There was plenty of notification on when Basic Auth was going to be 

On 9/4/2010 9:29 PM, mikesouthern wrote:
I'm finding it fairly hard to laugh and relax, to be honest.

I'm not a developer. I just use perl scripts to automate my twitter

Receiving a notice telling me that the authentication process had
permanently changed, and receiving it 2 days AFTER the change had been
deployed, was not impressive.. And discovering that there was no
legacy basic authentication to keep hobbyists on track was equally

Not only, from a user and a hobbyist perspective, a confusing lack of
info on the oauth principles as they relate to twitter but there is an
absolute lack of examples for some of the simple things we do such
as ... how DO I automate my twitter feed using a perl script for which
there is no access token, and where the requirement is that of ::duh::
automation. i.e. no user transaction to obtain a token.

I "get" oauth, and the need for it - at least from your perspective. I
just can't believe that you club-footed your way into a release
schedule without some legacy support.

On Aug 31, 6:39 pm, Taylor Singletary<>

On Tuesday, August 31st 2010 at 16:26:13 UTC, @raffi of @twitterapi/team
pressed "the button" that shut basic auth down for good:

    >>  set :rate_limit_api_basic_auth, 0 ; puts Tue Aug 31 16:26:13
+0000 2010 =>  nil
    @raffi -

And with that issued command, we all said goodbye to Basic Authentication.

Basic authentication was the easiest way to get started with the REST API.
With that ease came many dangers, giving rise to the term "the password

OAuth is obviously more complicated to implement. We'll continue to refine
and evolve possible authorization options that present more frictionless
user&  developer experiences without sacrificing user, developer,&  Twitter


    "The time has come," the Walrus said,
    "To talk of many things:
    Of SHAs--and nonces--and signatures--
    Of timestamps--and tokens--
    And why the dance--
    And whether OAuth has wings."


But let us not go with OAuth in anger, but instead with laughter in our

We've curated some of our favorite tweets on the subject. Not all of them
are polite. some of them are
funny, others are sad, some are just informational. All are proof that the
transition to OAuth effects everyone a little differently.


Large-scale migrations are not without their issues, of course. We
introduced this bug and will be fixing it as soon as we can.

* Non-authenticated resources return a 401 with authorization challenge once
the IP-based rate limit is exhausted.
   - The correct behavior here is for us to return a 400.
   - This includes public resources like public_timeline, public lists,
widgets, etc.


* Use* for all REST API operations (excluding Search and
   - You will have unusual results otherwise&  eventually your calls will
* Use for all Search API operations
* Use* for all OAuth token negotiation operations


This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. E-mail transmission cannot be guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses. The sender therefore 
does not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission.

Twitter developer documentation and resources:
API updates via Twitter:
Issues/Enhancements Tracker:
Change your membership to this group:

Reply via email to