Re: [twitter-dev] availability of API
Hi Taylor, Thanks for the quick reply. Yes, your reply is exactly what I wanted. I am trying to implement those APIs in my application now. Regards, Mrinmoy Kundu On Tue, Jun 22, 2010 at 7:52 PM, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Mrinmoy, By add user as my friend are you meaning that you want to the user to be following your account? This is all possible with both the API and @Anywhere ( http://dev.twitter.com/anywhere ). If you went with an API-based integration, you'll need to implement OAuth for the authentication leg of your integration ( http://dev.twitter.com/auth ) and, provided that you've made it abundantly clear to the user that the act of approving the integration will result in them following a user, you'd use the friendships/create API method http://dev.twitter.com/doc/post/friendships/create/:id -- I'd recommend asking the user to take a direct action to perform the follow operation though, rather than automatically doing it. Taylor On Tue, Jun 22, 2010 at 7:08 AM, mrinmoy mrinmoy1...@gmail.com wrote: Hi, We need to perform following works from our site. 1. Authenticate User using API 2. Add user as my friend Is there APIs available for these? Please reply. Thanking in advance We are thinking like bellow. 1. User will click a link on my website. 2. A popup will open asking login id and password of that user 3. User will give login credential and click join 4. That member will be added as my friend Regards, Mrinmoy Kundu
[twitter-dev] secure key - desktop applications?
Hi all, I'm wondering why there's a secret key if you need to include it with desktop applications... Of course, there's the client secret key which needs to remain secret, but why is there a secret key for applications if it doesn't remain secret? Is it the combination of the 4 keys that always needs to remain private? The consumer key, consumer secret, and client token are, of course, safe to present to people (but still unwise, so I won't). It simply doesn't feel right to be including secret keys in an application - everyone could see them and they wouldn't be secret, would they? As far as I have seen so far, the only thing you can do with a consumer secret key, is signing the requests and requesting tokens (or, in my case, use xAuth). Is there any reason why I shouldn't include the secret key in my application? Anything that can damage my twitter account and/or the application? Tom
[twitter-dev] Twitter Abrahams library
Hello all, I'm testing Abraham twitter library and works really nice. But I have a doubt for more simple stuff... Imagine that I want to do a call to twitter without authenticate first. For example, to get the last 20 public tweets I dont need to authenticate first, right? So, you have any example how to do it? I looked at the http method in twitteroauth class and I tried something like: $content = json_decode($connection-http('https://api.twitter.com/1/ statuses/public_timeline.json', 'GET')); but my doubt is how can I create the $connection object? I tried something like: $connection = new TwitterOAuth($CONSUMER_KEY, $CONSUMER_SECRET); But didn't work. Can you help me? P.S.: sorry for the stupid question...
[twitter-dev] profile_image by id?
We have: http://twitter.com/account/redirect_by_id and we have: http://api.twitter.com/1/users/profile_image/[screen_name].[format] Is there a way to get the profile image by id? Thanks!
[twitter-dev] Re: profile_image by id?
[edit] by the above I mean a URL to be used as img src, not an api call.
[twitter-dev] Re: Search API returns only 15 results, even if rpp=100?
Thanks for that -- I just figured that out and was coming back to report my findings, but I guess you beat me to it. :) On Jun 22, 8:01 am, Jonathan Reichhold jonathan.reichh...@gmail.com wrote: There are plenty of results for this, but your url is encoded incorrectly http://search.twitter.com/search.atom?q=microsoft+OR+%23ms+OR+lnk.ms+... # is %23 in url-encoded form As the query exists it is microsoft OR with a page reference. Jonathan On Tue, Jun 22, 2010 at 6:34 AM, John Kalucki j...@twitter.com wrote: Try a less complex query, and you should get more results. On Mon, Jun 21, 2010 at 8:39 PM, Josh Santangelo j...@endquote.com wrote: For example, this query: https://search.twitter.com/search.atom?q=microsoft+OR+#ms+OR+lnk.ms+O... Is there any way to get a larger number of results per page? thanks, -josh- Hide quoted text - - Show quoted text -
[twitter-dev] Hi
Hi , I have integrated twitter in my web site using PHP CURL , But its tooo slow , Most of the time am getting the TRY AGAIN ERROR Is there any alternate way for twitter , I find there is another way using OAUTH , Not sure but for that we should install the PEAR module , Is there anything othere then OAuth service , Thanks -- Regards B.S.Bharanikumar http://php-mysql-jquery.blogspot.com/
Re: [twitter-dev] Re: trivial doubt
Hello everybody, i added the html tags on my code and added the script tag and the twitter code inside of it inside the body tag and now it's working fine...thanks a lot ;D anyway,is possible to change the join conversation text? 2010/6/22 Matt Harris thematthar...@twitter.com Hi André, Could you check you don't have javascript disabled? I know it sounds funny but I want to make sure it didn't get disabled. Otherwise, try copying and pasting the widget code fresh from our site and putting it between htmlbodyUnedited Widget Code/body/html See if that works for you Matt On Tue, Jun 22, 2010 at 4:39 PM, André Luís Moura Lima azdr3mi...@gmail.com wrote: Matt, I added the comma,but the widget is not rendering at all.What's happening here?? 2010/6/22 themattharris thematthar...@twitter.com Hi André, Looking at your code it looks like you have added the line: id : 'twitterdiv' but forgotten to put the comma after it. If you add the comma the widget will work. Matt You don't need the div id = twitterdiv/div as the widget will automatically create that for you. On Jun 22, 6:25 am, André Lima azdr3mi...@gmail.com wrote: any suggestion of what I'm doing wrong here?? On 21 jun, 22:00, André Luís Moura Lima azdr3mi...@gmail.com wrote: Hello everybody, I'm doing some tests with twitter widget profile...i do everything right on the site,copy the resulting code to my html,but the twitter widget is not shown,it isn't rendering.What can be wrong?for those who can help me,I will post the code here.I guess I'm doing some confusion with some html tags like body,head,html,etc...are they necessary to the code work right?anyway,i hope so,cause this code that I'm posting is,obviously,an example...the real html have head,body,html tags.anyway,here is the code: div id = twitterdiv/div script src=http://widgets.twimg.com/j/2/widget.js;/script script new TWTR.Widget({ id : 'twitterdiv' version: 2, type: 'profile', rpp: 4, interval: 6000, width: 250, height: 300, theme: { shell: { background: '#33', color: '#ff' }, tweets: { background: '#00', color: '#ff', links: '#4aed05' } }, features: { scrollbar: true, loop: false, live: false, hashtags: true, timestamp: true, avatars: false, behavior: 'all' }}).render().setUser('andre').start(); /script -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
[twitter-dev] Re: Hi
Hi there... Actually I'm using oauth with 2 diferent libraries: Haughin (http:// www.haughin.com/code/twitter/) and Abraham (http://github.com/abraham/ twitteroauth) for a web page I'm almost finishing. But, I'm not sure if this will solve your problem... I think that Twitter have some serious problems. I'm always getting a 'Twitter is over capacity' message, especially during the afternoon (I'm in Holand, so GMT+1). In the morning works ok, and I think is because people from America are sleeping :) Am I right? You have this kind of problems too? On Jun 23, 8:45 am, bharani kumar bharanikumariyer...@gmail.com wrote: Hi , I have integrated twitter in my web site using PHP CURL , But its tooo slow , Most of the time am getting the TRY AGAIN ERROR Is there any alternate way for twitter , I find there is another way using OAUTH , Not sure but for that we should install the PEAR module , Is there anything othere then OAuth service , Thanks -- Regards B.S.Bharanikumarhttp://php-mysql-jquery.blogspot.com/
[twitter-dev] Twitter for iPhone - Custom Image Handler
Hello, With the new Twitter iPhone with OAuth support - if you are using Custom Image handlers - is the HTTP Authentication still passed to the API endpoint or is it send via OAuth Headers - and we should be using OAuth echo to validate? Thanks, Greg
Re: [twitter-dev] Twitter for iPhone - Custom Image Handler
To my knowledge, the Twitter for iPhone app now uses OAuth Echo for transactions with image providers. Taylor On Wed, Jun 23, 2010 at 6:47 AM, Greg gregory.av...@gmail.com wrote: Hello, With the new Twitter iPhone with OAuth support - if you are using Custom Image handlers - is the HTTP Authentication still passed to the API endpoint or is it send via OAuth Headers - and we should be using OAuth echo to validate? Thanks, Greg
Re: [twitter-dev] Re: trivial doubt
is there anyway to do it? 2010/6/23 André Luís Moura Lima azdr3mi...@gmail.com Hello everybody, i added the html tags on my code and added the script tag and the twitter code inside of it inside the body tag and now it's working fine...thanks a lot ;D anyway,is possible to change the join conversation text? 2010/6/22 Matt Harris thematthar...@twitter.com Hi André, Could you check you don't have javascript disabled? I know it sounds funny but I want to make sure it didn't get disabled. Otherwise, try copying and pasting the widget code fresh from our site and putting it between htmlbodyUnedited Widget Code/body/html See if that works for you Matt On Tue, Jun 22, 2010 at 4:39 PM, André Luís Moura Lima azdr3mi...@gmail.com wrote: Matt, I added the comma,but the widget is not rendering at all.What's happening here?? 2010/6/22 themattharris thematthar...@twitter.com Hi André, Looking at your code it looks like you have added the line: id : 'twitterdiv' but forgotten to put the comma after it. If you add the comma the widget will work. Matt You don't need the div id = twitterdiv/div as the widget will automatically create that for you. On Jun 22, 6:25 am, André Lima azdr3mi...@gmail.com wrote: any suggestion of what I'm doing wrong here?? On 21 jun, 22:00, André Luís Moura Lima azdr3mi...@gmail.com wrote: Hello everybody, I'm doing some tests with twitter widget profile...i do everything right on the site,copy the resulting code to my html,but the twitter widget is not shown,it isn't rendering.What can be wrong?for those who can help me,I will post the code here.I guess I'm doing some confusion with some html tags like body,head,html,etc...are they necessary to the code work right?anyway,i hope so,cause this code that I'm posting is,obviously,an example...the real html have head,body,html tags.anyway,here is the code: div id = twitterdiv/div script src=http://widgets.twimg.com/j/2/widget.js;/script script new TWTR.Widget({ id : 'twitterdiv' version: 2, type: 'profile', rpp: 4, interval: 6000, width: 250, height: 300, theme: { shell: { background: '#33', color: '#ff' }, tweets: { background: '#00', color: '#ff', links: '#4aed05' } }, features: { scrollbar: true, loop: false, live: false, hashtags: true, timestamp: true, avatars: false, behavior: 'all' }}).render().setUser('andre').start(); /script -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
Re: [twitter-dev] Re: profile_image by id?
Looks like the profile_image endpoint takes id OR screen name.. so these are equivalent http://api.twitter.com/1/users/profile_image/819797 http://api.twitter.com/1/users/profile_image/episod It's not recommended to use these directly in an IMG src tag, as that'd make your displaying the image depend on being redirected (and if Twitter is whaling, you'll get no image at all or other unexpected behavior). Instead, you should follow the redirect and use the resultant URL. Taylor On Wed, Jun 23, 2010 at 4:42 AM, Ken k...@cimas.ch wrote: [edit] by the above I mean a URL to be used as img src, not an api call.
[twitter-dev] Re: Twitter for iPhone - Custom Image Handler
Thanks Taylor. I'm assuming that you use xAuth when you login - because you still need to enter your username and password on the application. On Jun 23, 9:58 am, Taylor Singletary taylorsinglet...@twitter.com wrote: To my knowledge, the Twitter for iPhone app now uses OAuth Echo for transactions with image providers. Taylor On Wed, Jun 23, 2010 at 6:47 AM, Greg gregory.av...@gmail.com wrote: Hello, With the new Twitter iPhone with OAuth support - if you are using Custom Image handlers - is the HTTP Authentication still passed to the API endpoint or is it send via OAuth Headers - and we should be using OAuth echo to validate? Thanks, Greg- Hide quoted text - - Show quoted text -
Re: [twitter-dev] Re: trivial doubt
i have to put the twitter code inside of this div for keep the design of the page... 2010/6/23 André Luís Moura Lima azdr3mi...@gmail.com there is any way to put my twitter code inside a div?I have the following div and I want to put the twitter code inside this div...is this a possible thing to do??i already tried it but the widget isn't rendering...I have to do it this way...so here's the code: div class=twitter ul li@virt Lançamento!! 24/05/2010!! Aguardem... br / spanAbout 6 hours ago/span/li /ul /div 2010/6/23 André Luís Moura Lima azdr3mi...@gmail.com is there anyway to do it? 2010/6/23 André Luís Moura Lima azdr3mi...@gmail.com Hello everybody, i added the html tags on my code and added the script tag and the twitter code inside of it inside the body tag and now it's working fine...thanks a lot ;D anyway,is possible to change the join conversation text? 2010/6/22 Matt Harris thematthar...@twitter.com Hi André, Could you check you don't have javascript disabled? I know it sounds funny but I want to make sure it didn't get disabled. Otherwise, try copying and pasting the widget code fresh from our site and putting it between htmlbodyUnedited Widget Code/body/html See if that works for you Matt On Tue, Jun 22, 2010 at 4:39 PM, André Luís Moura Lima azdr3mi...@gmail.com wrote: Matt, I added the comma,but the widget is not rendering at all.What's happening here?? 2010/6/22 themattharris thematthar...@twitter.com Hi André, Looking at your code it looks like you have added the line: id : 'twitterdiv' but forgotten to put the comma after it. If you add the comma the widget will work. Matt You don't need the div id = twitterdiv/div as the widget will automatically create that for you. On Jun 22, 6:25 am, André Lima azdr3mi...@gmail.com wrote: any suggestion of what I'm doing wrong here?? On 21 jun, 22:00, André Luís Moura Lima azdr3mi...@gmail.com wrote: Hello everybody, I'm doing some tests with twitter widget profile...i do everything right on the site,copy the resulting code to my html,but the twitter widget is not shown,it isn't rendering.What can be wrong?for those who can help me,I will post the code here.I guess I'm doing some confusion with some html tags like body,head,html,etc...are they necessary to the code work right?anyway,i hope so,cause this code that I'm posting is,obviously,an example...the real html have head,body,html tags.anyway,here is the code: div id = twitterdiv/div script src=http://widgets.twimg.com/j/2/widget.js;/script script new TWTR.Widget({ id : 'twitterdiv' version: 2, type: 'profile', rpp: 4, interval: 6000, width: 250, height: 300, theme: { shell: { background: '#33', color: '#ff' }, tweets: { background: '#00', color: '#ff', links: '#4aed05' } }, features: { scrollbar: true, loop: false, live: false, hashtags: true, timestamp: true, avatars: false, behavior: 'all' }}).render().setUser('andre').start(); /script -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
Re: [twitter-dev] Re: Twitter for iPhone - Custom Image Handler
Correct. On Wed, Jun 23, 2010 at 7:38 AM, Greg gregory.av...@gmail.com wrote: Thanks Taylor. I'm assuming that you use xAuth when you login - because you still need to enter your username and password on the application. On Jun 23, 9:58 am, Taylor Singletary taylorsinglet...@twitter.com wrote: To my knowledge, the Twitter for iPhone app now uses OAuth Echo for transactions with image providers. Taylor On Wed, Jun 23, 2010 at 6:47 AM, Greg gregory.av...@gmail.com wrote: Hello, With the new Twitter iPhone with OAuth support - if you are using Custom Image handlers - is the HTTP Authentication still passed to the API endpoint or is it send via OAuth Headers - and we should be using OAuth echo to validate? Thanks, Greg- Hide quoted text - - Show quoted text -
[twitter-dev] Missing oauth_verifier request parameter in OAuth CB
Hello, I've recently registered an application with Twitter (normal app - not @Anywhere) and I intend to use OAuth with it. I can see the callback_url is being hit properly, but there is no oauth_verifier request parameter. I only see oauth_token. I'm using twitter4j-core-2.1.x to do the heavy lifting of this, and I'm not specifying a callback url when I request a token since I have one in the application settings already. Do I need to specify the callback URL anyway? Thanks, sb
Re: [twitter-dev] Missing oauth_verifier request parameter in OAuth CB
Hi sb, I'm surprised that you're not getting the oauth_verifier in the OAuth callback -- do you have an example of the complete callback URL you receive? While it shouldn't matter, I do recommend always specifying your oauth_callback, regardless of having a default callback URL specified. It keeps intent clear in your code and most closely adheres to best practices while using OAuth. It also gives you an opportunity to pass some state on your callback URL without having to rely on a session. Taylor On Wed, Jun 23, 2010 at 7:36 AM, sb teknos...@gmail.com wrote: Hello, I've recently registered an application with Twitter (normal app - not @Anywhere) and I intend to use OAuth with it. I can see the callback_url is being hit properly, but there is no oauth_verifier request parameter. I only see oauth_token. I'm using twitter4j-core-2.1.x to do the heavy lifting of this, and I'm not specifying a callback url when I request a token since I have one in the application settings already. Do I need to specify the callback URL anyway? Thanks, sb
Re: [twitter-dev] secure key - desktop applications?
Hi Tom, I'm happy you're fully considering the implications here. With desktop applications, it's a matter of best effort security with your consumer secret and access token secrets. We recommend making it difficult to obtain the keys from a packaged application, while acknowledging that a determined hacker would be able to obtain them. That's where monitoring and damage control comes in -- we give all app developers the ability to reset/regenerate their consumer key and secret at any time, which is an effective kill switch for the former secrets. As time goes on, we hope to provide more tools that will help application developers detect application abuse. xAuth adds further complication if the keys are compromised, but should any rogue exchange logins for access tokens, regenerating your consumer key and secret will again cut them off from using those access tokens without the most recent key combination. We do our best to monitor for abuse and proactively stub out issues when they arise. There are some alternatives you can explore that would still protect your Twitter credentials, such as using the API through a homebrew proxy that actually holds the keys, or using a home-brew OAuth scheme between your application and a server to retrieve the keys securely. I'm not actually recommending these avenues, but they are options. The potential damage should your key get hijacked won't really effect your user account (unless you provide your access tokens in the application -- not a good idea), and the most damage likely to your application would be a temporary suspension and potential fallout from any actions taken by the hacker on behalf of your application (issuing Tweets/Spam/etc.) Taylor On Wed, Jun 23, 2010 at 2:12 AM, Tom van der Woerdt allerleiga...@gmail.com wrote: Hi all, I'm wondering why there's a secret key if you need to include it with desktop applications... Of course, there's the client secret key which needs to remain secret, but why is there a secret key for applications if it doesn't remain secret? Is it the combination of the 4 keys that always needs to remain private? The consumer key, consumer secret, and client token are, of course, safe to present to people (but still unwise, so I won't). It simply doesn't feel right to be including secret keys in an application - everyone could see them and they wouldn't be secret, would they? As far as I have seen so far, the only thing you can do with a consumer secret key, is signing the requests and requesting tokens (or, in my case, use xAuth). Is there any reason why I shouldn't include the secret key in my application? Anything that can damage my twitter account and/or the application? Tom
[twitter-dev] Re: How to compute the user list membership count
Yeah, this was requested a few days after the official list rollout, back in November (seven months ago): http://code.google.com/p/twitter-api/issues/detail?id=1186 It's been marked as an enhancement even though it has seemed to exist on Twitter.com this entire time. On Jun 22, 2:56 pm, Alfredo Artiles aarti...@gmail.com wrote: Hi, Is there any way to count the user lists membership other than iterating with the /:user/lists/memberships method? All the best, --- Alfredohttp://e24apps.com fd1b63583b fd1b63583b
[twitter-dev] Re: secure key - desktop applications?
Hi Taylor, Thanks for your reply. What I am currently considering is a connection to my server to exchange keys - which you mentioned. The xAuth part would be done from my server, the oAuth on the client. I wrote it like this from the start - exchanging keys with my server - because I didn't read the documentation entirely. I was under the impression that only a normal secret key was needed to sign client-requests, while the consumer secret was only used for logging in people. When I wanted to send my first tweet from my app, I noticed that it didn't work and after a few hours of debugging it seemed that I needed both secret keys. Implemented that, and it worked. Yet still it makes no sense. If a consumer key is needed for allowing an user to use your application and get a client key, why would you still need the consumer key? For all other requests those 2 keys simply go together, so why not make a normal client twice as long? Sure - I can implement it the way the oAuth is used, but it seems wrong. Tom On Jun 23, 5:18 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Tom, I'm happy you're fully considering the implications here. With desktop applications, it's a matter of best effort security with your consumer secret and access token secrets. We recommend making it difficult to obtain the keys from a packaged application, while acknowledging that a determined hacker would be able to obtain them. That's where monitoring and damage control comes in -- we give all app developers the ability to reset/regenerate their consumer key and secret at any time, which is an effective kill switch for the former secrets. As time goes on, we hope to provide more tools that will help application developers detect application abuse. xAuth adds further complication if the keys are compromised, but should any rogue exchange logins for access tokens, regenerating your consumer key and secret will again cut them off from using those access tokens without the most recent key combination. We do our best to monitor for abuse and proactively stub out issues when they arise. There are some alternatives you can explore that would still protect your Twitter credentials, such as using the API through a homebrew proxy that actually holds the keys, or using a home-brew OAuth scheme between your application and a server to retrieve the keys securely. I'm not actually recommending these avenues, but they are options. The potential damage should your key get hijacked won't really effect your user account (unless you provide your access tokens in the application -- not a good idea), and the most damage likely to your application would be a temporary suspension and potential fallout from any actions taken by the hacker on behalf of your application (issuing Tweets/Spam/etc.) Taylor On Wed, Jun 23, 2010 at 2:12 AM, Tom van der Woerdt allerleiga...@gmail.com wrote: Hi all, I'm wondering why there's a secret key if you need to include it with desktop applications... Of course, there's the client secret key which needs to remain secret, but why is there a secret key for applications if it doesn't remain secret? Is it the combination of the 4 keys that always needs to remain private? The consumer key, consumer secret, and client token are, of course, safe to present to people (but still unwise, so I won't). It simply doesn't feel right to be including secret keys in an application - everyone could see them and they wouldn't be secret, would they? As far as I have seen so far, the only thing you can do with a consumer secret key, is signing the requests and requesting tokens (or, in my case, use xAuth). Is there any reason why I shouldn't include the secret key in my application? Anything that can damage my twitter account and/or the application? Tom
[twitter-dev] Re: Missing oauth_verifier request parameter in OAuth CB
Hi Taylor, Thanks for getting back to me. I'm getting something like: http://example.com/oauthcb.htm?oauth_token=o7QdAbQYgpwAGKk2bR5j6VrARljVACgHsNhN0nN1c from Twitter. oauth_token is the same token sent initially during the auth request per the spec. You bring up a good point about the callback url and adding state. I'll address that once this issue is resolved. Neel On Jun 23, 10:46 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi sb, I'm surprised that you're not getting the oauth_verifier in the OAuth callback -- do you have an example of the complete callback URL you receive? While it shouldn't matter, I do recommend always specifying your oauth_callback, regardless of having a default callback URL specified. It keeps intent clear in your code and most closely adheres to best practices while using OAuth. It also gives you an opportunity to pass some state on your callback URL without having to rely on a session. Taylor On Wed, Jun 23, 2010 at 7:36 AM, sb teknos...@gmail.com wrote: Hello, I've recently registered an application with Twitter (normal app - not @Anywhere) and I intend to use OAuth with it. I can see the callback_url is being hit properly, but there is no oauth_verifier request parameter. I only see oauth_token. I'm using twitter4j-core-2.1.x to do the heavy lifting of this, and I'm not specifying a callback url when I request a token since I have one in the application settings already. Do I need to specify the callback URL anyway? Thanks, sb
[twitter-dev] Re: Missing oauth_verifier request parameter in OAuth CB
I should also note that I used to have the application registered as a client and would get a verification code when it was like that. This app is also registered as a normal app and not as an @Anywhere but hopefully that doesn't make a difference.. sb On Jun 23, 1:44 pm, sb teknos...@gmail.com wrote: Hi Taylor, Thanks for getting back to me. I'm getting something like: http://example.com/oauthcb.htm?oauth_token=o7QdAbQYgpwAGKk2bR5j6VrARl... from Twitter. oauth_token is the same token sent initially during the auth request per the spec. You bring up a good point about the callback url and adding state. I'll address that once this issue is resolved. Neel On Jun 23, 10:46 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi sb, I'm surprised that you're not getting the oauth_verifier in the OAuth callback -- do you have an example of the complete callback URL you receive? While it shouldn't matter, I do recommend always specifying your oauth_callback, regardless of having a default callback URL specified. It keeps intent clear in your code and most closely adheres to best practices while using OAuth. It also gives you an opportunity to pass some state on your callback URL without having to rely on a session. Taylor On Wed, Jun 23, 2010 at 7:36 AM, sb teknos...@gmail.com wrote: Hello, I've recently registered an application with Twitter (normal app - not @Anywhere) and I intend to use OAuth with it. I can see the callback_url is being hit properly, but there is no oauth_verifier request parameter. I only see oauth_token. I'm using twitter4j-core-2.1.x to do the heavy lifting of this, and I'm not specifying a callback url when I request a token since I have one in the application settings already. Do I need to specify the callback URL anyway? Thanks, sb
[twitter-dev] Re: Need help with PayPal security requirements
OAuth does not use any real login credentials, if you consider login credentials as a username/password set. Unless you're using xAuth, I don't think you'll need to worry too much. On Jun 17, 4:17 am, Jonathon Hill jhill9...@gmail.com wrote: I'm trying to get approval from PayPal to use their Preapproval API, and to do so my application must meet several requirements. I won't post the entire list here, because it isn't applicable to Twitter, however since users log in to my application via Twitter OAuth several of them are applicable: A1. User passwords must conform to industry best practices for content Generally, the length should be at least 6 characters, and contain at least one alpha and one numeric. Candidate passwords which meet the static syntactical requirements should also be passed across a dictionary of common passwords, and rules – no passwords of “blink182”, or passwords which are the same as the user-ID, for example. A6. A control must be implemented that prevents the brute force attack of login credentials. A common attack against web sites is to attempt to login in with a variety of different commonly used passwords for a given login id. There must be some method used to ensure that one is unable to perform this sort of attack. A common solution is to lock login attempts on an account for some period of time. In order to ensure that these mechanisms do not generate a means of denial of service attacks against accounts, these lockouts should cancel after a period of time (a few hours is typical). A7. A control must be implemented that prevents brute force guessing of passwords, especially if the attack is originating from a botnet. Typically, this will require collecting metadata about logons, logging them into a central log store, and then performing real-time analytics against that data. If a brute force attack is detected, a strong CAPTCHA (resistant against machine/scripted attacks) would be switched on. There are other implementation techniques, but this is the least invasive from a user experience perspective. Note – this is conceptually and functionally different from A6. B1. Login credentials must only be collected on pages that implement https with Extended Validation (EV) certificates. In order to allow customers to verify that they are truly connected to the partner site and to encourage general good practices, login credentials must be collected on pages that are https enabled, and using Extended Validation (EV) certificates. So, my questions are: 1. Would you guys be willing to add to your API to allow enforcing tighter password requirements as needed? 2. Will you upgrade your SSL certificate on api.twitter.com to one with Extended Validation? It seems like this would be relatively easy and inexpensive to do, and beneficial to all. 3. How doeshttps://api.twitter.com/oauth/authenticaterespond to brute-force attacks on login credentials? Thanks! Jonathon Hill @compwright @rainmakerapp
[twitter-dev] Re: Missing oauth_verifier request parameter in OAuth CB
Hi Taylor, Thanks for getting back to me. I'm getting something like: http://example.com/oauthcb.htm?oauth_token=o7QdAbQYgpwAGKk2bR5j6VrARl... from Twitter. oauth_token is the same token sent initially during the auth request per the spec. You bring up a good point about the callback url and adding state. I'll address that once this issue is resolved. I used to have this as a client application, and when doing that, I would get a verification code in the browser that I could pass using oauth_verifier. This worked fine. Does the app need to be registered with @Anywhere? Thanks, sb On Jun 23, 10:46 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi sb, I'm surprised that you're not getting the oauth_verifier in the OAuth callback -- do you have an example of the complete callback URL you receive? While it shouldn't matter, I do recommend always specifying your oauth_callback, regardless of having a default callback URL specified. It keeps intent clear in your code and most closely adheres to best practices while using OAuth. It also gives you an opportunity to pass some state on your callback URL without having to rely on a session. Taylor On Wed, Jun 23, 2010 at 7:36 AM, sb teknos...@gmail.com wrote: Hello, I've recently registered an application with Twitter (normal app - not @Anywhere) and I intend to use OAuth with it. I can see the callback_url is being hit properly, but there is no oauth_verifier request parameter. I only see oauth_token. I'm using twitter4j-core-2.1.x to do the heavy lifting of this, and I'm not specifying a callback url when I request a token since I have one in the application settings already. Do I need to specify the callback URL anyway? Thanks, sb
Re: [twitter-dev] Twitter Places Follow Up
Sure, do this: 1) Find the place ID of the Staples Center: http://api.twitter.com/1/geo/search.json?query=Staples%20Centerlat=34.04lon=-118.27granularity=poi = The place ID is 7893eab4ca4c1efb (second result) 2) Get all tweets from that ID: http://search.twitter.com/search.json?q=place:7893eab4ca4c1efb If you only have 100 places, you could probably do 100 searches and find the best result by hand when there are multiple results. David On Tue, Jun 22, 2010 at 9:35 AM, ELB ebrit...@gmail.com wrote: The statuses/update API linked to (http://dev.twitter.com/doc/post/ statuses/update or http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-statuses%C2%A0update) is the method that is used for an authenticated Twitter user to add his/her own new Tweet. (It's not a method of returning Tweets already created by other users.) We don't want to create Tweets from a given place - instead we want to use the Twitter API to publish Tweets from a given place. So, here is our page about the Staples Center in Los Angeles. http://sency.com/los-angeles/STAPLES-Center-4165 our goal is to publish the most recent Tweets, made from the Staples Center - on this page... would this be possible based on the current Twitter API?
[twitter-dev] Re: Missing oauth_verifier request parameter in OAuth CB
Hey guys, It seems with twitter4j, I had to specify a callback url. When I did this, I get a verifier. Not sure where the error lies. I'm using twitter4j-core-2.1.2. sb On Jun 23, 2:03 pm, sb teknos...@gmail.com wrote: Hi Taylor, Thanks for getting back to me. I'm getting something like: http://example.com/oauthcb.htm?oauth_token=o7QdAbQYgpwAGKk2bR5j6VrARl... from Twitter. oauth_token is the same token sent initially during the auth request per the spec. You bring up a good point about the callback url and adding state. I'll address that once this issue is resolved. I used to have this as a client application, and when doing that, I would get a verification code in the browser that I could pass using oauth_verifier. This worked fine. Does the app need to be registered with @Anywhere? Thanks, sb On Jun 23, 10:46 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi sb, I'm surprised that you're not getting the oauth_verifier in the OAuth callback -- do you have an example of the complete callback URL you receive? While it shouldn't matter, I do recommend always specifying your oauth_callback, regardless of having a default callback URL specified. It keeps intent clear in your code and most closely adheres to best practices while using OAuth. It also gives you an opportunity to pass some state on your callback URL without having to rely on a session. Taylor On Wed, Jun 23, 2010 at 7:36 AM, sb teknos...@gmail.com wrote: Hello, I've recently registered an application with Twitter (normal app - not @Anywhere) and I intend to use OAuth with it. I can see the callback_url is being hit properly, but there is no oauth_verifier request parameter. I only see oauth_token. I'm using twitter4j-core-2.1.x to do the heavy lifting of this, and I'm not specifying a callback url when I request a token since I have one in the application settings already. Do I need to specify the callback URL anyway? Thanks, sb
[twitter-dev] Re: profile_image by id?
Thanks Taylor, I take your point - we don't want to add to the problem. Looking ahead of course we expect Twitter to resolve the issues that cause us all so much pain these days. Our own app is pretty useless when Twitter is whaling. We could also ignore the change of username question as an edge case, except that one of our sites gets a lot of Twitter newbies - they create a Twitter account from our page - and they will probably change their avatar at least once in the short term. When we display an activity stream aggregating many users we can't be checking them all in real time for changes. Wouldn't it be nice to have a permanent URL for a user's current image... On Jun 23, 4:25 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Looks like the profile_image endpoint takes id OR screen name.. so these are equivalent http://api.twitter.com/1/users/profile_image/819797http://api.twitter.com/1/users/profile_image/episod It's not recommended to use these directly in an IMG src tag, as that'd make your displaying the image depend on being redirected (and if Twitter is whaling, you'll get no image at all or other unexpected behavior). Instead, you should follow the redirect and use the resultant URL. Taylor On Wed, Jun 23, 2010 at 4:42 AM, Ken k...@cimas.ch wrote: [edit] by the above I mean a URL to be used as img src, not an api call.
[twitter-dev] modifying rate limits under serious load
hi everyone, as you all know, Twitter has been faced with considerable capacity problems in recent weeks. we have many efforts under way to expand capacity and more efficiently use the capacity we have. starting today, we're going to begin adjusting rate limits dynamically under load in order to maintain an awesome experience for as many users as possible. today, we're experimenting with moving rate limits for all clients to varying amounts during periods of high load. you might see rate limits change from the default of 350 calls / hour. you may even see different values as we monitor the effect these changes have on overall Twitter performance. this means that it's more important than ever for client applications to monitor their rate limits through the HTTP headers and account/rate_limit_status and adjust your client's behavior accordingly. we're happy to help you achieve that, and please reach out to us if you need that help (either through this mailing list, or through @twitterapi). we understand that this might cause some issues in some clients, and will certainly impact the amount of requests your users can make to Twitter. however, the entire ecosystem will be more performant and you will see fewer whales on write operations (like posting tweets). thank you everyone for your continued patience. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: How to compute the user list membership count
Thanks Orian fd1b63583b fd1b63583b 2010/6/23 Orian Marx (@orian) or...@orianmarx.com Yeah, this was requested a few days after the official list rollout, back in November (seven months ago): http://code.google.com/p/twitter-api/issues/detail?id=1186 It's been marked as an enhancement even though it has seemed to exist on Twitter.com this entire time. On Jun 22, 2:56 pm, Alfredo Artiles aarti...@gmail.com wrote: Hi, Is there any way to count the user lists membership other than iterating with the /:user/lists/memberships method? All the best, --- Alfredohttp://e24apps.com fd1b63583b fd1b63583b
[twitter-dev] Re: modifying rate limits under serious load
Could you give more information on how you would lower a specific user's limits? For example my client does the following, this is of course simplified api_requests_left = 0; loop { if(api_requests_left == 0) { update_request_limits(); } // hit your server and ask my remaining limit, sleep and wait if needed make_request; -- api_requests_left; } I see two cases I need to figure out: 4pm. Twitter tells me I have 100 requests left. Request limit renews at 5pm. - Will you ever lower my request limit between 4 and 5pm, or can I assume what I was told was good for a full hour? - If I use none of my requests between 4pm and 5pm, is there a chance my new request limit will be lowered, or will you still honor my 100 remaining requests even if at 5pm you lower your limit to 50/hour? thanks On Jun 23, 3:20 pm, Raffi Krikorian ra...@twitter.com wrote: hi everyone, as you all know, Twitter has been faced with considerable capacity problems in recent weeks. we have many efforts under way to expand capacity and more efficiently use the capacity we have. starting today, we're going to begin adjusting rate limits dynamically under load in order to maintain an awesome experience for as many users as possible. today, we're experimenting with moving rate limits for all clients to varying amounts during periods of high load. you might see rate limits change from the default of 350 calls / hour. you may even see different values as we monitor the effect these changes have on overall Twitter performance. this means that it's more important than ever for client applications to monitor their rate limits through the HTTP headers and account/rate_limit_status and adjust your client's behavior accordingly. we're happy to help you achieve that, and please reach out to us if you need that help (either through this mailing list, or through @twitterapi). we understand that this might cause some issues in some clients, and will certainly impact the amount of requests your users can make to Twitter. however, the entire ecosystem will be more performant and you will see fewer whales on write operations (like posting tweets). thank you everyone for your continued patience. -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
Re: [twitter-dev] modifying rate limits under serious load
Quoting Raffi Krikorian ra...@twitter.com: hi everyone, as you all know, Twitter has been faced with considerable capacity problems in recent weeks. we have many efforts under way to expand capacity and more efficiently use the capacity we have. starting today, we're going to begin adjusting rate limits dynamically under load in order to maintain an awesome experience for as many users as possible. today, we're experimenting with moving rate limits for all clients to varying amounts during periods of high load. you might see rate limits change from the default of 350 calls / hour. you may even see different values as we monitor the effect these changes have on overall Twitter performance. this means that it's more important than ever for client applications to monitor their rate limits through the HTTP headers and account/rate_limit_status and adjust your client's behavior accordingly. we're happy to help you achieve that, and please reach out to us if you need that help (either through this mailing list, or through @twitterapi). we understand that this might cause some issues in some clients, and will certainly impact the amount of requests your users can make to Twitter. however, the entire ecosystem will be more performant and you will see fewer whales on write operations (like posting tweets). thank you everyone for your continued patience. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi And many, many thanks to Twitter for doing this! I've been wanting something like this for a long time. Any chance this could get extended to the Search API? Right now, there's little we can do except manually tune around the Enhance your calm messages.
[twitter-dev] Searching within shortened URLs
I just discovered an interesting search feature, and I was wondering if this is new. I'm collecting tweets for 'baseball' for a client using the search API. A number of the returned tweets didn't appear to have this word, such as this one: http://twitter.com/EngagingThem/statuses/16875393664 This tweet has a shortened URL that does contain 'baseball' in the expanded form. It appears that search is looking within the expanded version of URLs and finding a match. Is this feature new? Will it be retained when the switch is made to t.co?
[twitter-dev] Re: Geo-caching Without Lat/Long
To clarify the situation with UTF-8 characters. Special UTF-8 characters are treated the same as the standard alphanumeric set, in that we will count each one as a single letter. So a string like wondering what's happening … will be treated as 27 characters (without the quotes). When we receive a Tweet with UTF-8 characters in it we convert them into their HTML entity representation to ensure consistency between clients and reliable storage in the databases. This means, when you query the API, you may notice the Tweet has more than 140 characters in it. This is expected and is a result of the UTF-8 conversion. You can read more about how we count characters on the dev.twitter site [1]. Hope that answers your questions, Matt 1. http://dev.twitter.com/pages/counting_characters On Jun 11, 3:18 pm, Sam Ramji sra...@apigee.com wrote: We've built a free tool with similar capabilities but including OAuth authentication and contextual links to the full Twitter API, and no login required in order to save API calls. You can see the same lat/long query here: http://app.apigee.com/console/5ffbfabd-04c0-4802-a71d-542c23a1ec0e/re... Hope this is helpful - we are seeking feedback on the tool if you have any. Thanks, Sam On Jun 11, 9:48 am, Bryan bryan.p...@gmail.com wrote: Hey Abraham. The above example is dated. My point is appending max_result=1 onto any verified result results in a 404: http://hurl.it/hurls/08a6b684b494cab6138754d7b7470d9895968d59/88bbdc8... is okay, but with max_results=1: http://hurl.it/hurls/df8773b96e453cfd5426123c3ba4354fc2d96769/6d952ea... returns a 404 Thanks for the link; that's a very useful tool! On Jun 11, 11:40 am, Abraham Williams 4bra...@gmail.com wrote: The lat/long you are passing to the API are in the Yellow Sea so Twitter is 404ing as it does not have any places near there. http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b26... Abraham - Abraham Williams | Hacker Advocate |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jun 11, 2010 at 07:28, Bryan bryan.p...@gmail.com wrote: Matt-- Okay thanks for the reply. I'm building a news aggregator so the goal was to enter the location manually. Still, I'm having trouble with the geo-coding method. I'm using Abraham's php library and I do the following: $location = $connection-get('geo/reverse_geocode', array('lat' = '37.75' , 'long' = '122.68')); echo $connection-http_code; Which returns 404. $location-id is empty. Any thoughts as to what I'm doing wrong? On Jun 11, 9:21 am, Matt Harris thematthar...@twitter.com wrote: Hey Bryan, Status updates only accept lat/long or place_id. There isn't a way of providing plain text locations for these fields. If you wish to display a textual representation of where someone is on your app you would need to carry out a reverse geocode first. I don't know the method you are using to obtain the location but generally we see developers use the lat/long returned by the browser or device. One thing that might be useful to know is that we perform a reverse lookup on the lat/long when we display the tweet, converting it to some textual description like SoMa, San Francisco, or from here as appropriate. Hope that answers your question, Matt On Fri, Jun 11, 2010 at 6:41 AM, Bryan bryan.p...@gmail.com wrote: Hey everyone, is there a way to geo-tweet with the API without knowing the Lat/Long? In other words, can I say San Francisco, CA or search for valid place_id's with this name? I'm trying to make my user interface as user-friendly as possible, and asking for lat/long for my userbase won't work. I also want to rely on as few as API's as possible, so I'd prefer not to run my name through Google's Map API and then through the reverse geocode API on twitters. Thanks. -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] can I install twurl into $HOME?
When trying to install twurl, I am told to run these commands: sudo gem i twurl --source http://rubygems.org rake dist:gem sudo gem i pkg/twurl*gem sudo gem i oauth except that I am on a shared server where I do not have write permissions anywhere outside of ~/ I thought that maybe if I left off the 'sudo' it would be smart enough to install to my $HOME but no such luck: # gem i twurl --source http://rubygems.org ERROR: While executing gem ... (Gem::FilePermissionError) You don't have write permissions into the /usr/lib/ruby/gems/1.8 directory. So... am I SOL for running twurl if I don't have admin access to the machine? If so that will pretty much kill Twitreport. TjL ps - sorry if this is a dumb question, I just don't know anything about ruby. I'm trying to convert my curl shell scripts to twurl due to basic auth's impending demise.
[twitter-dev] Re: secure key - desktop applications?
You're right in theory that requests after the initial authentication step should not really need the app's credentials, a single authentication token secret ought to suffice and the service (twitter) should remember which app each token came from. But shrug, that's just not the way OAuth works. It's not twitter's fault, they are just following the spec. I can't even say it's particularly unreasoinable - flickr's similar three-party authentication protocol is much simpler than OAuth but it still uses the app key on every request. As for embedding the app secret in desktop and mobile executables and trusting that it will be just too difficult for miscreants to extract, I say don't do it. The OAuth RFC says so too. Keeping the secret in a server-side proxy is probably the best solution.
[twitter-dev] Re: modifying rate limits under serious load
So what is going to be the time periods between changes. Is going to be changed by the day,hour, minute? cause it can change like every 2 minutes it would be hard to tell a client that they had 50 more calls one minute and 0 the next. And what is going to be our interval of change at minimum developers could be limited to 150 calls and maximum 350. Is it possible we could get less then 150 calls/hour?
Re: [twitter-dev] can I install twurl into $HOME?
Hey, That's a great question. Thanks for asking it. If you don't have sudo rights on the machine you want to run twurl on you will need to tell your system to install gems into your user folder. For most cases this happens automatically when you leave sudo off of the call. One method i've heard works is to change your GEM_HOME folder to somewhere you have write access to. You can do this by typing something similar to: export GEM_HOME=/home/myname/gems The RubyGems website [1] has more information about customizing where RubyGems go Hope that helps, and let us know how it goes. Matt 1. http://docs.rubygems.org/read/chapter/3 On Wed, Jun 23, 2010 at 2:34 PM, TJ Luoma luo...@gmail.com wrote: When trying to install twurl, I am told to run these commands: sudo gem i twurl --source http://rubygems.org rake dist:gem sudo gem i pkg/twurl*gem sudo gem i oauth except that I am on a shared server where I do not have write permissions anywhere outside of ~/ I thought that maybe if I left off the 'sudo' it would be smart enough to install to my $HOME but no such luck: # gem i twurl --source http://rubygems.org ERROR: While executing gem ... (Gem::FilePermissionError) You don't have write permissions into the /usr/lib/ruby/gems/1.8 directory. So... am I SOL for running twurl if I don't have admin access to the machine? If so that will pretty much kill Twitreport. TjL ps - sorry if this is a dumb question, I just don't know anything about ruby. I'm trying to convert my curl shell scripts to twurl due to basic auth's impending demise. -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
[twitter-dev] Re: Invalid signature - but it's fine
There any more on this? On Jun 22, 4:37 pm, Dustin Shea demonicpa...@gmail.com wrote: I'm having the same issue with my client. Debug information: URL:http://api.twitter.com/1/statuses/home_timeline.json Oauth Token: 6339722-C6ciVM1DS5dsbezoxX25K2DM0LDysexMD0QDm28s Oauth Token Secret: XRLC2XcJ1gpPd3qyOHR9szIWs1OXMOkY3NljpM36Vo Consumer Key: CabFljpBvebzTnWpsUtw Consumer Secret: what_is_on_my_app_page Nonce: 88c65140bb4caeb02264c1c02dcd5e3a44c1e7cb Time: 1277241300 Version: 1.0 Signature: FuB86c97j9VBnbC7JmJzqbRwBOQ%3D I'll see what I can do about providing you any more information you may require. -Dustin (Demonicpagan on Twitter) On 6/22/2010 1:12 PM, Tom wrote: Hi all, I'm trying to write a simple Twitter client but so far I'm not making a lot of progress. I already got as far as retrieving the timeline, but I seem to be unable to sign the request. When I re-calculate the signature with a different application, it's exactly the same. Yet Twitter reports that it's wrong! (Incorrect signature with a 401 error) Of course, I'm using a proper secret and not the one below, but that one was used to calculate the signature for the request below. Can anyone confirm that I'm using the proper signature? Information is below. Debug information : URL:http://api.twitter.com/1/statuses/home_timeline.json Token: 18911703-HjjtYklryN9C99pfTiXWs52PvEqrfabluLCdh5IJU Customer key: QetEw0FtIfvaNyBfgxRYmw Secret: this_has_been_used_as_the_secret Nonce: jOzrZNZtsGFLftfjJpdiOfjYtgvNFzWPPXIOKHKE Time: 1277230019 Version: 1.0 Signature: aiUvshdfeRz2Z6G6a9DkYDbXJEc= Str1: GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fhome_timeline.jsonoauth_consumer_key%3DQetEw0FtIfvaNyBfgxRYmw %26oauth_nonce%3DjOzrZNZtsGFLftfjJpdiOfjYtgvNFzWPPXIOKHKE %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1277230019%26oauth_token%3D18911703- HjjtYklryN9C99pfTiXWs52PvEqrfabluLCdh5IJU%26oauth_version%3D1.0 Str2: OAuth oauth_signature=aiUvshdfeRz2Z6G6a9DkYDbXJEc%3D, oauth_version=1.0, oauth_signature_method=HMAC-SHA1, oauth_nonce=jOzrZNZtsGFLftfjJpdiOfjYtgvNFzWPPXIOKHKE, oauth_consumer_key=QetEw0FtIfvaNyBfgxRYmw, oauth_timestamp=1277230019, oauth_token=18911703- HjjtYklryN9C99pfTiXWs52PvEqrfabluLCdh5IJU No post body. Tom -- This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
Re: [twitter-dev] Re: Invalid signature - but it's fine
Hey Dustin, Can you let us know what your signature base string and post headers/query URL looks like - masking all the secure codes. Thanks Matt On Wed, Jun 23, 2010 at 5:11 PM, Dustin demonicpa...@gmail.com wrote: There any more on this? On Jun 22, 4:37 pm, Dustin Shea demonicpa...@gmail.com wrote: I'm having the same issue with my client. Debug information: URL:http://api.twitter.com/1/statuses/home_timeline.json Oauth Token: 6339722-C6ciVM1DS5dsbezoxX25K2DM0LDysexMD0QDm28s Oauth Token Secret: XRLC2XcJ1gpPd3qyOHR9szIWs1OXMOkY3NljpM36Vo Consumer Key: CabFljpBvebzTnWpsUtw Consumer Secret: what_is_on_my_app_page Nonce: 88c65140bb4caeb02264c1c02dcd5e3a44c1e7cb Time: 1277241300 Version: 1.0 Signature: FuB86c97j9VBnbC7JmJzqbRwBOQ%3D I'll see what I can do about providing you any more information you may require. -Dustin (Demonicpagan on Twitter) On 6/22/2010 1:12 PM, Tom wrote: Hi all, I'm trying to write a simple Twitter client but so far I'm not making a lot of progress. I already got as far as retrieving the timeline, but I seem to be unable to sign the request. When I re-calculate the signature with a different application, it's exactly the same. Yet Twitter reports that it's wrong! (Incorrect signature with a 401 error) Of course, I'm using a proper secret and not the one below, but that one was used to calculate the signature for the request below. Can anyone confirm that I'm using the proper signature? Information is below. Debug information : URL:http://api.twitter.com/1/statuses/home_timeline.json Token: 18911703-HjjtYklryN9C99pfTiXWs52PvEqrfabluLCdh5IJU Customer key: QetEw0FtIfvaNyBfgxRYmw Secret: this_has_been_used_as_the_secret Nonce: jOzrZNZtsGFLftfjJpdiOfjYtgvNFzWPPXIOKHKE Time: 1277230019 Version: 1.0 Signature: aiUvshdfeRz2Z6G6a9DkYDbXJEc= Str1: GEThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fhome_timeline.jsonoauth_consumer_key%3DQetEw0FtIfvaNyBfgxRYmw %26oauth_nonce%3DjOzrZNZtsGFLftfjJpdiOfjYtgvNFzWPPXIOKHKE %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1277230019%26oauth_token%3D18911703- HjjtYklryN9C99pfTiXWs52PvEqrfabluLCdh5IJU%26oauth_version%3D1.0 Str2: OAuth oauth_signature=aiUvshdfeRz2Z6G6a9DkYDbXJEc%3D, oauth_version=1.0, oauth_signature_method=HMAC-SHA1, oauth_nonce=jOzrZNZtsGFLftfjJpdiOfjYtgvNFzWPPXIOKHKE, oauth_consumer_key=QetEw0FtIfvaNyBfgxRYmw, oauth_timestamp=1277230019, oauth_token=18911703- HjjtYklryN9C99pfTiXWs52PvEqrfabluLCdh5IJU No post body. Tom -- This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
Re: [twitter-dev] can I install twurl into $HOME?
On Wed, Jun 23, 2010 at 7:01 PM, Matt Harris thematthar...@twitter.com wrote: If you don't have sudo rights on the machine you want to run twurl on you will need to tell your system to install gems into your user folder. For most cases this happens automatically when you leave sudo off of the call. One method i've heard works is to change your GEM_HOME folder to somewhere you have write access to. You can do this by typing something similar to: export GEM_HOME=/home/myname/gems OK, that worked for this line: $ export GEM_HOME=$HOME $ gem i twurl --source http://rubygems.org Successfully installed twurl-0.6.1 1 gem installed Installing ri documentation for twurl-0.6.1... Installing RDoc documentation for twurl-0.6.1... $ rake dist:gem (in /home/twitreport/twurl) rake aborted! uninitialized constant Twurl::AbstractCommandController /home/twitreport/twurl/Rakefile:6 (See full trace by running task with --trace) And now I'm stuck again. I tried googling and guessing, but neither of them worked :-/ TjL
[twitter-dev] Re: modifying rate limits under serious load
if it means you won't expand Twitter's capacity itself, moving rate limits for all clients is simply a bad news for us, end users. in effect, today I've got more API errors on HootSuite than ever. in other words, Twitter experience simply has become worse.
Re: [twitter-dev] Re: Hi
Am in India , Am just trying in the after noon time , What i am saying working fine, but not an continuously getting Error Every 3 tweets , It tooo terrible 4 me, On Wed, Jun 23, 2010 at 7:12 PM, luisg luisfmgoncal...@gmail.com wrote: Hi there... Actually I'm using oauth with 2 diferent libraries: Haughin (http:// www.haughin.com/code/twitter/) and Abraham (http://github.com/abraham/ twitteroauth) for a web page I'm almost finishing. But, I'm not sure if this will solve your problem... I think that Twitter have some serious problems. I'm always getting a 'Twitter is over capacity' message, especially during the afternoon (I'm in Holand, so GMT+1). In the morning works ok, and I think is because people from America are sleeping :) Am I right? You have this kind of problems too? On Jun 23, 8:45 am, bharani kumar bharanikumariyer...@gmail.com wrote: Hi , I have integrated twitter in my web site using PHP CURL , But its tooo slow , Most of the time am getting the TRY AGAIN ERROR Is there any alternate way for twitter , I find there is another way using OAUTH , Not sure but for that we should install the PEAR module , Is there anything othere then OAuth service , Thanks -- Regards B.S.Bharanikumarhttp://php-mysql-jquery.blogspot.com/ -- Regards B.S.Bharanikumar http://php-mysql-jquery.blogspot.com/
[twitter-dev] Problems with filtered Streaming API and Location
The api request I am making looks like this POST /1/statuses/filter.json HTTP/1.1 Authorization: Basic bVW0YWIZIG8yYTp3d3F0eGVz X-Twitter-Client-URL: http://twitter4j.org/en/twitter4j-2.1.3-SNAPSHOT(build: e8b3d79cea14c4f8cb20101726d92169b905da0e).xml X-Twitter-Client: Twitter4J Accept-Encoding: gzip User-Agent: twitter4j X-Twitter-Client-Version: 2.1.3 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 49 Host: stream.twitter.com Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 count=0locations=-97.42%2C32.56%2C-96.57%2C33.21 This should return a sample of all geocoded tweets within the geographic area, defined by the bounding box (it surrounds the Dallas- Ft. Worth area where I live). Using Safari, I log into Twitter with my test user: GiscJTest1 - it asks to use location, to which I answer OK. I select a location (such as the coffeeshop down the street from me) from the list and post a tweet. I see the tweet in my api output, but instead of the location I selected, it just says East Dallas, TX. Also, there is no lat-long. Then I try it with Twiterrific on my iPhone - again using GiscJTest1 - and with Location enabled. I *never* see these tweets in the stream output. I've tried many times, but the iPhone tweets do not show up in the stream. Can anyone explain this behavior?