The authenticated calls are signed with a 'secret' but don't return secret information.
The /oauth calls are also signed with a secret but do return secret information. On Oct 3, 10:16 am, Adam Shannon <a...@ashannon.us> wrote: > HTTPS is a secure and encrypted transfer protocol for HTTP. HTTPS is > designed to "hide" sensitive data (passwords, credit card numbers) > from malicious persons. So it's safe to say that whenever you will be > transferring sensitive data (OAuth, passwords) you should use HTTPS. > > On Sat, Oct 3, 2009 at 12:03 PM, Andy Freeman <ana...@earthlink.net> wrote: > > > When should I use https instead of http in twitter api calls? > > > I'd guess that it's okay to use http for oauth-authenticated /show/ > > user and maybe /statuses/update, but what about the four oauth calls (/ > > oauth/request_token, /oauth/authorize, /oauth/authenticate, and /oauth/ > > access_token)? > > > Thanks, > > -andy > > -- > - Adam Shannon (http://ashannon.us)
