hi.

yes - this is a legit API - its called the "bulk user show API".  it, for
now, takes either oauth or basic auth, but as with all our other APIs, in
june we will be removing the basic auth support.

we'll be documenting this today.

On Thu, Mar 11, 2010 at 4:06 AM, Dmitri Snytkine <d.snytk...@gmail.com>wrote:

> Yesterday I noticed a javascript prompt on one Tumblr blog asking for
> Twitter username/password
> I thought it was some kind of new phishing scam, I even wanted to
> report it to Twitter.
>
> Now I just saw the link sent from @twitterapi account and it also does
> the same thing - asking for username/password
>
>
> http://api.twitter.com/1/users/lookup.xml?user_id=12863272,3191321,9160152,8285392,795649,15266205
>
> What is this? Is this legit? I thought we have come a long way with
> oAuth so no app should even ask for user's Twitter username/password.
> If this is a legit javascript based API from Twitter, then it stinks
>
>


-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Reply via email to