Okay, thanks for the information! It will be a read/write application.
On Apr 8, 10:52 am, Matt Sanford <[email protected]> wrote: > Comments inline: > > On Apr 7, 2009, at 10:24 PM, redwall_hp wrote: > > > > > I'm planning out a WordPress plugin that will make use of the Twitter > > API (which I have experience with). I'd like to avoid using basic HTTP > > authentication if I can, in favor of OAuth. I've been doing some > > reading on OAuth, and I think I get the general idea, though I haven't > > tried any experiments with it yet. > > > I'm left wondering about a few things though. > > > 1. As I'm developing a WordPress plugin, many different people will be > > using it on many different servers. How do I handle application > > registration with Twitter? Do I register an application under the name > > of the plugin, and then hook that into the plugin? Or would each user > > of the plugin have to go and register their blog as an application and > > do some setup with the plugin? > > If this is a read-only application you could register it once and > have all sites effectively act as the same application. This increases > the ease of installation but runs the risk of all sites breaking if > one user misbehaves enough that we have to suspend the application. > > For applications with write access I wouldn't recommend > distributing the key/secret since each site would likely want their > own source name (e.g. "from Matt's Blog"). In that case you would need > to leave the token and secret blank and have each installation > register themselves. > > > > > 2. How are API limits handled with OAuth? What are the differences (if > > any)? Are the API limits logged by IP, by the user authenticating, or > > to the application? > > There is a bug right now waiting to be fixed but after that it will > work just like Basic Auth does. By user when authenticated, by IP > address when not. > > Thanks; > — Matt Sanford / @mzsanford
