The authenticated calls are signed with a 'secret' but don't return
The /oauth calls are also signed with a secret but do return secret
On Oct 3, 10:16 am, Adam Shannon <a...@ashannon.us> wrote:
> HTTPS is a secure and encrypted transfer protocol for HTTP. HTTPS is
> designed to "hide" sensitive data (passwords, credit card numbers)
> from malicious persons. So it's safe to say that whenever you will be
> transferring sensitive data (OAuth, passwords) you should use HTTPS.
> On Sat, Oct 3, 2009 at 12:03 PM, Andy Freeman <ana...@earthlink.net> wrote:
> > When should I use https instead of http in twitter api calls?
> > I'd guess that it's okay to use http for oauth-authenticated /show/
> > user and maybe /statuses/update, but what about the four oauth calls (/
> > oauth/request_token, /oauth/authorize, /oauth/authenticate, and /oauth/
> > access_token)?
> > Thanks,
> > -andy
> - Adam Shannon (http://ashannon.us)