[twitter-dev] Twitter app stats...
I was wondering if there any places you can go to see how many or what twitter users are actually connected/using your application. I'm not sure if there is a site or app for it but I have been looking and havent seen much of anything even close to what I am looking for. Hopefully someone can point me in the right direction.
[twitter-dev] Re: Retweet Chains, and retweets of retweets
Hi Tom, Thanks for the prompt reply, I just wanted to clarify, or maybe I have completely misunderstood you, so are you suggesting that I first call statuses_retweets on the original tweet, and then for each returned tweet, get the user information and find the users followers? What if a person is following multiple people who retweeted the orignal tweet? For example, if person A tweets something, and the tweet is retweeted by person B and C, finally person D retweets person B's retweet. How would we determine if person D's retweet is a retweet of person B's retweet, using just the statuses_followers api function call? Thanks again Mang-Git On Aug 10, 9:28 pm, Tom van der Woerdt i...@tvdw.eu wrote: On 8/10/10 9:17 PM, manggit wrote: Hello All, I am currently developing an app for a open source project. I would like to first obtain all direct child retweets of a given tweet, and then I would like to find all retweets of each of the child retweets, so on and so forth, until i reach the end of the retweet chain. However given the new style retweets, the api function call returns all retweets of a given tweet, including retweets of retweets, as retweets of the original tweet. Therefore I am unable to follow the progression of a tweet and gather information on whether a retweet is a retweet of the original tweet, or if the retweet is of a retweet. Is there anyway to obtain this information using the status_retweet api function call, or any clever combination of any of the api functions? Any support will be greatly appreciated Thanks Mang-Git No and yes. No: if there's no specific API for it, then there's no easy way. Yes: You can build a follower-tree (A follows B, B follows C, C follows D, etc) from the original tweep, but that may take a lot of time depending on the amount of retweets, and should probably only be used for research purposes. Tom
Re: [twitter-dev] Re: Norton detects this js on my site, I'm not able to find it!
Hey Nischal, The script you are referring to is part of the twitter.com authorize page which your users get directed to when they click sign in with Twitter. It's an expected file on our site and one which is used to handle various https activities on twitter.com. One thing I did notice when checking your site is you are directing users to https://twitter.com/oauth/authorize which is the old host - instead you want to be using the host api.twitter.com Hope that helps, Matt On Tue, Aug 10, 2010 at 10:02 AM, nischalshetty nischalshett...@gmail.comwrote: Thanks a lot Tom, kinda relieved! I too wasn't able to find that script, but a couple of users pointed to the same thing. Since the link is to a file named twitter-https.js , figured it would be good to ask about it here :) -Nischal On Aug 10, 9:57 pm, Tom van der Woerdt i...@tvdw.eu wrote: On 8/10/10 6:51 PM, nischalshetty wrote: I got feedback from a few users saying Norton was identifying my site as unsafe. The script that was being displayed was https://s3.amazonaws.com/twitter_production/a/1281028705/javascripts/. .. I haven't included anything, I'm not able to find this link on my site, any idea what this can be? My site ishttp://www.justunfollow.com Here's the Norton report - http://safeweb.norton.com/report/show?name=justunfollow.com I just checked about 5 pages of your site and I do not see it. I checked with a javascript debugger so I also checked deferred loads. I also wonder why Norton flags that file as unsafe... Looks perfectly safe to me. Tom -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
Re: [twitter-dev] Twitter app stats...
Hi, Try http://twitter.com/apps Tom Sent from my iPod On 11 aug. 2010, at 08:12, MissOdessa odessa.desi...@gmail.com wrote: I was wondering if there any places you can go to see how many or what twitter users are actually connected/using your application. I'm not sure if there is a site or app for it but I have been looking and havent seen much of anything even close to what I am looking for. Hopefully someone can point me in the right direction.
Re: [twitter-dev] Re: Retweet Chains, and retweets of retweets
Hi, I think that it is safe to assume that if user B follows C but not D, that he/she will retweet C and not D. However, this is not always 100% accurate. If an user follows both C and D, he/she will have retweeted the first one who retweeted it - the user does not get the second one in the timeline. Tom Sent from my iPod On 11 aug. 2010, at 08:46, manggit mang...@gmail.com wrote: Hi Tom, Thanks for the prompt reply, I just wanted to clarify, or maybe I have completely misunderstood you, so are you suggesting that I first call statuses_retweets on the original tweet, and then for each returned tweet, get the user information and find the users followers? What if a person is following multiple people who retweeted the orignal tweet? For example, if person A tweets something, and the tweet is retweeted by person B and C, finally person D retweets person B's retweet. How would we determine if person D's retweet is a retweet of person B's retweet, using just the statuses_followers api function call? Thanks again Mang-Git On Aug 10, 9:28 pm, Tom van der Woerdt i...@tvdw.eu wrote: On 8/10/10 9:17 PM, manggit wrote: Hello All, I am currently developing an app for a open source project. I would like to first obtain all direct child retweets of a given tweet, and then I would like to find all retweets of each of the child retweets, so on and so forth, until i reach the end of the retweet chain. However given the new style retweets, the api function call returns all retweets of a given tweet, including retweets of retweets, as retweets of the original tweet. Therefore I am unable to follow the progression of a tweet and gather information on whether a retweet is a retweet of the original tweet, or if the retweet is of a retweet. Is there anyway to obtain this information using the status_retweet api function call, or any clever combination of any of the api functions? Any support will be greatly appreciated Thanks Mang-Git No and yes. No: if there's no specific API for it, then there's no easy way. Yes: You can build a follower-tree (A follows B, B follows C, C follows D, etc) from the original tweep, but that may take a lot of time depending on the amount of retweets, and should probably only be used for research purposes. Tom
[twitter-dev] More button
My app shows a list of updates from a call like UserTimeline or Favorites, gotten 20 at a time. It shows a More button at the bottom of the screen. Of course I do not want a More button on the last screen, I can think of 2 possible ways to do this: 1. Do 2 calls (argh) each time, see if the second call gives back no results, in that case I know that no More is needed. 2. Assume that these calls will always really send me back 20 results ALWAYS, then if less, I know this is the last screen. I see nothing in the return which shows that there is no next list to get. I am very wary of my #2 above. Does this mean I need to make 2 calls instead of one to know I am at the end? thanks, as usual, Mark
[twitter-dev] Re: Can't get the friend list of the logged in user (oAuth)
I have been trying to find the solution but I can't seem to find the right method. How can I return the list of friends IDs of the authenticated (oAuth) user? Thanks, Rémy
Re: [twitter-dev] Re: Can't get the friend list of the logged in user (oAuth)
On 8/11/10 2:13 PM, Rémy B wrote: I have been trying to find the solution but I can't seem to find the right method. How can I return the list of friends IDs of the authenticated (oAuth) user? Thanks, Rémy Hi Rémy, http://dev.twitter.com/doc/get/friends/ids http://dev.twitter.com/doc/get/followers/ids These 2 should help you. If by saying friends you mean mutual followers, then you should simply combine these two lists. Tom
[twitter-dev] Re: A total novice to both Twitter web development
It is possible to use only HTTP POST to do this, but it's going to require several requests because you will need to authenticate the user (in this case, it sounds like that user is you, so you may only need to do this once and just keep your tokens) with OAuth first. Once you have the access_token you will be able to make a HTTP POST request to send your tweet, but it's not going to be pretty because you will need to send all of your credentials and sign the request manually (more on that here: http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/). You'll probably be a whole lot better off trying to use one of the OAuth libraries listed here: http://dev.twitter.com/pages/oauth_libraries Hope that helps! On Aug 9, 4:43 pm, Sashkoff sanya...@gmail.com wrote: Folks, as a total novice to Twitter web development altogether, I am relying on you goodwill and help: - I want to use HTTP only to post new (only) tweets from my personal webpage. After I have spent a fortune of time reading thru Twitter API and Wiki, I couldn't come to any conlcusion if this is all possible. So, may any one help me anwering the following: - is it possible to use only HTTP POST to send a new tweet to my twitter account? And, - how should such HTTP POST request look? Thanks in advance, Sashkoff :-)
[twitter-dev] Re: bulk follower data, or friendships/lookup status?
Hi Tom, Thanks for the quick reply. I should have said we do compare the user ids found on the stream to a cached list of followers, but in cases where the authenticating user has tens or hundreds of thousands of followers, we don't have the entire list or an up-to-date list. It's for those cases that we're looking for a way to determine follower relationships. Thanks again, Noah On Aug 10, 4:28 pm, Tom van der Woerdt i...@tvdw.eu wrote: On 8/10/10 10:22 PM, Noah wrote: Hello all, Is there an efficient method to determine if a bunch of users follow the authenticating user? I'm trying to show the authenticating user which people returned by statuses/mentions (or the stream, or whatever) can be direct messaged -- without calling friendships/exists for each one. In an earlier post from April (Bulk User Relationship Lookup?), Raffi Krikorian mentioned development of friendships/lookup, which seems just right. Does anyone know the status of that method? Thanks, Noah Hi Noah, You could simply get all followers for the user via this API :http://dev.twitter.com/doc/get/followers/ids Then you can check if the person follows you or not by matching the user id to that list. Tom
[twitter-dev] statuses/friends_timeline doesn't return replies
Hi, I want to get all the tweets from people I follow, therefore is use statuses/friends_timeline. But in the results I get I see no replies. For example: I'm following user1. User1 tweets a standard message like: I'm washing the dishes This tweet is returned in my statuses/friends_timeline request. In the next tweet user1 replies to user2 (@user2 ...) This tweet is not returned in my statuses/friends_timeline request. Even when I am following user2 also, still no sign of the reply tweet. Is this expected behaviour, or am I missing something(a parameter I could add or something) your sincerely, Patrick
Re: [twitter-dev] statuses/friends_timeline doesn't return replies
Hi PBro, This typically works pretty well though there is the odd case of a missing @mention here and there. Could you verify that both user1 and user2 are being followed by the observer user? Thanks, Taylor On Wed, Aug 11, 2010 at 6:55 AM, PBro brouwe...@gmail.com wrote: Hi, I want to get all the tweets from people I follow, therefore is use statuses/friends_timeline. But in the results I get I see no replies. For example: I'm following user1. User1 tweets a standard message like: I'm washing the dishes This tweet is returned in my statuses/friends_timeline request. In the next tweet user1 replies to user2 (@user2 ...) This tweet is not returned in my statuses/friends_timeline request. Even when I am following user2 also, still no sign of the reply tweet. Is this expected behaviour, or am I missing something(a parameter I could add or something) your sincerely, Patrick
[twitter-dev] Trying to post update results in 500 Internal Server Error
Hi. I'm trying to post an update to http://api.twitter.com/1/statuses/update.json using an Oauth single access token. I have a feeling my authorization headers must be incorrect or something because I am getting a 500 internal server error. My authorization header is like this: OAuth realm=http://api.twitter.com/1/statuses/ update.xml,oauth_consumer_key=x,oauth_nonce=x,oauth_signature=x,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1281536391.17,oauth_token=x,oauth_version=1.0 and the POST body is simply my status update. What am I doing wrong here? Let me know if I need to provide more information.
Re: [twitter-dev] Trying to post update results in 500 Internal Server Error
Hi there, One thing that sticks out is your oauth_timestamp in that example.. it should be the UTC epoch time, in seconds. You'll want to remove extra granularity. Taylor On Wed, Aug 11, 2010 at 7:21 AM, rara-avis brittany.hun...@gmail.comwrote: Hi. I'm trying to post an update to http://api.twitter.com/1/statuses/update.json using an Oauth single access token. I have a feeling my authorization headers must be incorrect or something because I am getting a 500 internal server error. My authorization header is like this: OAuth realm=http://api.twitter.com/1/statuses/ update.xml,oauth_consumer_key=x,oauth_nonce=x,oauth_signature=x,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1281536391.17,oauth_token=x,oauth_version=1.0 and the POST body is simply my status update. What am I doing wrong here? Let me know if I need to provide more information.
[twitter-dev] Re: statuses/friends_timeline doesn't return replies
Hi Taylor, I'm requesting friends_timeline for user pbro and user pbro is following both user1 and 2. So yes the observer user is following both users. On Aug 11, 4:13 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi PBro, This typically works pretty well though there is the odd case of a missing @mention here and there. Could you verify that both user1 and user2 are being followed by the observer user? Thanks, Taylor On Wed, Aug 11, 2010 at 6:55 AM, PBro brouwe...@gmail.com wrote: Hi, I want to get all the tweets from people I follow, therefore is use statuses/friends_timeline. But in the results I get I see no replies. For example: I'm following user1. User1 tweets a standard message like: I'm washing the dishes This tweet is returned in my statuses/friends_timeline request. In the next tweet user1 replies to user2 (@user2 ...) This tweet is not returned in my statuses/friends_timeline request. Even when I am following user2 also, still no sign of the reply tweet. Is this expected behaviour, or am I missing something(a parameter I could add or something) your sincerely, Patrick
Re: [twitter-dev] More button
On Wed, Aug 11, 2010 at 8:43 AM, Mark Krieger markskrie...@gmail.com wrote: 2. Assume that these calls will always really send me back 20 results ALWAYS, then if less, I know this is the last screen. Unfortunately, that won't work. Twitter retrieves the messages from the cache and then tests if they still exist. This means you could receive less than 20 and still not being in the last page. -- Julio Biason julio.bia...@gmail.com Twitter: http://twitter.com/juliobiason
[twitter-dev] Re: Trying to post update results in 500 Internal Server Error
Thanks. I did that, but problem still remains. On Aug 11, 10:29 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi there, One thing that sticks out is your oauth_timestamp in that example.. it should be the UTC epoch time, in seconds. You'll want to remove extra granularity. Taylor On Wed, Aug 11, 2010 at 7:21 AM, rara-avis brittany.hun...@gmail.comwrote: Hi. I'm trying to post an update to http://api.twitter.com/1/statuses/update.json using an Oauth single access token. I have a feeling my authorization headers must be incorrect or something because I am getting a 500 internal server error. My authorization header is like this: OAuth realm=http://api.twitter.com/1/statuses/ update.xml,oauth_consumer_key=x,oauth_nonce=x,oauth_signature=x,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1281536391.17,oauth_token=x,oauth_version=1.0 and the POST body is simply my status update. What am I doing wrong here? Let me know if I need to provide more information.
Re: [twitter-dev] Re: statuses/friends_timeline doesn't return replies
Can you provide links to the users or specific status ids, along with a sample of your home_timeline API response where the replies should be located? Thanks, Taylor On Wed, Aug 11, 2010 at 7:36 AM, PBro brouwe...@gmail.com wrote: Hi Taylor, I'm requesting friends_timeline for user pbro and user pbro is following both user1 and 2. So yes the observer user is following both users. On Aug 11, 4:13 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi PBro, This typically works pretty well though there is the odd case of a missing @mention here and there. Could you verify that both user1 and user2 are being followed by the observer user? Thanks, Taylor On Wed, Aug 11, 2010 at 6:55 AM, PBro brouwe...@gmail.com wrote: Hi, I want to get all the tweets from people I follow, therefore is use statuses/friends_timeline. But in the results I get I see no replies. For example: I'm following user1. User1 tweets a standard message like: I'm washing the dishes This tweet is returned in my statuses/friends_timeline request. In the next tweet user1 replies to user2 (@user2 ...) This tweet is not returned in my statuses/friends_timeline request. Even when I am following user2 also, still no sign of the reply tweet. Is this expected behaviour, or am I missing something(a parameter I could add or something) your sincerely, Patrick
Re: [twitter-dev] Re: Trying to post update results in 500 Internal Server Error
Then we'll need more info to help you debug. Can you share your POST body containing the status you are trying to send, the exact URL and HTTP method you are executing, along with the OAuth signature base string you used for the request (without exposing your consumer secret)? Thanks, Taylor On Wed, Aug 11, 2010 at 7:45 AM, rara-avis brittany.hun...@gmail.comwrote: Thanks. I did that, but problem still remains. On Aug 11, 10:29 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi there, One thing that sticks out is your oauth_timestamp in that example.. it should be the UTC epoch time, in seconds. You'll want to remove extra granularity. Taylor On Wed, Aug 11, 2010 at 7:21 AM, rara-avis brittany.hun...@gmail.com wrote: Hi. I'm trying to post an update to http://api.twitter.com/1/statuses/update.json using an Oauth single access token. I have a feeling my authorization headers must be incorrect or something because I am getting a 500 internal server error. My authorization header is like this: OAuth realm=http://api.twitter.com/1/statuses/ update.xml,oauth_consumer_key=x,oauth_nonce=x,oauth_signature=x,oauth_signature_method=HMAC- SHA1,oauth_timestamp=1281536391.17,oauth_token=x,oauth_version=1.0 and the POST body is simply my status update. What am I doing wrong here? Let me know if I need to provide more information.
[twitter-dev] Re: More button
Thanks for the quick response, that is what I thought I had remembered. Does this mean that I always need to read-ahead to see if I am on the last page? Mark On Aug 11, 10:48 am, Julio Biason julio.bia...@gmail.com wrote: On Wed, Aug 11, 2010 at 8:43 AM, Mark Krieger markskrie...@gmail.com wrote: 2. Assume that these calls will always really send me back 20 results ALWAYS, then if less, I know this is the last screen. Unfortunately, that won't work. Twitter retrieves the messages from the cache and then tests if they still exist. This means you could receive less than 20 and still not being in the last page. -- Julio Biason julio.bia...@gmail.com Twitter:http://twitter.com/juliobiason
Re: [twitter-dev] Re: More button
You could simply request twice as many as you need and do the math. However, in rare occasions (very rare) it could happen that an user sent 20 tweets and deleted all of them, in which case it may look like you are at the end of the list. It is not recommended to use two API calls for 20 messages. Tom On 8/11/10 5:30 PM, Mark Krieger wrote: Thanks for the quick response, that is what I thought I had remembered. Does this mean that I always need to read-ahead to see if I am on the last page? Mark On Aug 11, 10:48 am, Julio Biason julio.bia...@gmail.com wrote: On Wed, Aug 11, 2010 at 8:43 AM, Mark Krieger markskrie...@gmail.com wrote: 2. Assume that these calls will always really send me back 20 results ALWAYS, then if less, I know this is the last screen. Unfortunately, that won't work. Twitter retrieves the messages from the cache and then tests if they still exist. This means you could receive less than 20 and still not being in the last page. -- Julio Biason julio.bia...@gmail.com Twitter:http://twitter.com/juliobiason
[twitter-dev] OAuth Via AppleScript
I have been developing a complete OAuth Library for Twitter in AppleScript (I know, some people thought it was impossible but it isn't). The trouble is, I can authorize OAuth and get my token and secret from Twitter without any issues. However, once I try to make a call to the API the script will not validate my signature. I am using the exact same methods to create my base string and signature that I used to authorize OAuth so I know it has to be an issue with either my header or base string parameters for this call... If someone could look this over and tell me if everything checks out that would be great! This is a simple call to get https://api.twitter.com/1/direct_messages.xml api Base string is GEThttps%3A%2F%2Fapi.twitter.com %2F1%2Fdirect_messages.xmloauth_consumer_key%3D2qKWThvrdoDBKeQCmIMA2w %26oauth_nonce %3D28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1%26oauth_signature_method %3DHMAC-SHA1%26oauth_token%3D90908405- B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ%26oauth_timestamp %3D1281541844%26oauth_version%3D1.0 The header for this call is listed as Authorization: OAuth oauth_consumer_key=2qKWThvrdoDBKeQCmIMA2w, oauth_nonce=28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1, oauth_signature_method=HMAC-SHA1, oauth_signature=%2B8UDpXZN9SwZsUBsFNv%2B518sLg0%3D, oauth_token=90908405-B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ, oauth_timestamp=1281541844, oauth_version=1.0 If you would like any other information to test this out for yourself please let me know!
Re: [twitter-dev] OAuth Via AppleScript
On 8/11/10 5:52 PM, isaiah1112 wrote: I have been developing a complete OAuth Library for Twitter in AppleScript (I know, some people thought it was impossible but it isn't). The trouble is, I can authorize OAuth and get my token and secret from Twitter without any issues. However, once I try to make a call to the API the script will not validate my signature. I am using the exact same methods to create my base string and signature that I used to authorize OAuth so I know it has to be an issue with either my header or base string parameters for this call... If someone could look this over and tell me if everything checks out that would be great! This is a simple call to get https://api.twitter.com/1/direct_messages.xml api Base string is GEThttps%3A%2F%2Fapi.twitter.com %2F1%2Fdirect_messages.xmloauth_consumer_key%3D2qKWThvrdoDBKeQCmIMA2w %26oauth_nonce %3D28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1%26oauth_signature_method %3DHMAC-SHA1%26oauth_token%3D90908405- B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ%26oauth_timestamp %3D1281541844%26oauth_version%3D1.0 The header for this call is listed as Authorization: OAuth oauth_consumer_key=2qKWThvrdoDBKeQCmIMA2w, oauth_nonce=28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1, oauth_signature_method=HMAC-SHA1, oauth_signature=%2B8UDpXZN9SwZsUBsFNv%2B518sLg0%3D, oauth_token=90908405-B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ, oauth_timestamp=1281541844, oauth_version=1.0 If you would like any other information to test this out for yourself please let me know! If your code works with non-authorized requests and not with authorized ones, then I think that the issue would have to be with generating your key. Make sure that you use consumer secretuser secret. If this is not the case, then please try generating a signature for verify_credentials.json, using the consumer key GDdmIQH6jhtmLUypg82g, consumer secret MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98, user token 819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw and user secret J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA. Please post the base string and the signature which you generate. Tom PS: Those keys which I named aren't actual keys, I took them from dev.twitter.com.
[twitter-dev] OAuth and Hardware
So how can I use OAuth on a hardware device we are creating that doesn't have a UI? Can I share the key between all the devices? This is only twittering to 1 account that we have created. Seems like OAuth is going to make stuff like this harder for people to develope. Seems like it would have just bee easier for security if you would have added HTTPS and left basic auth. At least for embedded devices so they could send tweets.
Re: [twitter-dev] OAuth and Hardware
On 8/11/10 6:30 PM, ERenken wrote: So how can I use OAuth on a hardware device we are creating that doesn't have a UI? Can I share the key between all the devices? This is only twittering to 1 account that we have created. Seems like OAuth is going to make stuff like this harder for people to develope. Seems like it would have just bee easier for security if you would have added HTTPS and left basic auth. At least for embedded devices so they could send tweets. If there's no chance of the key leaking to people outside of your company (or whoever uses your application) then I don't see why not. It's always better than sharing username/password like with Basic Auth, and if they all use the same account, it's no problem at all. Of course, a better solution would be to create a simple proxy, but that may take some more programming and money if you don't have a server for it. Tom
Re: [twitter-dev] OAuth and Hardware
One implementation option you have is to build only the portions of OAuth that you need to meet your goals. On dev.twitter.com we provide a feature that allows you to retrieve the access token for your own account, owning the application. You would then hard code this access token and your API keys within your device (with best effort security). The migration from basic auth isn't an issue of protecting from man-in-the-middle attacks (such that SSL would prevent) but more of an issue with applications having access to Twitter usernames and passwords. There are many people who use the same passwords across multiple sites, so the security risk of supporting basic auth does not stop at Twitter. Taylor On Wed, Aug 11, 2010 at 9:30 AM, ERenken eren...@gmail.com wrote: So how can I use OAuth on a hardware device we are creating that doesn't have a UI? Can I share the key between all the devices? This is only twittering to 1 account that we have created. Seems like OAuth is going to make stuff like this harder for people to develope. Seems like it would have just bee easier for security if you would have added HTTPS and left basic auth. At least for embedded devices so they could send tweets.
Re: [twitter-dev] Re: Can we use localhost to tweet messages using oAuth authentication??
If your intent is to have Twitter redirect to a specific URL after the OAuth authetnication page is complete, you'll want to make sure that your application is marked as being a web-based application and you've provided a default callback URL (even though it doesn't have to correspond to your actual callback URL). Then, you manually declare the oauth_callback with your target callback URL instead of oob Taylor On Tue, Aug 10, 2010 at 1:31 AM, Lumpizaver demsarj...@gmail.com wrote: I fixed that now, I just had to type oob as callback url. But now I don't get redirected to the page I want to be. I just get a PIN number, what should I do now?
[twitter-dev] Is it this simple - OAUTH PHP Transition from Basic Authentication
Using Abraham Williams twitteroauth library I used this base code to post Twitter. Is it that simple? Of course my app code is actually longer. I'm writing an app that takes new news stories posted to our web site and automatically tweets them. A question though: What's the best way to handle $access_key which is the oauth_token and $access_secret which is the oauth_token_secret? I've read they should not be readable in your php code. ?php $consumer_key = 12345; $consumer_secret = 6789; $access_key = 12345; $access_secret = 6789; require_once('twitteroauth/twitteroauth.php'); $connection = new TwitterOAuth ($consumer_key ,$consumer_secret , $access_key , $access_secret ); $connection-post('statuses/update', array('status' = my tweet)); ?
Re: [twitter-dev] Is it this simple - OAUTH PHP Transition from Basic Authentication
On 8/11/10 7:21 PM, Skygazer wrote: Using Abraham Williams twitteroauth library I used this base code to post Twitter. Is it that simple? Of course my app code is actually longer. I'm writing an app that takes new news stories posted to our web site and automatically tweets them. A question though: What's the best way to handle $access_key which is the oauth_token and $access_secret which is the oauth_token_secret? I've read they should not be readable in your php code. ?php $consumer_key = 12345; $consumer_secret = 6789; $access_key = 12345; $access_secret = 6789; require_once('twitteroauth/twitteroauth.php'); $connection = new TwitterOAuth ($consumer_key ,$consumer_secret , $access_key , $access_secret ); $connection-post('statuses/update', array('status' = my tweet)); ? Yes, OAuth is really that easy ;-) If they aren't readable in your PHP code, then you can't use them, and that wouldn't be very useful, would it? Just don't give the keys to your users, and you'll be fine. When you release the script to other websites you may want to consider using other keys, but I don't think that that applies to you. Tom
[twitter-dev] Re: OAuth Via AppleScript
Ok... here is what I cam up with using the keys and secrets you provided in your previous post Base String is: GEThttps%3A%2F%2Fapi.twitter.com%2F1%2Faccount %2Fverify_credentials.jsonoauth_consumer_key%3DGDdmIQH6jhtmLUypg82g %26oauth_nonce %3D702fab381be61bb60f210dd07d80be722da33f05%26oauth_signature_method %3DHMAC-SHA1%26oauth_token%3D819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw%26oauth_timestamp %3D1281551596%26oauth_version%3D1.0 consumersecretusersecret is: MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA Thus the non-url encoded signature would be: XUNmLwpiC2W0xyrxPs4yAMmHO9c= And the HTTP header would be (signature is URL encoded): Authorization: OAuth oauth_consumer_key=GDdmIQH6jhtmLUypg82g, oauth_nonce=702fab381be61bb60f210dd07d80be722da33f05, oauth_signature_method=HMAC-SHA1, oauth_signature=XUNmLwpiC2W0xyrxPs4yAMmHO9c%3D, oauth_token=819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw, oauth_timestamp=1281551596, oauth_version=1.0 Let me know if you came up with the same thing On Aug 11, 10:00 am, Tom van der Woerdt i...@tvdw.eu wrote: On 8/11/10 5:52 PM, isaiah1112 wrote: I have been developing a complete OAuth Library for Twitter in AppleScript (I know, some people thought it was impossible but it isn't). The trouble is, I can authorize OAuth and get my token and secret from Twitter without any issues. However, once I try to make a call to the API the script will not validate my signature. I am using the exact same methods to create my base string and signature that I used to authorize OAuth so I know it has to be an issue with either my header or base string parameters for this call... If someone could look this over and tell me if everything checks out that would be great! This is a simple call to gethttps://api.twitter.com/1/direct_messages.xml api Base string is GEThttps%3A%2F%2Fapi.twitter.com %2F1%2Fdirect_messages.xmloauth_consumer_key%3D2qKWThvrdoDBKeQCmIMA2w %26oauth_nonce %3D28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1%26oauth_signature_method %3DHMAC-SHA1%26oauth_token%3D90908405- B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ%26oauth_timestamp %3D1281541844%26oauth_version%3D1.0 The header for this call is listed as Authorization: OAuth oauth_consumer_key=2qKWThvrdoDBKeQCmIMA2w, oauth_nonce=28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1, oauth_signature_method=HMAC-SHA1, oauth_signature=%2B8UDpXZN9SwZsUBsFNv%2B518sLg0%3D, oauth_token=90908405-B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ, oauth_timestamp=1281541844, oauth_version=1.0 If you would like any other information to test this out for yourself please let me know! If your code works with non-authorized requests and not with authorized ones, then I think that the issue would have to be with generating your key. Make sure that you use consumer secretuser secret. If this is not the case, then please try generating a signature for verify_credentials.json, using the consumer key GDdmIQH6jhtmLUypg82g, consumer secret MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98, user token 819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw and user secret J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA. Please post the base string and the signature which you generate. Tom PS: Those keys which I named aren't actual keys, I took them from dev.twitter.com.
[twitter-dev] Re: More button
Thanks for the suggestion. I think I probably have a good but not perfect solution which is much less work and also not likely to ever fail: 1 - favorites and specific user updates have a count associated with them at any time. I can use that count to know when I am done. Pretty much. 2 - friends/followers/lists all have a next_cursor, so does a search, that works for me now. 3- Home timeline is an issue, but I can see how twitter will find that difficult to count for me or give me a next_cursor, etc. I guess if someone clicks 'more' once in a long while and I have to refresh to the same page with no more button because my one extra read showed no more updates, then I can live with that. Unless someone has a better idea? Mark On Aug 11, 11:33 am, Tom van der Woerdt i...@tvdw.eu wrote: You could simply request twice as many as you need and do the math. However, in rare occasions (very rare) it could happen that an user sent 20 tweets and deleted all of them, in which case it may look like you are at the end of the list. It is not recommended to use two API calls for 20 messages. Tom On 8/11/10 5:30 PM, Mark Krieger wrote: Thanks for the quick response, that is what I thought I had remembered. Does this mean that I always need to read-ahead to see if I am on the last page? Mark On Aug 11, 10:48 am, Julio Biason julio.bia...@gmail.com wrote: On Wed, Aug 11, 2010 at 8:43 AM, Mark Krieger markskrie...@gmail.com wrote: 2. Assume that these calls will always really send me back 20 results ALWAYS, then if less, I know this is the last screen. Unfortunately, that won't work. Twitter retrieves the messages from the cache and then tests if they still exist. This means you could receive less than 20 and still not being in the last page. -- Julio Biason julio.bia...@gmail.com Twitter:http://twitter.com/juliobiason
Re: [twitter-dev] Re: OAuth Via AppleScript
On 8/11/10 8:38 PM, isaiah1112 wrote: Ok... here is what I cam up with using the keys and secrets you provided in your previous post Base String is: GEThttps%3A%2F%2Fapi.twitter.com%2F1%2Faccount %2Fverify_credentials.jsonoauth_consumer_key%3DGDdmIQH6jhtmLUypg82g %26oauth_nonce %3D702fab381be61bb60f210dd07d80be722da33f05%26oauth_signature_method %3DHMAC-SHA1%26oauth_token%3D819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw%26oauth_timestamp %3D1281551596%26oauth_version%3D1.0 consumersecretusersecret is: MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA Thus the non-url encoded signature would be: XUNmLwpiC2W0xyrxPs4yAMmHO9c= And the HTTP header would be (signature is URL encoded): Authorization: OAuth oauth_consumer_key=GDdmIQH6jhtmLUypg82g, oauth_nonce=702fab381be61bb60f210dd07d80be722da33f05, oauth_signature_method=HMAC-SHA1, oauth_signature=XUNmLwpiC2W0xyrxPs4yAMmHO9c%3D, oauth_token=819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw, oauth_timestamp=1281551596, oauth_version=1.0 Let me know if you came up with the same thing On Aug 11, 10:00 am, Tom van der Woerdt i...@tvdw.eu wrote: On 8/11/10 5:52 PM, isaiah1112 wrote: I have been developing a complete OAuth Library for Twitter in AppleScript (I know, some people thought it was impossible but it isn't). The trouble is, I can authorize OAuth and get my token and secret from Twitter without any issues. However, once I try to make a call to the API the script will not validate my signature. I am using the exact same methods to create my base string and signature that I used to authorize OAuth so I know it has to be an issue with either my header or base string parameters for this call... If someone could look this over and tell me if everything checks out that would be great! This is a simple call to gethttps://api.twitter.com/1/direct_messages.xml api Base string is GEThttps%3A%2F%2Fapi.twitter.com %2F1%2Fdirect_messages.xmloauth_consumer_key%3D2qKWThvrdoDBKeQCmIMA2w %26oauth_nonce %3D28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1%26oauth_signature_method %3DHMAC-SHA1%26oauth_token%3D90908405- B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ%26oauth_timestamp %3D1281541844%26oauth_version%3D1.0 The header for this call is listed as Authorization: OAuth oauth_consumer_key=2qKWThvrdoDBKeQCmIMA2w, oauth_nonce=28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1, oauth_signature_method=HMAC-SHA1, oauth_signature=%2B8UDpXZN9SwZsUBsFNv%2B518sLg0%3D, oauth_token=90908405-B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ, oauth_timestamp=1281541844, oauth_version=1.0 If you would like any other information to test this out for yourself please let me know! If your code works with non-authorized requests and not with authorized ones, then I think that the issue would have to be with generating your key. Make sure that you use consumer secretuser secret. If this is not the case, then please try generating a signature for verify_credentials.json, using the consumer key GDdmIQH6jhtmLUypg82g, consumer secret MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98, user token 819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw and user secret J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA. Please post the base string and the signature which you generate. Tom PS: Those keys which I named aren't actual keys, I took them from dev.twitter.com. Hi, Using exactly the same values as you provided (including the base string), I got XUNmLwpiC2W0xyrxPs4yAMmHO9c= as well. However, when I applied sort(), I got zKLhRH6fz/p7UtVsS25KPQGJWD0= Apparently, your oauth_token and oauth_timestamp are in the wrong order ;-) Tom
[twitter-dev] Re: OAuth Via AppleScript
You were right! I forgot to sort them... Thanks! On Aug 11, 1:14 pm, Tom van der Woerdt i...@tvdw.eu wrote: On 8/11/10 8:38 PM, isaiah1112 wrote: Ok... here is what I cam up with using the keys and secrets you provided in your previous post Base String is: GEThttps%3A%2F%2Fapi.twitter.com%2F1%2Faccount %2Fverify_credentials.jsonoauth_consumer_key%3DGDdmIQH6jhtmLUypg82g %26oauth_nonce %3D702fab381be61bb60f210dd07d80be722da33f05%26oauth_signature_method %3DHMAC-SHA1%26oauth_token%3D819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw%26oauth_timestamp %3D1281551596%26oauth_version%3D1.0 consumersecretusersecret is: MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98J6zix3FfA9LofH0awS24M3HcBYXO5nI 1iYe8EfBA Thus the non-url encoded signature would be: XUNmLwpiC2W0xyrxPs4yAMmHO9c= And the HTTP header would be (signature is URL encoded): Authorization: OAuth oauth_consumer_key=GDdmIQH6jhtmLUypg82g, oauth_nonce=702fab381be61bb60f210dd07d80be722da33f05, oauth_signature_method=HMAC-SHA1, oauth_signature=XUNmLwpiC2W0xyrxPs4yAMmHO9c%3D, oauth_token=819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw, oauth_timestamp=1281551596, oauth_version=1.0 Let me know if you came up with the same thing On Aug 11, 10:00 am, Tom van der Woerdt i...@tvdw.eu wrote: On 8/11/10 5:52 PM, isaiah1112 wrote: I have been developing a complete OAuth Library for Twitter in AppleScript (I know, some people thought it was impossible but it isn't). The trouble is, I can authorize OAuth and get my token and secret from Twitter without any issues. However, once I try to make a call to the API the script will not validate my signature. I am using the exact same methods to create my base string and signature that I used to authorize OAuth so I know it has to be an issue with either my header or base string parameters for this call... If someone could look this over and tell me if everything checks out that would be great! This is a simple call to gethttps://api.twitter.com/1/direct_messages.xml api Base string is GEThttps%3A%2F%2Fapi.twitter.com %2F1%2Fdirect_messages.xmloauth_consumer_key%3D2qKWThvrdoDBKeQCmIMA2w %26oauth_nonce %3D28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1%26oauth_signature_method %3DHMAC-SHA1%26oauth_token%3D90908405- B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ%26oauth_timestamp %3D1281541844%26oauth_version%3D1.0 The header for this call is listed as Authorization: OAuth oauth_consumer_key=2qKWThvrdoDBKeQCmIMA2w, oauth_nonce=28e0ef3fec75d92e6fc95460ffef4581ffd1d8f1, oauth_signature_method=HMAC-SHA1, oauth_signature=%2B8UDpXZN9SwZsUBsFNv%2B518sLg0%3D, oauth_token=90908405-B0SOI7v64YMcx7VOPTOvSieUOztDNPStWVY9rnabJ, oauth_timestamp=1281541844, oauth_version=1.0 If you would like any other information to test this out for yourself please let me know! If your code works with non-authorized requests and not with authorized ones, then I think that the issue would have to be with generating your key. Make sure that you use consumer secretuser secret. If this is not the case, then please try generating a signature for verify_credentials.json, using the consumer key GDdmIQH6jhtmLUypg82g, consumer secret MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98, user token 819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw and user secret J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA. Please post the base string and the signature which you generate. Tom PS: Those keys which I named aren't actual keys, I took them from dev.twitter.com. Hi, Using exactly the same values as you provided (including the base string), I got XUNmLwpiC2W0xyrxPs4yAMmHO9c= as well. However, when I applied sort(), I got zKLhRH6fz/p7UtVsS25KPQGJWD0= Apparently, your oauth_token and oauth_timestamp are in the wrong order ;-) Tom
[twitter-dev] New app for every Twitter account?
My company has several news sites and each has one or more Twitter accounts depending on the topic. I've created a new app using OAuth and PHP to post our news stories automatically as they are published. Previously with basic authentication I would just pass the username and password etc. to get the story posted. But now I'm wondering, do I need to create a new app for every Twitter account we have? Or can I post to our accounts with the one app I created with its keys and tokens? And if I can use just the one app, how do I post to the other accounts? The app was created on our primary Twitter account. Thanks Marc PS I already have the OAuth and PHP code working for our primary Twiter account.
Re: [twitter-dev] New app for every Twitter account?
On 8/11/10 9:37 PM, Skygazer wrote: My company has several news sites and each has one or more Twitter accounts depending on the topic. I've created a new app using OAuth and PHP to post our news stories automatically as they are published. Previously with basic authentication I would just pass the username and password etc. to get the story posted. But now I'm wondering, do I need to create a new app for every Twitter account we have? Or can I post to our accounts with the one app I created with its keys and tokens? And if I can use just the one app, how do I post to the other accounts? The app was created on our primary Twitter account. Thanks Marc PS I already have the OAuth and PHP code working for our primary Twiter account. Hi Marc, Each app can only have one from application name, unlike Basic Authentication. This may be limiting. Also, each app has two sets of keys, the consumer keys (app keys) and oauth keys (user keys). The user keys which you get by default are the user keys which belong to the account which owns the app. This does not mean that you can't get more keys, but you will need to go through the so-called oauth dance. I can't help you with that (never had to implement it, I'm a desktop developer) but I'm sure that http://dev.twitter.com can help you with it. Tom
Re: [twitter-dev] New app for every Twitter account?
Hi Marc, In this case, instead of using the username/password of a different account while making a request, you would use an access token/access token secret belonging to a different account. You don't need to create separate applications for each account, but you need to authorize the application to act on behalf of each account. If you don't want to implement the OAuth flow to acquire access tokens in your application, you can use another application or library (such as my OAuth Dancer at http://github.com/episod/oauth-dancer ) to secure the access tokens, then port them over to your proper application. Taylor On Wed, Aug 11, 2010 at 12:37 PM, Skygazer marc.bouc...@gmail.com wrote: My company has several news sites and each has one or more Twitter accounts depending on the topic. I've created a new app using OAuth and PHP to post our news stories automatically as they are published. Previously with basic authentication I would just pass the username and password etc. to get the story posted. But now I'm wondering, do I need to create a new app for every Twitter account we have? Or can I post to our accounts with the one app I created with its keys and tokens? And if I can use just the one app, how do I post to the other accounts? The app was created on our primary Twitter account. Thanks Marc PS I already have the OAuth and PHP code working for our primary Twiter account.
[twitter-dev] How do I get latest tweets with OAuth
Hello o/ Into now, I have caught my latest tweets that way: file_get_contents(http://twitter.com/statuses/user_timeline/ {$username}.json?count={$number}); Actually, I used cURL, but I put that way to simplify the code. Well, with this new OAuth thing, I'm lost. I'm triyng to use the TwitterOAuth Lib (http://github.com/abraham/ twitteroauth), but, I'll have to sign in every time to autenthicate myself? I don't understand very well... See, I know that I need: $connection = new TwitterOAuth(MY_CONSUMER_KEY, MY_CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']); $connection-get(user_timeline/{$username}.json?count={$number}); But... I don't know where I get the oauth_token and oauth_token_secret (it's necessary for what I want?). I'll need all this just to get my latest tweets? Help, pls! (srry for the bad english)
[twitter-dev] Re: New app for every Twitter account?
Hi Taylor, Ok, but how do you get an access token/access token secret for the other account without creating a new app? On Aug 11, 3:49 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Marc, In this case, instead of using the username/password of a different account while making a request, you would use an access token/access token secret belonging to a different account. You don't need to create separate applications for each account, but you need to authorize the application to act on behalf of each account. If you don't want to implement the OAuth flow to acquire access tokens in your application, you can use another application or library (such as my OAuth Dancer athttp://github.com/episod/oauth-dancer) to secure the access tokens, then port them over to your proper application. Taylor On Wed, Aug 11, 2010 at 12:37 PM, Skygazer marc.bouc...@gmail.com wrote: My company has several news sites and each has one or more Twitter accounts depending on the topic. I've created a new app using OAuth and PHP to post our news stories automatically as they are published. Previously with basic authentication I would just pass the username and password etc. to get the story posted. But now I'm wondering, do I need to create a new app for every Twitter account we have? Or can I post to our accounts with the one app I created with its keys and tokens? And if I can use just the one app, how do I post to the other accounts? The app was created on our primary Twitter account. Thanks Marc PS I already have the OAuth and PHP code working for our primary Twiter account.
Re: [twitter-dev] Re: New app for every Twitter account?
Hi Marc, You can do this using the OAuth authentication flow which you can find at http://dev.twitter.com/pages/auth#intro This may seem very much complicated for a simple application with only a few users (and static keys), and I agree. However, unless there is some service on the internet which simply allows you to get some keys in exchange for your username/password (and I do not know any), you will have to use this. Tom On 8/11/10 10:58 PM, Skygazer wrote: Hi Taylor, Ok, but how do you get an access token/access token secret for the other account without creating a new app? On Aug 11, 3:49 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Marc, In this case, instead of using the username/password of a different account while making a request, you would use an access token/access token secret belonging to a different account. You don't need to create separate applications for each account, but you need to authorize the application to act on behalf of each account. If you don't want to implement the OAuth flow to acquire access tokens in your application, you can use another application or library (such as my OAuth Dancer athttp://github.com/episod/oauth-dancer) to secure the access tokens, then port them over to your proper application. Taylor On Wed, Aug 11, 2010 at 12:37 PM, Skygazer marc.bouc...@gmail.com wrote: My company has several news sites and each has one or more Twitter accounts depending on the topic. I've created a new app using OAuth and PHP to post our news stories automatically as they are published. Previously with basic authentication I would just pass the username and password etc. to get the story posted. But now I'm wondering, do I need to create a new app for every Twitter account we have? Or can I post to our accounts with the one app I created with its keys and tokens? And if I can use just the one app, how do I post to the other accounts? The app was created on our primary Twitter account. Thanks Marc PS I already have the OAuth and PHP code working for our primary Twiter account.
[twitter-dev] Re: New app for every Twitter account?
No he means each source is a user and has its own account, and authorizes the single app for separate access tokens.. However, my question is, is not having aliases a btter solution for this? In other words, on user having several aliases, each alias being permitted to get separate access tokens for the same app? Regards, Shob On Aug 11, 1:58 pm, Skygazer marc.bouc...@gmail.com wrote: Hi Taylor, Ok, but how do you get an access token/access token secret for the other account without creating a new app? On Aug 11, 3:49 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Marc, In this case, instead of using the username/password of a different account while making a request, you would use an access token/access token secret belonging to a different account. You don't need to create separate applications for each account, but you need to authorize the application to act on behalf of each account. If you don't want to implement the OAuth flow to acquire access tokens in your application, you can use another application or library (such as my OAuth Dancer athttp://github.com/episod/oauth-dancer) to secure the access tokens, then port them over to your proper application. Taylor On Wed, Aug 11, 2010 at 12:37 PM, Skygazer marc.bouc...@gmail.com wrote: My company has several news sites and each has one or more Twitter accounts depending on the topic. I've created a new app using OAuth and PHP to post our news stories automatically as they are published. Previously with basic authentication I would just pass the username and password etc. to get the story posted. But now I'm wondering, do I need to create a new app for every Twitter account we have? Or can I post to our accounts with the one app I created with its keys and tokens? And if I can use just the one app, how do I post to the other accounts? The app was created on our primary Twitter account. Thanks Marc PS I already have the OAuth and PHP code working for our primary Twiter account.
Re: [twitter-dev] How do I get latest tweets with OAuth
On 8/11/10 10:49 PM, lucaswxp wrote: Hello o/ Into now, I have caught my latest tweets that way: file_get_contents(http://twitter.com/statuses/user_timeline/ {$username}.json?count={$number}); Actually, I used cURL, but I put that way to simplify the code. Well, with this new OAuth thing, I'm lost. I'm triyng to use the TwitterOAuth Lib (http://github.com/abraham/ twitteroauth), but, I'll have to sign in every time to autenthicate myself? I don't understand very well... See, I know that I need: $connection = new TwitterOAuth(MY_CONSUMER_KEY, MY_CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']); $connection-get(user_timeline/{$username}.json?count={$number}); But... I don't know where I get the oauth_token and oauth_token_secret (it's necessary for what I want?). I'll need all this just to get my latest tweets? Help, pls! (srry for the bad english) Hello, You can find these on http://dev.twitter.com/apps - your application name - My Access Token (right menu) - the keys. These will only work for one account, although you can access the timelines of other people this way - unless the account is protected. Tom
[twitter-dev] Re: New app for every Twitter account?
Sorry for the typos, here its again: No, he means each source is a user and has its own account, and authorizes the single app for separate access tokens.. However, my question is, is having aliases a better solution for this? In other words, one user having several aliases, each alias being permitted to get separate access tokens for the same app? Regards, Shob On Aug 11, 2:04 pm, Jacky jaga...@gmail.com wrote: No he means each source is a user and has its own account, and authorizes the single app for separate access tokens.. However, my question is, is not having aliases a btter solution for this? In other words, on user having several aliases, each alias being permitted to get separate access tokens for the same app? Regards, Shob On Aug 11, 1:58 pm, Skygazer marc.bouc...@gmail.com wrote: Hi Taylor, Ok, but how do you get an access token/access token secret for the other account without creating a new app? On Aug 11, 3:49 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Marc, In this case, instead of using the username/password of a different account while making a request, you would use an access token/access token secret belonging to a different account. You don't need to create separate applications for each account, but you need to authorize the application to act on behalf of each account. If you don't want to implement the OAuth flow to acquire access tokens in your application, you can use another application or library (such as my OAuth Dancer athttp://github.com/episod/oauth-dancer) to secure the access tokens, then port them over to your proper application. Taylor On Wed, Aug 11, 2010 at 12:37 PM, Skygazer marc.bouc...@gmail.com wrote: My company has several news sites and each has one or more Twitter accounts depending on the topic. I've created a new app using OAuth and PHP to post our news stories automatically as they are published. Previously with basic authentication I would just pass the username and password etc. to get the story posted. But now I'm wondering, do I need to create a new app for every Twitter account we have? Or can I post to our accounts with the one app I created with its keys and tokens? And if I can use just the one app, how do I post to the other accounts? The app was created on our primary Twitter account. Thanks Marc PS I already have the OAuth and PHP code working for our primary Twiter account.
[twitter-dev] Re: New app for every Twitter account?
That makes sense to me but that's not supported at this time from my understanding. On Aug 11, 5:04 pm, Jacky jaga...@gmail.com wrote: No he means each source is a user and has its own account, and authorizes the single app for separate access tokens.. However, my question is, is not having aliases a btter solution for this? In other words, on user having several aliases, each alias being permitted to get separate access tokens for the same app? Regards, Shob On Aug 11, 1:58 pm, Skygazer marc.bouc...@gmail.com wrote: Hi Taylor, Ok, but how do you get an access token/access token secret for the other account without creating a new app? On Aug 11, 3:49 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Marc, In this case, instead of using the username/password of a different account while making a request, you would use an access token/access token secret belonging to a different account. You don't need to create separate applications for each account, but you need to authorize the application to act on behalf of each account. If you don't want to implement the OAuth flow to acquire access tokens in your application, you can use another application or library (such as my OAuth Dancer athttp://github.com/episod/oauth-dancer) to secure the access tokens, then port them over to your proper application. Taylor On Wed, Aug 11, 2010 at 12:37 PM, Skygazer marc.bouc...@gmail.com wrote: My company has several news sites and each has one or more Twitter accounts depending on the topic. I've created a new app using OAuth and PHP to post our news stories automatically as they are published. Previously with basic authentication I would just pass the username and password etc. to get the story posted. But now I'm wondering, do I need to create a new app for every Twitter account we have? Or can I post to our accounts with the one app I created with its keys and tokens? And if I can use just the one app, how do I post to the other accounts? The app was created on our primary Twitter account. Thanks Marc PS I already have the OAuth and PHP code working for our primary Twiter account.
[twitter-dev] Re: New app for every Twitter account?
Ok, I'll give it a try. Thanks. On Aug 11, 5:02 pm, Tom van der Woerdt i...@tvdw.eu wrote: Hi Marc, You can do this using the OAuth authentication flow which you can find athttp://dev.twitter.com/pages/auth#intro This may seem very much complicated for a simple application with only a few users (and static keys), and I agree. However, unless there is some service on the internet which simply allows you to get some keys in exchange for your username/password (and I do not know any), you will have to use this. Tom On 8/11/10 10:58 PM, Skygazer wrote: Hi Taylor, Ok, but how do you get an access token/access token secret for the other account without creating a new app? On Aug 11, 3:49 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Marc, In this case, instead of using the username/password of a different account while making a request, you would use an access token/access token secret belonging to a different account. You don't need to create separate applications for each account, but you need to authorize the application to act on behalf of each account. If you don't want to implement the OAuth flow to acquire access tokens in your application, you can use another application or library (such as my OAuth Dancer athttp://github.com/episod/oauth-dancer) to secure the access tokens, then port them over to your proper application. Taylor On Wed, Aug 11, 2010 at 12:37 PM, Skygazer marc.bouc...@gmail.com wrote: My company has several news sites and each has one or more Twitter accounts depending on the topic. I've created a new app using OAuth and PHP to post our news stories automatically as they are published. Previously with basic authentication I would just pass the username and password etc. to get the story posted. But now I'm wondering, do I need to create a new app for every Twitter account we have? Or can I post to our accounts with the one app I created with its keys and tokens? And if I can use just the one app, how do I post to the other accounts? The app was created on our primary Twitter account. Thanks Marc PS I already have the OAuth and PHP code working for our primary Twiter account.
Re: [twitter-dev] How do I get latest tweets with OAuth
You should reformat your request from: $connection-get(user_timeline/{$username}.json?count={$number}); to: $connection-get(statuses/user_timeline, array(screen_name = $username, count = $number)); TwitterOAuth automatically adds the type. Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Wed, Aug 11, 2010 at 13:49, lucaswxp lucas@gmail.com wrote: Hello o/ Into now, I have caught my latest tweets that way: file_get_contents(http://twitter.com/statuses/user_timeline/ {$username}.json?count={$number}); Actually, I used cURL, but I put that way to simplify the code. Well, with this new OAuth thing, I'm lost. I'm triyng to use the TwitterOAuth Lib (http://github.com/abraham/ twitteroauth), but, I'll have to sign in every time to autenthicate myself? I don't understand very well... See, I know that I need: $connection = new TwitterOAuth(MY_CONSUMER_KEY, MY_CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']); $connection-get(user_timeline/{$username}.json?count={$number}); But... I don't know where I get the oauth_token and oauth_token_secret (it's necessary for what I want?). I'll need all this just to get my latest tweets? Help, pls! (srry for the bad english)
[twitter-dev] Re: New app for every Twitter account?
No its not, and I wish it was allowed/supported... On Aug 11, 2:09 pm, Skygazer marc.bouc...@gmail.com wrote: That makes sense to me but that's not supported at this time from my understanding. On Aug 11, 5:04 pm, Jacky jaga...@gmail.com wrote: No he means each source is a user and has its own account, and authorizes the single app for separate access tokens.. However, my question is, is not having aliases a btter solution for this? In other words, on user having several aliases, each alias being permitted to get separate access tokens for the same app? Regards, Shob On Aug 11, 1:58 pm, Skygazer marc.bouc...@gmail.com wrote: Hi Taylor, Ok, but how do you get an access token/access token secret for the other account without creating a new app? On Aug 11, 3:49 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Marc, In this case, instead of using the username/password of a different account while making a request, you would use an access token/access token secret belonging to a different account. You don't need to create separate applications for each account, but you need to authorize the application to act on behalf of each account. If you don't want to implement the OAuth flow to acquire access tokens in your application, you can use another application or library (such as my OAuth Dancer athttp://github.com/episod/oauth-dancer) to secure the access tokens, then port them over to your proper application. Taylor On Wed, Aug 11, 2010 at 12:37 PM, Skygazer marc.bouc...@gmail.com wrote: My company has several news sites and each has one or more Twitter accounts depending on the topic. I've created a new app using OAuth and PHP to post our news stories automatically as they are published. Previously with basic authentication I would just pass the username and password etc. to get the story posted. But now I'm wondering, do I need to create a new app for every Twitter account we have? Or can I post to our accounts with the one app I created with its keys and tokens? And if I can use just the one app, how do I post to the other accounts? The app was created on our primary Twitter account. Thanks Marc PS I already have the OAuth and PHP code working for our primary Twiter account.
Re: [twitter-dev] Is it this simple - OAUTH PHP Transition from Basic Authentication
When you store access tokens in the PHP file you really only have to worry about your server configuration leaking the PHP file without compiling it or someone getting terminal access to your server. If someone is able to read the contents of your PHP file you can reset the application key on http://dev.twitter.com/apps. Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Wed, Aug 11, 2010 at 10:21, Skygazer marc.bouc...@gmail.com wrote: Using Abraham Williams twitteroauth library I used this base code to post Twitter. Is it that simple? Of course my app code is actually longer. I'm writing an app that takes new news stories posted to our web site and automatically tweets them. A question though: What's the best way to handle $access_key which is the oauth_token and $access_secret which is the oauth_token_secret? I've read they should not be readable in your php code. ?php $consumer_key = 12345; $consumer_secret = 6789; $access_key = 12345; $access_secret = 6789; require_once('twitteroauth/twitteroauth.php'); $connection = new TwitterOAuth ($consumer_key ,$consumer_secret , $access_key , $access_secret ); $connection-post('statuses/update', array('status' = my tweet)); ?
[twitter-dev] Search API bug when using lang parameter
When I append the lang parameter to my searches, twitter responds with a small handfull of results, then aborts with the error: warning:adjusted since_id to 20868007278 due to temporary error. However, once I take out the lang parameter, I receive the expected results. You can see what I'm talking about by looking at the following links: No lang parameter: http://search.twitter.com/search.json?q=badkittyapp Lang parameter: http://search.twitter.com/search.json?q=badkittyapplang=en For what it's worth, this has been going on for a while. Any advice?
[twitter-dev] Re: How do I get latest tweets with OAuth
Thx guys. Well, I tried the follow: I put my consumer key/secret and my tokens, but I put a different user. (My application's data, but a different user, just for test)... And what happened: I get the latest tweets of this user anyway... Is that right? Shouldn't I only have access to my account (the one that created the app)?
Re: [twitter-dev] Re: How do I get latest tweets with OAuth
On 8/12/10 12:09 AM, lucaswxp wrote: Thx guys. Well, I tried the follow: I put my consumer key/secret and my tokens, but I put a different user. (My application's data, but a different user, just for test)... And what happened: I get the latest tweets of this user anyway... Is that right? Shouldn't I only have access to my account (the one that created the app)? Let me ask you this: if you go to http://twitter.com/twitterapi, are you supposed to see the tweets? I say that you should, and that is exactly what happens. ;-) Tom
[twitter-dev] Twitter Launching Official Tweet Buttons This Week??
Is this true? When will we see documentation? http://mashable.com/2010/08/10/twitter-official-share-buttons/ -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos
[twitter-dev] Re: Sign in automatically
Diogo, You might want to look at @Anywhere which handles all the Oauth stuff for you. I just started using it (created a space sim app at http://www.standard3d.com) Once they are logged in, your app has their userId, etc. You can build an app which does everything twitter does, but you can track usage (which I suppose is the point of your app?) Yeah, so @Anywhere is cool, just remember to verify not only your www.domain.com but also domain.com (annoying behavior if you don't) Dommer On Aug 10, 9:29 am, Diogo diogo.dor...@gmail.com wrote: Hello, I'm developing a system for a company where the employees can read and answer tweets from a single account. It is working, but not using oAuth. I read that Twitter will no longer support the basic authentication. The question is, if I change the authentication to oAuth, everybody will have to know the username and password of Twitter account and sign in manually to begin work?
[twitter-dev] Re: OAuth and Hardware
Thanks for the information. I will look at dev.twitter.com On Aug 11, 9:38 am, Taylor Singletary taylorsinglet...@twitter.com wrote: One implementation option you have is to build only the portions of OAuth that you need to meet your goals. On dev.twitter.com we provide a feature that allows you to retrieve the access token for your own account, owning the application. You would then hard code this access token and your API keys within your device (with best effort security). The migration from basic auth isn't an issue of protecting from man-in-the-middle attacks (such that SSL would prevent) but more of an issue with applications having access to Twitter usernames and passwords. There are many people who use the same passwords across multiple sites, so the security risk of supporting basic auth does not stop at Twitter. TaylorOn Wed, Aug 11, 2010 at 9:30 AM, ERenken eren...@gmail.com wrote: So how can I use OAuth on a hardware device we are creating that doesn't have a UI? Can I share the key between all the devices? This is only twittering to 1 account that we have created. Seems like OAuth is going to make stuff like this harder for people to develope. Seems like it would have just bee easier for security if you would have added HTTPS and left basic auth. At least for embedded devices so they could send tweets.
[twitter-dev] Re: OAuth and Hardware
Does the token ever expire? Eric On Aug 11, 9:38 am, Taylor Singletary taylorsinglet...@twitter.com wrote: One implementation option you have is to build only the portions of OAuth that you need to meet your goals. On dev.twitter.com we provide a feature that allows you to retrieve the access token for your own account, owning the application. You would then hard code this access token and your API keys within your device (with best effort security). The migration from basic auth isn't an issue of protecting from man-in-the-middle attacks (such that SSL would prevent) but more of an issue with applications having access to Twitter usernames and passwords. There are many people who use the same passwords across multiple sites, so the security risk of supporting basic auth does not stop at Twitter. TaylorOn Wed, Aug 11, 2010 at 9:30 AM, ERenken eren...@gmail.com wrote: So how can I use OAuth on a hardware device we are creating that doesn't have a UI? Can I share the key between all the devices? This is only twittering to 1 account that we have created. Seems like OAuth is going to make stuff like this harder for people to develope. Seems like it would have just bee easier for security if you would have added HTTPS and left basic auth. At least for embedded devices so they could send tweets.
[twitter-dev] Re: search randomly limits result set
this may be what you're looking for in the stream API http://dev.twitter.com/pages/streaming_api_methods I am having the same problems with the search API. To be blunt: it's unreliable, especially for business use. On Aug 10, 9:25 am, michael xenakis michael.g.xena...@gmail.com wrote: Thanks, Taylor. And to clarify my understanding: The Search API is the only entry point for compound searches, yes? I.e., if I want to get Tweets from multiple users in a single call? Also, the REST API does not support searching for hash tags in any form, yes? So the Search API is the only means for that? Thanks again, mX. p.s. The Search Quality Help Page link at the bottom of the page you linked below is dead. I.e.,:http://support.twitter.com/groups/32-something-s-not-working/topics/1... On Aug 10, 2010, at 8:31 AM, Taylor Singletary wrote: The search API's available corpus of tweets for search varies -- it's not always exactly a week, as tweet velocity has an effect on how many tweets can be made readily available for searching. Search also contains only a portion of the total amount of tweets in the system at any one time:http://support.twitter.com/groups/32-something-s-not-working/topics/1... Thanks, Taylor On Tue, Aug 10, 2010 at 8:00 AM, mX. michael.g.xena...@gmail.com wrote: Hullo all - While I opted to keep the subject line short(er), I allow that this may all be a case of user error and that there may be nothing either random w/ the API. That said... ... I've been working w/ the REST API and am trying to incorporate some of the Search API functionality, but am having a very difficult time w/ it. An immediate example is the fact that the API seems to return very few items from its search. E.g., the following search strings (740AM PST, Tue Aug 10): feed://search.twitter.com/search.atom?q=%23thenyknicks+OR+%23allan_houston - returns 4 tweets dating back to Thu Aug 5, 110P (per Twitter feeds) feed://search.twitter.com/search.atom?q=%23thenyknicks+OR+%23allan_houston+OR+from%3Athenyknicks+OR+from%3Aallan_houston - returns 13 tweets dating back to Thu Aug 5, 601A (per Twitter feeds) feed://search.twitter.com/search.atom?q=%23thenyknicks+OR+%23allan_houston+OR+from%3Athenyknicks+OR+from%3Aallan_houston+OR+%232MNBA - returns 15 tweets dating back to Sun Aug 8, 127P (per Twitter feeds) All the information I've read re: rate limits should put 15 tweets well below that. Further, although the API docs suggest the data for the Search API is indexed only for the last seven days, I would still expect to see tweets for all of the last seven days, rather than only five (e.g., the first search should have returned more Tweets dating back to Aug 3. All in all the API does not appear to be working as advertised, however, I may be missing the fine print. Is there a limit on the # of days back which the search parameters will reach? And what is it? Is there a limit on the # of tweets that will be returned? And what is it? Thank you in advance! mX.
Re: [twitter-dev] Re: OAuth and Hardware
On 8/12/10 3:07 AM, ERenken wrote: Does the token ever expire? Eric On Aug 11, 9:38 am, Taylor Singletary taylorsinglet...@twitter.com wrote: One implementation option you have is to build only the portions of OAuth that you need to meet your goals. On dev.twitter.com we provide a feature that allows you to retrieve the access token for your own account, owning the application. You would then hard code this access token and your API keys within your device (with best effort security). The migration from basic auth isn't an issue of protecting from man-in-the-middle attacks (such that SSL would prevent) but more of an issue with applications having access to Twitter usernames and passwords. There are many people who use the same passwords across multiple sites, so the security risk of supporting basic auth does not stop at Twitter. TaylorOn Wed, Aug 11, 2010 at 9:30 AM, ERenken eren...@gmail.com wrote: So how can I use OAuth on a hardware device we are creating that doesn't have a UI? Can I share the key between all the devices? This is only twittering to 1 account that we have created. Seems like OAuth is going to make stuff like this harder for people to develope. Seems like it would have just bee easier for security if you would have added HTTPS and left basic auth. At least for embedded devices so they could send tweets. Currently, no. However, somewhere in the documentation it states that this may be changed in the future. Tom
Re: [twitter-dev] Re: OAuth and Hardware
On 8/12/10 3:07 AM, ERenken wrote: Does the token ever expire? Eric On Aug 11, 9:38 am, Taylor Singletary taylorsinglet...@twitter.com wrote: One implementation option you have is to build only the portions of OAuth that you need to meet your goals. On dev.twitter.com we provide a feature that allows you to retrieve the access token for your own account, owning the application. You would then hard code this access token and your API keys within your device (with best effort security). The migration from basic auth isn't an issue of protecting from man-in-the-middle attacks (such that SSL would prevent) but more of an issue with applications having access to Twitter usernames and passwords. There are many people who use the same passwords across multiple sites, so the security risk of supporting basic auth does not stop at Twitter. TaylorOn Wed, Aug 11, 2010 at 9:30 AM, ERenken eren...@gmail.com wrote: So how can I use OAuth on a hardware device we are creating that doesn't have a UI? Can I share the key between all the devices? This is only twittering to 1 account that we have created. Seems like OAuth is going to make stuff like this harder for people to develope. Seems like it would have just bee easier for security if you would have added HTTPS and left basic auth. At least for embedded devices so they could send tweets. As a reply to my previous e-mail: Your question is listed on the FAQ :-) http://dev.twitter.com/pages/oauth_faq Tom
[twitter-dev] Re: OAuth and Hardware
I thought about doing the proxy, but I liked having the device do it itself and alot less code just having the device do it. I will just hard code it. I would assume we can invalidate a token if for some reason it is comprimised. Like managing applications in FaceBook. Eric On Aug 11, 9:36 am, Tom van der Woerdt i...@tvdw.eu wrote: On 8/11/10 6:30 PM, ERenken wrote: So how can I use OAuth on a hardware device we are creating that doesn't have a UI? Can I share the key between all the devices? This is only twittering to 1 account that we have created. Seems like OAuth is going to make stuff like this harder for people to develope. Seems like it would have just bee easier for security if you would have added HTTPS and left basic auth. At least for embedded devices so they could send tweets. If there's no chance of the key leaking to people outside of your company (or whoever uses your application) then I don't see why not. It's always better than sharing username/password like with Basic Auth, and if they all use the same account, it's no problem at all. Of course, a better solution would be to create a simple proxy, but that may take some more programming and money if you don't have a server for it. Tom
Re: [twitter-dev] Re: OAuth and Hardware
On 8/12/10 3:10 AM, ERenken wrote: I thought about doing the proxy, but I liked having the device do it itself and alot less code just having the device do it. I will just hard code it. I would assume we can invalidate a token if for some reason it is comprimised. Like managing applications in FaceBook. Eric On Aug 11, 9:36 am, Tom van der Woerdt i...@tvdw.eu wrote: On 8/11/10 6:30 PM, ERenken wrote: So how can I use OAuth on a hardware device we are creating that doesn't have a UI? Can I share the key between all the devices? This is only twittering to 1 account that we have created. Seems like OAuth is going to make stuff like this harder for people to develope. Seems like it would have just bee easier for security if you would have added HTTPS and left basic auth. At least for embedded devices so they could send tweets. If there's no chance of the key leaking to people outside of your company (or whoever uses your application) then I don't see why not. It's always better than sharing username/password like with Basic Auth, and if they all use the same account, it's no problem at all. Of course, a better solution would be to create a simple proxy, but that may take some more programming and money if you don't have a server for it. Tom Yes, you can. At http://dev.twitter.com/apps you can simply click Reset. Tom
[twitter-dev] stream.twitter.com/1/statuses/filter
I am trying to use the streaming API to return result sets of for specific users. For some reason, no user is being located by the id specified. Is there something not documented with these calls? http://dev.twitter.com/pages/streaming_api_methods#follow any info someone has is greatly appreciated!
Re: [twitter-dev] stream.twitter.com/1/statuses/filter
Hey, To follow users you need to POST the user IDs you want to follow as a comma separated list. For example to follow @themattharris you would POST follow=777925 If you're still having problems let us see the API request you are making and we'll see what's up. Matt On Wed, Aug 11, 2010 at 8:26 PM, kme km.ens...@gmail.com wrote: I am trying to use the streaming API to return result sets of for specific users. For some reason, no user is being located by the id specified. Is there something not documented with these calls? http://dev.twitter.com/pages/streaming_api_methods#follow any info someone has is greatly appreciated! -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris