I had a few questions I was hoping someone could help answer for me: 1. Does Twitter support https:// on all of its API calls? 2. If so, is it possible to use PLAIN_TEXT signatures in OAuth? 3. Does a simple end-user iPhone app need to provide a full 3-legged OAuth request, or can the 2-legged OAuth variant be used as referenced in the OAuth specification (i.e. "Application wishing to use OAuth as an alternative to HTTP ‘Basic’, should use the the Consumer Key and Consumer Secret to hold the username and password, and leave the Token and Token Secret empty."?