*GOODBYE BASIC AUTH*

On Tuesday, August 31st 2010 at 16:26:13 UTC, @raffi of @twitterapi/team
pressed "the button" that shut basic auth down for good:

   >> set :rate_limit_api_basic_auth, 0 ; puts Time.now Tue Aug 31 16:26:13
+0000 2010 => nil
   @raffi - http://twitter.com/twitterapi/status/22634515958

And with that issued command, we all said goodbye to Basic Authentication.

Basic authentication was the easiest way to get started with the REST API.
With that ease came many dangers, giving rise to the term "the password
anti-pattern."

OAuth is obviously more complicated to implement. We'll continue to refine
and evolve possible authorization options that present more frictionless
user & developer experiences without sacrificing user, developer, & Twitter
security.

*A POEM*

   "The time has come," the Walrus said,
   "To talk of many things:
   Of SHAs--and nonces--and signatures--
   Of timestamps--and tokens--
   And why the dance--
   And whether OAuth has wings."

*A WAKE*

But let us not go with OAuth in anger, but instead with laughter in our
hearts.

We've curated some of our favorite tweets on the subject. Not all of them
are polite. http://curated.by/episod/oauthpocalypse -- some of them are
funny, others are sad, some are just informational. All are proof that the
transition to OAuth effects everyone a little differently.

*SOME ERRATA*

Large-scale migrations are not without their issues, of course. We
introduced this bug and will be fixing it as soon as we can.

* Non-authenticated resources return a 401 with authorization challenge once
the IP-based rate limit is exhausted.
  - The correct behavior here is for us to return a 400.
  - This includes public resources like public_timeline, public lists,
widgets, etc.

*OTHER REMINDERS*

* Use api.twitter.com/1/* for all REST API operations (excluding Search and
OAuth).
  - You will have unusual results otherwise & eventually your calls will
fail
* Use search.twitter.com for all Search API operations
* Use api.twitter.com/oauth/* for all OAuth token negotiation operations

*NOW LAUGH & RELAX.*

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to