In the current incarnation, you don't need a registered application to use
the streaming API -- just a valid username and password to access the
endpoints.

While we don't know what the OAuth-based authentication is going to look
like in the future of authenticating with the streaming API, we do know that
using a username and password won't be tenable for long.

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Tue, Apr 20, 2010 at 3:44 PM, Dima Brodsky <ddbrod...@gmail.com> wrote:

> Hi,
>
> Question about oauth registration ... do I register the user ID I currently
> use at the same place as all other apps, i.e.
> http://dev.twitter.com/apps/new, or is there another endpoint for the
> streaming api?
>
> Thanks!
> ttyl
> Dima
>
>
> On Tue, Apr 20, 2010 at 10:17 AM, Taylor Singletary <
> taylorsinglet...@twitter.com> wrote:
>
>> Hi Jonathon,
>>
>> For Streaming API access that isn't from the perspective of a user's
>> account, you would use two-legged OAuth to establish authentication instead
>> of basic auth.
>>
>> A two-legged OAuth request is very similar to other OAuth requests: you
>> have a specific resource you are trying to access, you have some parameters
>> you want to pass to that resource, and you have an OAuth consumer key and
>> OAuth consumer secret. Which is unlike three-legged OAuth where you also
>> have oauth_tokens representing either a user/access_token or a request token
>> in addition to the rest.
>>
>> But the rules remain the same. You take all the OAuth parameters and the
>> parameters you are sending to the resource, organize them, build a signature
>> base string, then sign that with your consumer secret and send the request
>> on to Twitter properly signed. The only difference is that there is no
>> oauth_token and oauth_token_secret getting involved in the mix.
>>
>> This is essentially what a two-legged request to the streaming API would
>> look like:
>>
>> Signature Base String
>> GET&http%3A%2F%2Fstream.twitter.com
>> %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0
>>
>> Signature
>> Xi5jfuw2XqtU5KpNX9ZCtTptJS0=
>>
>> Authorization Header
>> OAuth oauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8",
>> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1271783743",
>> oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ",
>> oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", oauth_version="1.0"
>>
>> Taylor Singletary
>> Developer Advocate, Twitter
>> http://twitter.com/episod
>>
>>
>> On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill <jhill9...@gmail.com>wrote:
>>
>>> One thing I meant to find out @chirp last week--what will oauth look
>>> like for the Streaming API? I'm having a hard time visualizing how
>>> that will work.
>>>
>>> Thanks,
>>>
>>> Jonathon Hill
>>> @compwright
>>> Company52
>>> http://company52.com
>>>
>>>
>>> --
>>> Subscription settings:
>>> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>>>
>>
>>
>

Reply via email to