen jebu.ittiac...@gmail.com
Re: [twitter-dev] Re: Is OAuth working for *anyone* out there?
Those are great tips, Shannon. Thanks! Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, May 20, 2010 at 10:28 PM, Shannon Whitley swhit...@whitleymedia.com wrote: I've been keeping track of the major oAuth issues that developers report to me. I've also hit these a few times myself. 1. The date/time on your machine must be accurate. Make sure you’ve performed a recent sync with a known time source. 2. If you’re trying to call a Twitter API method that will update data, the oAuth setup must be Read/Write on Twitter.com/oAuth. 3. Recheck all of your querystring variables for proper encoding. The method that you use for encoding querystring variables may not be oAuth compliant.
[twitter-dev] Re: Basic authentication
Hey, I'm pretty sure that Twitter isn't going to like that very much. The whole point is that everyone uses it not tries to get around it... I can't imagine supertweet will maintain it's own oauth for very long... On May 20, 12:02 pm, Jef Poskanzer jef.poskan...@gmail.com wrote: Thanks to @mrblog and SuperTweet I now have a backup plan in case I don't get OAuth implemented by the time Basic Auth goes away. It's a Twitter proxy - you use Basic Auth to talk to the proxy, and it uses OAuth to talk to Twitter. Easy peasy. http://www.supertweet.net/
[twitter-dev] Re: detecting hashtag spam
This post by Mr. Mark Kolb is biased, because he is simply hostile to myself personally. I am running teldomaintel Twitter account, and he was hostile since the day that we have opened our website for TEL domain directories: http://teldomaintel.com Mark Kolb was running some outrageous websites providing fraudulent TEL services to TEL domain users, and we have discovered the fraud, as he was taking their usernames and passwords over insecure connections. Further, when faced with accusations that he is taking passwords from people, which believed that he is running official website, he has publicly stated on the forum that passwords are not personal information, see here: http://tinyurl.com/2wgd5u6 Since then, he has been sending me messages like idiot as he runs TEL domain services, and we run TEL domain services, and he thinks we are his competition, so he is constantly finding a way to stop our marketing. The hashtag #dottel is mentioned by our account THEN, when we think it is required. Further, we never send too many Twitter messages, and we promote DOT TEL as for TEL domains, and everything related to TEL domains, including third party news and our news. I have entered RSS feed into Google, and on that day there were several #dottel tags, but in general Google sends rare Tweets, so there is never too many per day, just few. And I consider that Google that well with the timing, so that it is not too much. If the complaint would come from Twitter company, or from other users, not related to TEL domains, I would really consider that serious, but complaint comes from Mark Kolb which is known to disrespect people's privacy, and which runs similar services like we run them, only that we give our software for free, and he offers web services to people on his telmasters.com domain.
[twitter-dev] xAuth and Appcelerator Titanium
I'm currently developing an iPhone App with Titanium. I got the xauth set up from Twitter but I'm unable to get it work. 1 How do I retrieve more information after my request than 401 Authentication needed in order to debug my app? 2 is there a HMAC_SHA1 library in javascript that I can trust? 3 How can I check that my HMAC_SHA1 works for Twitter? I pretty much double checked everything, but there's no way I can have it work. Thanks
[twitter-dev] How to get the lists (from others users) i follow with Twitter API
Hi, I want to retrieve the lists i follow Following a list has has been made by a call to: listOwnerName/listIdentifier/subscribers.json logged with my account, The list appears on the twitter web site in the list panel as @listOwner/listName All is OK I've tried the method http://api.twitter.com/1/myName/lists.json but i get only my lists and not the list i follow please help Regards
[twitter-dev] Re: Is OAuth working for *anyone* out there?
Hi, I was also facing that 401 issue till today morning, now its throwing me 403 error on trying to tweet through code. However other functionalities are working fine. The application is granted with both read and write access. I havent done any code changes or modified any application settings. Any suggestions ? -Anna On May 21, 10:28 am, Shannon Whitley swhit...@whitleymedia.com wrote: I've been keeping track of the major oAuth issues that developers report to me. I've also hit these a few times myself. 1. The date/time on your machine must be accurate. Make sure you’ve performed a recent sync with a known time source. 2. If you’re trying to call a Twitter API method that will update data, the oAuth setup must be Read/Write on Twitter.com/oAuth. 3. Recheck all of your querystring variables for proper encoding. The method that you use for encoding querystring variables may not be oAuth compliant.
[twitter-dev] How to check
Are there any ways to do checking, authenticating and authorizing Twitter API like how Facebook does? I want to develop a form (using PHP) where my visitors could update their Twitter through my application (API), but right now before they could update it, they must authorize my application first even they already authorize it before. It seems a little annoying. Then I tried API @anywhere, but sometimes it won't start. I don't know why.. And it seems not compatible with mobile browser (I tested using iPhone's Safari). So, is there any solutions or API class that I could use with my application (PHP), so my users could update their Twitter using my form and API without must re-authorizing my API first? Thanks for your help guys.
Re: [twitter-dev] Re: statuses/update: Expect: 100-Continue header rejected
Interestingly, last night when I was doing testing I noticed Twitter was rejecting my Expect: 100-Continue header the same way you stated below. Today, Twitter is accepting the header. I'm going to comment it out of my code for now so I don't get unexpected results later. THe payloads are usually so small that the 100-continue behavior shouldn't be needed. On Thu, May 20, 2010 at 5:47 PM, Richard Barnett richard.d.barn...@gmail.com wrote: On May 20, 10:38 pm, Cameron Kaiser spec...@floodgap.com wrote: I've been playing with oacurlhttps:// code.google.com/apis/buzz/v1/oacurl.html and tried to use it to send a tweet. oacurl sends Expect: 100-Continue but Twitter rejects this with we only allow the 100-continue expectation. Is this fixable, or avoidable in the meantime? (I know about twurl, but oacurl seems generic - can I use twurl to make oauth calls to MySpace?) Just change the header to simply send a blank Expect:. With regular cURL a simple -H Expect: will work. Thanks for your reply. Although oacurl supports -H like curl, using -H Expect: adds a second Expect: header to the request, the Twitter server still fails because of Expect: 100-Continue. I'll raise the oacurl bug with one of the authors, but that still leaves a bug in Twitter's handling of Expect:. /c/download: echo status=Testing+oacurl | java -cp oacurl-1.0.0.jar com.google.oacurl.Fetch -X POST -H Expect: -v http://api.twitter.com/1/statuses/update.json POST /1/statuses/update.json HTTP/1.1 Content-Type: application/atom+xml Expect: Authorization: OAuth oauth_token=34507306-fJYSoMdju3Vv9SecfdyCUbYu5JdlIPLyaVN3xElNw, oauth_consumer_key=FFUZwLopTkug9Dlj1KamA, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1274396737, oauth_nonce=571291495191528, oauth_version=1.0, oauth_signature=CqiI%2FY%2Br96PGVPkCSClqnkmfHAo%3D Transfer-Encoding: chunked Host: api.twitter.com Connection: Keep-Alive User-Agent: Apache-HttpClient/4.0 (java 1.5) Expect: 100-Continue status=Testing+oacurl[\n] -- Richard
Re: [twitter-dev] Re: Is OAuth working for *anyone* out there?
Hi Anna, The large points of load are just about to hit. 401s and 403s where they aren't appropriate is an unfortunate side effect of the way certain kinds of load are expressing themselves in the system right now. We have a multi-tiered effort to get this back to an acceptable state. The best advice I have for now is to, if possible, not aggressively retry when a failure occurs. If you get an invalid nonce error while posting a status, and you're otherwise certain the nonce is unique, ignore the exception and assume the tweet was posted. Other areas where the problems express themselves: home_timeline and mentions aren't updating as frequently as you may be used to. Thanks for your patience! Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Fri, May 21, 2010 at 2:55 AM, Anna annatyler1...@gmail.com wrote: Hi, I was also facing that 401 issue till today morning, now its throwing me 403 error on trying to tweet through code. However other functionalities are working fine. The application is granted with both read and write access. I havent done any code changes or modified any application settings. Any suggestions ? -Anna On May 21, 10:28 am, Shannon Whitley swhit...@whitleymedia.com wrote: I've been keeping track of the major oAuth issues that developers report to me. I've also hit these a few times myself. 1. The date/time on your machine must be accurate. Make sure you’ve performed a recent sync with a known time source. 2. If you’re trying to call a Twitter API method that will update data, the oAuth setup must be Read/Write on Twitter.com/oAuth. 3. Recheck all of your querystring variables for proper encoding. The method that you use for encoding querystring variables may not be oAuth compliant.
[twitter-dev] Re: detecting hashtag spam
The issue with spamming hashtag #dottel has been complained to Twitter by several people on this account. I posted here because I am a member to get Twitter to view other forms of spam not just messages to accounts. To clear the record, JLouisBiz continues to accuses me of things that never happened and I cannot stop him from proliferated his opinions and twisting my words everywhere he goes. He should never be taken seriously. Mark
[twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
Hello folks,
I have my client speaking OAuth to twitter for the entire initial
dance up to getting my access token.
But once I try using the access token to call:
http://api.twitter.com/1/statuses/mentions.json?count=200
All I get from twitter is a 401 with the following body:
{request:/1/statuses/mentions.json?count=200,error:Incorrect
signature}
I followed the steps described here:http://dev.twitter.com/pages/
auth and just assumed that since there is no content, the value for
computing the signature is not needed.
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
%3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
%26oauth_version%3D1.0
My composite signature is made of my consumer secret (from the twitter
app page) and the oauth_token_secret returned by the acquire access
token process
This is what ends up in the HTTP traffic, when I append the
oauth_signature:
GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC-
SHA1,oauth_timestamp=1274461098,oauth_token=823083-
***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
%3D
Connection: keep-alive
Host: api.twitter.com
Any ideas on what I am doing wrong?
[twitter-dev] Re: Basic authentication
Twitter should offer a registration process for these cases. usually the posts aren't going to many accounts, so you could implement this registration with the Twitter user. the Twitter user could allow or disallow basic auth calls to his account. On May 21, 3:14 pm, Tammy Fennell tammykahnfenn...@gmail.com wrote: Hey, I'm pretty sure that Twitter isn't going to like that very much. The whole point is that everyone uses it not tries to get around it... I can't imagine supertweet will maintain it's own oauth for very long... On May 20, 12:02 pm, Jef Poskanzer jef.poskan...@gmail.com wrote: Thanks to @mrblog and SuperTweet I now have a backup plan in case I don't get OAuth implemented by the time Basic Auth goes away. It's a Twitter proxy - you use Basic Auth to talk to the proxy, and it uses OAuth to talk to Twitter. Easy peasy. http://www.supertweet.net/
[twitter-dev] Re: 4 Listed How can i get that number from an api call?
any ideas? On May 19, 8:32 pm, adamjamesdrew theikl...@gmail.com wrote: Thanks
[twitter-dev] Is the forced follow really fixed?
I have a friend who claims that she needs to unfollow people that she hasn't followed. Is there still a way someone can force you to follow them? I thought that had been fixed. Anybody else seeing this? I don't monitor my following count closely - I follow and unfollow people but don't really check to see if there are people I haven't followed. Is it possible that there are some autofollow services out there that have gone rogue? -- M. Edward (Ed) Borasky http://borasky-research.net/m-edward-ed-borasky/ @znmeb A mathematician is a device for turning coffee into theorems. ~ Paul Erdős
Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
Hi Miguel,
Your signature base string is off by just a little bit here -- you're
globbing the query parameter count on to the original URL when it should
be separated out.. the query string part of the URL should be represented
only as key/value pairs, sorted with the other OAuth parameters. Your
sorting here is correct, it's just that you're including the encoded ?
mark here. Had this been a parameter that would have started with a p, for
example, you'd have that parameter following the oauth_* parameters.
Here's an example of a signature base string with this encoded correctly
(though using different keys):
GEThttp%3A%2F%2Fapi.twitter.com
%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DcafnvEsPqnuVgXbqDqaw1X2SFvTSd9wYjpF5ZtHruFM%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274462075%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_version%3D1.0
Hope this helps!
Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod
On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
miguel.de.ic...@gmail.comwrote:
Hello folks,
I have my client speaking OAuth to twitter for the entire initial
dance up to getting my access token.
But once I try using the access token to call:
http://api.twitter.com/1/statuses/mentions.json?count=200
All I get from twitter is a 401 with the following body:
{request:/1/statuses/mentions.json?count=200,error:Incorrect
signature}
I followed the steps described here:http://dev.twitter.com/pages/
auth and just assumed that since there is no content, the value for
computing the signature is not needed.
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
%3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
%26oauth_version%3D1.0
My composite signature is made of my consumer secret (from the twitter
app page) and the oauth_token_secret returned by the acquire access
token process
This is what ends up in the HTTP traffic, when I append the
oauth_signature:
GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC-
SHA1,oauth_timestamp=1274461098,oauth_token=823083-
***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
%3D
Connection: keep-alive
Host: api.twitter.com
Any ideas on what I am doing wrong?
Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
When you're constructing your signature base string, don't include the
query parameters in the URL. The query parameters do need to be
included in the next part of the signature base string though. Here's
what the base string in your example should look like:
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D***%26oauth_nonce%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**%26oauth_version%3D1.0
%3Fcount%3D200 has been removed, and count%3D200%26 has been
inserted after the second ampersand.
On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
miguel.de.ic...@gmail.com wrote:
Hello folks,
I have my client speaking OAuth to twitter for the entire initial
dance up to getting my access token.
But once I try using the access token to call:
http://api.twitter.com/1/statuses/mentions.json?count=200
All I get from twitter is a 401 with the following body:
{request:/1/statuses/mentions.json?count=200,error:Incorrect
signature}
I followed the steps described here:http://dev.twitter.com/pages/
auth and just assumed that since there is no content, the value for
computing the signature is not needed.
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
%3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
%26oauth_version%3D1.0
My composite signature is made of my consumer secret (from the twitter
app page) and the oauth_token_secret returned by the acquire access
token process
This is what ends up in the HTTP traffic, when I append the
oauth_signature:
GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC-
SHA1,oauth_timestamp=1274461098,oauth_token=823083-
***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
%3D
Connection: keep-alive
Host: api.twitter.com
Any ideas on what I am doing wrong?
--
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger
Re: [twitter-dev] OAuth problem: can authenticate, but cant fetch timelines.
...and I see Taylor beat me to it. ;)
On Fri, May 21, 2010 at 10:34 AM, Dana Contreras d...@twitter.com wrote:
When you're constructing your signature base string, don't include the
query parameters in the URL. The query parameters do need to be
included in the next part of the signature base string though. Here's
what the base string in your example should look like:
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D***%26oauth_nonce%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**%26oauth_version%3D1.0
%3Fcount%3D200 has been removed, and count%3D200%26 has been
inserted after the second ampersand.
On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
miguel.de.ic...@gmail.com wrote:
Hello folks,
I have my client speaking OAuth to twitter for the entire initial
dance up to getting my access token.
But once I try using the access token to call:
http://api.twitter.com/1/statuses/mentions.json?count=200
All I get from twitter is a 401 with the following body:
{request:/1/statuses/mentions.json?count=200,error:Incorrect
signature}
I followed the steps described here:http://dev.twitter.com/pages/
auth and just assumed that since there is no content, the value for
computing the signature is not needed.
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
%3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
%26oauth_version%3D1.0
My composite signature is made of my consumer secret (from the twitter
app page) and the oauth_token_secret returned by the acquire access
token process
This is what ends up in the HTTP traffic, when I append the
oauth_signature:
GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_method=HMAC-
SHA1,oauth_timestamp=1274461098,oauth_token=823083-
***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
%3D
Connection: keep-alive
Host: api.twitter.com
Any ideas on what I am doing wrong?
--
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger
--
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger
[twitter-dev] UserStream : bug with oauth connection
Hi, Joshua and I tried to debug something and found a bug in the userstream. If you connect for 2 users and send DMs between them, while being connected with oauth token, only one of them (the sender) receives it in the stream, the recipient does not. If you connect the same accounts using basic auth, it works. Oauth : pe...@moonmac ..chirpstream ./test-josh2.rb #Chirpstream::Connect::User::Oauth:0x10188dd10 DM : yo ? (from Fabien Penso (@fabienpenso)) to fabientest event for fabienpenso ^C Basic Auth : pe...@moonmac ..chirpstream ./test-josh2.rb #Chirpstream::Connect::User::Basic:0x10188df40 DM : yo ? (from Fabien Penso (@fabienpenso)) to fabientest event for fabienpenso #Chirpstream::Connect::User::Basic:0x10188dea0 DM : yo ? (from Fabien Penso (@fabienpenso)) to fabientest event for fabientest ^C Code example : http://gist.github.com/409140 (Using the chirpstream gem from http://github.com/joshbuddy/chirpstream).
[twitter-dev] Status Code 424
I'm experimenting with the Twitter API (OAuth). I have a test bed that can tweet from my dev PC and my staging PC, but it fails on my production server. I get a status code of 424 returned when trying to tweet. I can't spot any differences between the environments that might be instrumental. I've not found any info on the 424 error other than references to WebDav and it being an error related to a previous call. The call I'm making it the first one and I used a hard coded token and secret token when tweeting. I'm stumped and any help would be greatly appreciated! TIA Ted
[twitter-dev] Two different schemas for errors now showing up across the API
Hello,
I'm trying to get advice from other developers about a schema change
that is intermittent. I couldn't find any API announcements that cover
this and it makes error detection a bit of a pain.
This is what's happening:
A 401 Unauthorized, depending on the endpoint, has a completely
different schema.
Here's a 401 from a GEuser timeline request:
{request:/1/statuses/user_timeline.json,error:This method
requires authentication.}
And here's one from a POST to destroy a direct message:
{errors:[{code:32,message:Could not authenticate you}]}
One is a child element collection, one is a single element, and in
either case the error and message elements are redundant for a
single model.
How are you handling this?
Re: [twitter-dev] Re: Basic authentication
On Tue, May 18, 2010 at 1:23 AM, Rich rhyl...@gmail.com wrote: That argument is fine, except for one glaring issue... xAuth. I've seen plenty of iPhone clients for instance using xAuth but there is no good reason for them to be using xAuth as it's remarkably simple to use the oAuth workflow using UIWebView. For my iPhone push app http://2apn.com I've received many complains because user did not understand what they had to do (usint oauth+webview). I'm going xauth because I want to be able to do the UI I want.
Re: [twitter-dev] Status Code 424
Hi Ted, I think it's unlikely that we're throwing the actual 424 in this case. Do you know much about your production environment and what kinds of proxies you go through? Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Fri, May 21, 2010 at 10:45 AM, ted t...@yoted.com wrote: I'm experimenting with the Twitter API (OAuth). I have a test bed that can tweet from my dev PC and my staging PC, but it fails on my production server. I get a status code of 424 returned when trying to tweet. I can't spot any differences between the environments that might be instrumental. I've not found any info on the 424 error other than references to WebDav and it being an error related to a previous call. The call I'm making it the first one and I used a hard coded token and secret token when tweeting. I'm stumped and any help would be greatly appreciated! TIA Ted
[twitter-dev] OAuth issues with some POSTs only
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url: https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url: https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
[twitter-dev] Follower count over time
Hi, How do I get # of followers over time? I've seen several sites that list a graph that shows your follower count over time. ex) 4/1/10 you had 200 followes...5/1/2010 you had 247 followersand so on. I would love to add this feature to my Twitter site, but can't find the data that I would need in order to do it. Does the API provide information on any of the following? 1. # of followers at a particular time? 2. Time in which a follower began following you? If the API doesn't provide this info, then how are other sites doing this? I doubt its from checking daily as the moment you sign up with a site that has this feature, they have your follower graph over time for at least 12 months of history. Thanks in advance!!! Ryan
[twitter-dev] Re: 4 Listed How can i get that number from an api call?
This was brought up pretty much the day lists came out of beta back in November, but still hasn't been addressed in the API. There are two issues logged in the tracker: http://code.google.com/p/twitter-api/issues/detail?id=1176 http://code.google.com/p/twitter-api/issues/detail?id=1186 On May 21, 1:07 pm, adamjamesdrew theikl...@gmail.com wrote: any ideas? On May 19, 8:32 pm, adamjamesdrew theikl...@gmail.com wrote: Thanks
Re: [twitter-dev] OAuth issues with some POSTs only
Hi DWF,
AT first glance there doesn't seem to be anything wrong here that I can see.
I do see that you're including a source parameter, which isn't necessary
when you are POSTing a status update -- Twitter will just use your
registered application name from your client application record for that.
What happens when you try the same call without a source parameter? Curious
if we're just throwing a lame error here.
Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod
On Fri, May 21, 2010 at 11:34 AM, DWF dwfr...@pivotallabs.com wrote:
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url: https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url: https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
[twitter-dev] Re: OAuth issues with some POSTs only
Just tried removing the source param and we still get the 'incorrect
signature' error.
Twurl from the command line is just fine.
Digging further...
--dwf
On May 21, 11:54 am, Taylor Singletary taylorsinglet...@twitter.com
wrote:
Hi DWF,
AT first glance there doesn't seem to be anything wrong here that I can see.
I do see that you're including a source parameter, which isn't necessary
when you are POSTing a status update -- Twitter will just use your
registered application name from your client application record for that.
What happens when you try the same call without a source parameter? Curious
if we're just throwing a lame error here.
Taylor Singletary
Developer Advocate, Twitterhttp://twitter.com/episod
On Fri, May 21, 2010 at 11:34 AM, DWF dwfr...@pivotallabs.com wrote:
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url:https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url:https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
[twitter-dev] Re: OAuth issues with some POSTs only
Hang on, we think we found somethingstop digging for a bit. :)
On May 21, 12:11 pm, DWF dwfr...@pivotallabs.com wrote:
Just tried removing the source param and we still get the 'incorrect
signature' error.
Twurl from the command line is just fine.
Digging further...
--dwf
On May 21, 11:54 am, Taylor Singletary taylorsinglet...@twitter.com
wrote:
Hi DWF,
AT first glance there doesn't seem to be anything wrong here that I can see.
I do see that you're including a source parameter, which isn't necessary
when you are POSTing a status update -- Twitter will just use your
registered application name from your client application record for that.
What happens when you try the same call without a source parameter? Curious
if we're just throwing a lame error here.
Taylor Singletary
Developer Advocate, Twitterhttp://twitter.com/episod
On Fri, May 21, 2010 at 11:34 AM, DWF dwfr...@pivotallabs.com wrote:
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url:https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url:https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
[twitter-dev] having trouble with geolocation in tweets
Hey there – I've been trying to get geolocation in my tweets and it's not taking. It posts the tweet to the correct account just fine, but the tweet doesn't contain any location data. The account is geo enabled. Here's an example of my curl call: curl -u username:password -d status=status_text http://api.twitter.com/1/statuses/update.json?lat=32.6626?long=-115.8471?display_coordinates=true I'm not sure what's wrong with it. Any chance anyone knows what's up?
Re: [twitter-dev] OAuth issues with some POSTs only
I think you have the same problem I posted about yesterday. In your base
string the '%' chars of the status are supposed to also be escaped. Here is
an example from my app
My status update string
timestamp:1274472570 Rejoice! I am done debugging :-).
POSThttp%3A%2F%2Fapi.twitter.com
%2F1%2Fstatuses%2Fupdate.xmloauth_consumer_key%%26oauth_nonce%3DUWVWKGEKDOYBSHLVRFGJIVLMLRUOCYQVHFZKABLK%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274472570%26oauth_token%x%26oauth_version%3D1.0%26status%3Dtimestamp
%253A1274472570%2520Rejoice%2521%2520I%2520am%2520done%2520debugging%2520%253A-%2529.
See how the '%' char is also escaped to %25?
On Fri, May 21, 2010 at 11:34 AM, DWF dwfr...@pivotallabs.com wrote:
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url: https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url: https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
Re: [twitter-dev] OAuth issues with some POSTs only
quickly one more thing, i twould also be cool to get some more details about
what exactly went wrong when the server side validation of the signature
fails. All you get now is 'Invalid Signature' and there are quite a few
things you could get wrong in developing that signature.
On Fri, May 21, 2010 at 1:11 PM, Mike Dice mikedice...@gmail.com wrote:
I think you have the same problem I posted about yesterday. In your base
string the '%' chars of the status are supposed to also be escaped. Here is
an example from my app
My status update string
timestamp:1274472570 Rejoice! I am done debugging :-).
POSThttp%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fupdate.xmloauth_consumer_key%%26oauth_nonce%3DUWVWKGEKDOYBSHLVRFGJIVLMLRUOCYQVHFZKABLK%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274472570%26oauth_token%x%26oauth_version%3D1.0%26status%3Dtimestamp
%253A1274472570%2520Rejoice%2521%2520I%2520am%2520done%2520debugging%2520%253A-%2529.
See how the '%' char is also escaped to %25?
On Fri, May 21, 2010 at 11:34 AM, DWF dwfr...@pivotallabs.com wrote:
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url: https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url: https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
Re: [twitter-dev] Follower count over time
Ryan, you might want to check out twittercounter and their api. They have some cool data around follower growth. On Fri, May 21, 2010 at 11:51 AM, Ryan Bell ryan.j.b...@gmail.com wrote: Hi, How do I get # of followers over time? I've seen several sites that list a graph that shows your follower count over time. ex) 4/1/10 you had 200 followes...5/1/2010 you had 247 followersand so on. I would love to add this feature to my Twitter site, but can't find the data that I would need in order to do it. Does the API provide information on any of the following? 1. # of followers at a particular time? 2. Time in which a follower began following you? If the API doesn't provide this info, then how are other sites doing this? I doubt its from checking daily as the moment you sign up with a site that has this feature, they have your follower graph over time for at least 12 months of history. Thanks in advance!!! Ryan
Re: [twitter-dev] OAuth issues with some POSTs only
Mike,
We're going to be a lot more informative on signature generation errors in
the near future -- we have a newer implementation of OAuth 1.0a waiting in
the wings that will provide the signature base string we generated on a
failed request. More details when the staggered release of that is drawing
near.
Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod
On Fri, May 21, 2010 at 1:14 PM, Mike Dice mikedice...@gmail.com wrote:
quickly one more thing, i twould also be cool to get some more details
about what exactly went wrong when the server side validation of the
signature fails. All you get now is 'Invalid Signature' and there are quite
a few things you could get wrong in developing that signature.
On Fri, May 21, 2010 at 1:11 PM, Mike Dice mikedice...@gmail.com wrote:
I think you have the same problem I posted about yesterday. In your base
string the '%' chars of the status are supposed to also be escaped. Here is
an example from my app
My status update string
timestamp:1274472570 Rejoice! I am done debugging :-).
POSThttp%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fupdate.xmloauth_consumer_key%%26oauth_nonce%3DUWVWKGEKDOYBSHLVRFGJIVLMLRUOCYQVHFZKABLK%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274472570%26oauth_token%x%26oauth_version%3D1.0%26status%3Dtimestamp
%253A1274472570%2520Rejoice%2521%2520I%2520am%2520done%2520debugging%2520%253A-%2529.
See how the '%' char is also escaped to %25?
On Fri, May 21, 2010 at 11:34 AM, DWF dwfr...@pivotallabs.com wrote:
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url: https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url: https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
[twitter-dev] Re: OAuth problem: can authenticate, but cant fetch timelines.
Hello Taylor, Dana,
Thanks to both of you for the reply, after this change, my twitter
client is working with OAuth.
It might be good to update the oauth guide on the twitter site
with this information, I tried for a few hours before I gave up and
posted here, and it might save others the pain.
Miguel.
On May 21, 1:16 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
Hi Miguel,
Your signature base string is off by just a little bit here -- you're
globbing the query parameter count on to the original URL when it should
be separated out.. the query string part of the URL should be represented
only as key/value pairs, sorted with the other OAuth parameters. Your
sorting here is correct, it's just that you're including the encoded ?
mark here. Had this been a parameter that would have started with a p, for
example, you'd have that parameter following the oauth_* parameters.
Here's an example of a signature base string with this encoded correctly
(though using different keys):
GEThttp%3A%2F%2Fapi.twitter.com
%2F1%2Fstatuses%2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3Dri8
JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DcafnvEsPqnuVgXbqDqaw1X2SFvTSd9wYjpF5ZtH
ruFM%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274462075%26
oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_vers
ion%3D1.0
Hope this helps!
Taylor Singletary
Developer Advocate, Twitterhttp://twitter.com/episod
On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
miguel.de.ic...@gmail.comwrote:
Hello folks,
I have my client speaking OAuth to twitter for the entire initial
dance up to getting my access token.
But once I try using the access token to call:
http://api.twitter.com/1/statuses/mentions.json?count=200
All I get from twitter is a 401 with the following body:
{request:/1/statuses/mentions.json?count=200,error:Incorrect
signature}
I followed the steps described here:http://dev.twitter.com/pages/
auth and just assumed that since there is no content, the value for
computing the signature is not needed.
GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
%3Fcount%3D200oauth_consumer_key%3D***%26oauth_nonce
%3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**
%26oauth_version%3D1.0
My composite signature is made of my consumer secret (from the twitter
app page) and the oauth_token_secret returned by the acquire access
token process
This is what ends up in the HTTP traffic, when I append the
oauth_signature:
GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
authorization: OAuth
oauth_consumer_key=**,oauth_nonce=r3cy0enwrqeq1qns,oauth_signature_
method=HMAC-
SHA1,oauth_timestamp=1274461098,oauth_token=823083-
***,oauth_version=1.0,oauth_signature=dGhefwoSaiSQ0XMSswJ1UdPtkeI
%3D
Connection: keep-alive
Host: api.twitter.com
Any ideas on what I am doing wrong?
[twitter-dev] Need tips on avoiding having application banned
Hello, I just spent about 45 min browsing discussions about how spammers caused the third party developer application to be banned and thought I'd ask for some tips on this. I'm writing a web-based app, not live yet, that will allow users to schedule tweets, in a more customized way of existing web based apps. I'm visualizing, (possibly naively) that Professionals such as Real Estate agents who would like to tweet property listings, but schedule spread out tweets, or mobile app evangelists who would like to search my site for some applicable articles about the Mobile world and schedule those. Not in an abusive way, just to keep their Twitter account from being too silent in between their personal updates. So if I get abusers creating accounts on my site, who want to schedule tweets of Amazon affiliate links for expensive watches, or porn site owners who want to tweet their own links, how do I prevent my application from being banned? (besides through intensive monitoring of what's being scheduled by myself). I am thinking of limiting auto-tweeting of scheduled tweets, per/user, one tweet every 4 hours. I did read http://help.twitter.com/forums/26257/entries/18311, but this didn't mention the risk that the third party app developer takes with users violating these rules. Thanks for any guidance on this
Re: [twitter-dev] OAuth issues with some POSTs only
That will be very helpful. Thanks Taylor.
On Fri, May 21, 2010 at 1:20 PM, Taylor Singletary
taylorsinglet...@twitter.com wrote:
Mike,
We're going to be a lot more informative on signature generation errors in
the near future -- we have a newer implementation of OAuth 1.0a waiting in
the wings that will provide the signature base string we generated on a
failed request. More details when the staggered release of that is drawing
near.
Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod
On Fri, May 21, 2010 at 1:14 PM, Mike Dice mikedice...@gmail.comwrote:
quickly one more thing, i twould also be cool to get some more details
about what exactly went wrong when the server side validation of the
signature fails. All you get now is 'Invalid Signature' and there are quite
a few things you could get wrong in developing that signature.
On Fri, May 21, 2010 at 1:11 PM, Mike Dice mikedice...@gmail.com wrote:
I think you have the same problem I posted about yesterday. In your base
string the '%' chars of the status are supposed to also be escaped. Here is
an example from my app
My status update string
timestamp:1274472570 Rejoice! I am done debugging :-).
POSThttp%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fupdate.xmloauth_consumer_key%%26oauth_nonce%3DUWVWKGEKDOYBSHLVRFGJIVLMLRUOCYQVHFZKABLK%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274472570%26oauth_token%x%26oauth_version%3D1.0%26status%3Dtimestamp
%253A1274472570%2520Rejoice%2521%2520I%2520am%2520done%2520debugging%2520%253A-%2529.
See how the '%' char is also escaped to %25?
On Fri, May 21, 2010 at 11:34 AM, DWF dwfr...@pivotallabs.com wrote:
We're having lots of success with OAuth now, which is great. So far
it looks like all our GETs are working just fine. And some of our
POSTs - but not all.
Here's a POST that works (deleting a user's tweet):
url: https://api.twitter.com/1/statuses/destroy.json
parameters: {id: 12532480661}
Base String:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses%2Fdestroy.jsonid
%3D12532480661%26oauth_consumer_key%3D-%26oauth_nonce
%3D1274466742322abc143248%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466742%26oauth_token%3D-
%26oauth_version%3D1.0
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466742322abc143248, oauth_timestamp=1274466742,
oauth_consumer_key=-, oauth_version=1.0, oauth_token=-,
oauth_signature=mg23Yowg9Y40imqcOH9SibMHSHE%3D
And here's one that's NOT working (updating a status):
url: https://api.twitter.com/1/statuses/update.json
parameters: {source: tweed, status: Tweet}
BaseString:
POSThttps%3A%2F%2Fapi.twitter.com http://2fapi.twitter.com/
%2F1%2Fstatuses
%2Fupdate.jsonoauth_consumer_key%3D---%26oauth_nonce
%3D1274466366892abc252116%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1274466366%26oauth_token%-
%26oauth_version%3D1.0%26source%3Dtweed%26status%3DTweet
AuthHeader:
Authorization = OAuth oauth_signature_method=HMAC-SHA1,
oauth_nonce=1274466366892abc252116, oauth_timestamp=1274466366,
oauth_consumer_key=, oauth_version=1.0,
oauth_token=-, oauth_signature=V4HjQU7%2BTYF2MFtkkR7T8OYM54Q
%3D
The error we get is:
{
status: 401,
responseText: {request:/1/statuses/
update.json,error:Incorrect signature}
}
Thoughts?
[twitter-dev] Re: OAuth problem: can authenticate, but cant fetch timelines.
Hello, I was able to make progress for my original sample (?count=200) but I am running into a different problem when I pass more than one parameter, in this case count=200since_id=NNN I did sort the parameters as suggested by Dana from the query string, here is my result: GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D %26oauth_nonce%3D2gpt5qj733gpnj68%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1274476231%26oauth_token%3D %26oauth_version%3D1.0%26since_id%3D14452646144 As you can see count is the first component and since_id has been tucked at the end. This is the HTTP request that is sent: GET /1/statuses/home_timeline.json?count=200since_id=14452646144 HTTP/ 1.1 authorization: OAuth oauth_consumer_key=**,oauth_nonce=2gpt5qj733gpnj68,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1274476231,oauth_token=,oauth_version=1.0,oauth_signature=HaWDhfKcUNBJocecm7wyYcS8VFE %3D Host: api.twitter.com Miguel
[twitter-dev] Re: What tools do you use?
I want to share with the group: http://sagistech.blogspot.com/2010/03/parsing-twitter-json-comparing-c.html The author compares different .NET JSON parsers, and determines that Gapi.NET is the fastest at parsing Twitter JSON. I'm using Gapi.NET for statuses/sample.json now, and it really is fast and easy!
[twitter-dev] XAuth Issues with MGTwitterEngine
Hello, I am having some issues implementing XAuth support into an iPhone application using MGTwitterEngine and OAuthConsumer libraries. I know that XAuth support has been rolled in to MGTwitterEngine fairly recently, but I need to get this app working as soon as possible, so I would appreciate any insights you might have regarding the issue. I assume the problem is within one of the libraries. Every authentication request I make gets a 401 response with the error message: Failed to validate oauth signature and token Here is the OAuth header I am using as a reference: OAuth oauth_consumer_key=, oauth_signature_method=HMAC- SHA1, oauth_signature=fn0Jacb0S82Nq73humvpO9p%2FfD4%3D, oauth_timestamp=1274478827, oauth_nonce=45EA837E- CD9A-4C53-8925-3036196E8F2F, oauth_version=1.0 I tried changing the nonce to a simpler string, and playing with the timestamp, but it didn't seem to make a difference. I also added application/x-www-form-urlencoded as the Content-Type header. Twitter support just confirmed that XAuth is enabled for our app, but I am at a loss as to what's going wrong here. I'll appreciate some help, thank you.
[twitter-dev] Re: Is OAuth working for *anyone* out there?
You're not trying to post the exact same tweet twice, are you? That will always return a 403 status code. -Lucius On May 21, 5:55 am, Anna annatyler1...@gmail.com wrote: Hi, I was also facing that 401 issue till today morning, now its throwing me 403 error on trying to tweet through code. However other functionalities are working fine. The application is granted with both read and write access. I havent done any code changes or modified any application settings. Any suggestions ? -Anna On May 21, 10:28 am, Shannon Whitley swhit...@whitleymedia.com wrote: I've been keeping track of the major oAuth issues that developers report to me. I've also hit these a few times myself. 1. The date/time on your machine must be accurate. Make sure you’ve performed a recent sync with a known time source. 2. If you’re trying to call a Twitter API method that will update data, the oAuth setup must be Read/Write on Twitter.com/oAuth. 3. Recheck all of your querystring variables for proper encoding. The method that you use for encoding querystring variables may not be oAuth compliant.
[twitter-dev] Re: detecting hashtag spam
That is actually not spam. If our messages on Twitter are spam by your consideration, then you will want to block, remove and report too many of other genuine Twitter users. The messages were posted indirectly by Google, not personally, and Google does take care to not post too many messages, so if you are complaining, complain about the Google service, not about me personally. Our messages were correctly tagged, and the only person doing someone damage is you with your perverted views on what the word spam actually means.
[twitter-dev] Re: Basic authentication
Perhaps, but I think it's a mistake to shut supertweet down. It's solving a real-world problem, doing them a favor by doing something for twitter so they don't have to. It pushes all these corner cases off of their API front-end. It doesn't expose the user's Twitter passwords and users never expose their passwords to supertweet. Supertweet isn't so people can be lazy - people should still supprot oAuth and nobody should be using to make API calls on behalf of others (as in a normal Twitter user client). But it will really help PHP scripts and the like bridge over until their hosting service or whatever supports tools for OAuth. So again, I'd say http://www.supertweet.net is doing Twitter a favor. On May 21, 6:14 am, Tammy Fennell tammykahnfenn...@gmail.com wrote: Hey, I'm pretty sure that Twitter isn't going to like that very much. The whole point is that everyone uses it not tries to get around it... I can't imagine supertweet will maintain it's own oauth for very long... On May 20, 12:02 pm, Jef Poskanzer jef.poskan...@gmail.com wrote: Thanks to @mrblog and SuperTweet I now have a backup plan in case I don't get OAuth implemented by the time Basic Auth goes away. It's a Twitter proxy - you use Basic Auth to talk to the proxy, and it uses OAuth to talk to Twitter. Easy peasy. http://www.supertweet.net/
[twitter-dev] Re: Need tips on avoiding having application banned
If you spent 45 minutes browsing discussions about Dean Collins, then you studied how spammers caused a made-for-spammers app to get banned. If you prevent people from using your app in an abusive way, you won't end up like Dean Collins.
[twitter-dev] Re: Is the forced follow really fixed?
Ed, What I find is people sometimes forget that they've set up an auto- follow service to work on their account. Gosh, I get people who sign up today, and the next day they ask for support because they've forgotten their password. These things will be easier to debug for your friend once everyone uses OAuth, because then she can just check her Connections. Until then, she will just have to think way back and try and remember if she has ever set up such a service. On May 21, 2:10 pm, M. Edward (Ed) Borasky zn...@borasky- research.net wrote: I have a friend who claims that she needs to unfollow people that she hasn't followed. Is there still a way someone can force you to follow them? I thought that had been fixed. Anybody else seeing this? I don't monitor my following count closely - I follow and unfollow people but don't really check to see if there are people I haven't followed. Is it possible that there are some autofollow services out there that have gone rogue? -- M. Edward (Ed) Boraskyhttp://borasky-research.net/m-edward-ed-borasky/@znmeb A mathematician is a device for turning coffee into theorems. ~ Paul Erdős
Re: [twitter-dev] Follower count over time
On 5/21/2010 12:51 PM, Ryan Bell wrote: Hi, How do I get # of followers over time? I've seen several sites that list a graph that shows your follower count over time. ex) 4/1/10 you had 200 followes...5/1/2010 you had 247 followersand so on. I would love to add this feature to my Twitter site, but can't find the data that I would need in order to do it. Does the API provide information on any of the following? 1. # of followers at a particular time? 2. Time in which a follower began following you? If the API doesn't provide this info, then how are other sites doing this? I doubt its from checking daily as the moment you sign up with a site that has this feature, they have your follower graph over time for at least 12 months of history. Thanks in advance!!! Ryan That's a good suggestion for a new field, started_following.
[twitter-dev] Re: OAuth problem: can authenticate, but cant fetch timelines.
Hello, I figured this out, it was my fault, the bug was not really the extra parameters, but an early optimization on the reuse of the SHA1 code. Miguel. On May 21, 5:19 pm, Miguel de Icaza miguel.de.ic...@gmail.com wrote: Hello, I was able to make progress for my original sample (?count=200) but I am running into a different problem when I pass more than one parameter, in this case count=200since_id=NNN I did sort the parameters as suggested by Dana from the query string, here is my result: GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fhome_timeline.jsoncount%3D200%26oauth_consumer_key%3D %26oauth_nonce%3D2gpt5qj733gpnj68%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1274476231%26oauth_token%3D %26oauth_version%3D1.0%26since_id%3D14452646144 As you can see count is the first component and since_id has been tucked at the end. This is the HTTP request that is sent: GET /1/statuses/home_timeline.json?count=200since_id=14452646144 HTTP/ 1.1 authorization: OAuth oauth_consumer_key=**,oauth_nonce=2gpt5qj733gpnj68,oauth_signature_ method=HMAC- SHA1,oauth_timestamp=1274476231,oauth_token=,oauth_version=1. 0,oauth_signature=HaWDhfKcUNBJocecm7wyYcS8VFE %3D Host: api.twitter.com Miguel
[twitter-dev] Re: oAuth Echo problems
Hello, 1) You do not oAuth sign the actual request toTwitPic 2) You make a fake request to Twitter's verify credentials api over SSL and grab the Authorization header that would be sent, however when you create the header make sure you include a 'Realm' ofhttps://api.twitter.com 3) Create a new post request toTwitPicand put the oAuth header that you grabbed from Authorization in the HTTP header X-Verify-Credentials- Authorization 4) Add a X-Auth-Service-Provider header with the URL to verify credentials. 5) You should be good to go after that I tried this, but I am getting the following message from TwitPic: could not authenticate you (header rejected by twitter) I created the OAuth headers as if I was trying to send an OAuth request to https://api.twitter.com/1/account/verify_credentials.json and added those headers to X-Verify-Credential-Authorization The headers contain realm http://api.twitter.com; (tried also with https) Any ideas what Header rejected by twitter means? If you get the signature right, it will work as I and a few others have got it working when we were liasing with their engineers on Sunday On May 19, 3:41 am, uprise78 des...@gmail.com wrote: I'm in the same boat. My call to Twitter works fine but I get 401's fromTwitPicevery time.
