[twitter-dev] What does "following" in user information do?

[Hwee-Boon Yar]

So if I do, http://twitter.com/users/show/XXX.xml

What does the value of following (true/false) mean? I tried
authenticating as someone that both follows and is followed by XXX and
yet the value of following is still false.

Docs say: boolean indicating if a user is following a given user

Any thoughts?

--
Hwee-Boon

[twitter-dev] Preparing for OAuth

[Nial]

I'm working on a Twitter dashboard widget for Mac OS X (http://
airmailr.com) that's currently chugging along in private beta.
However, I've recently noticed that the OAuth beta is no longer
private and feel it'd be a wise move to integrate it into my app
before going public.

I'm pretty sure I've got an alright understanding of how OAuth works,
but I'm slightly concerned over usability and implementation.
Specifically, from the widget perspective, it's fairly easy to force
Safari to open and direct the user to the Twitter authorize_url. From
there, however, I'm not sure how to handle the situation of a callback
url to grab a valid AccessToken.

Pownce for the iPhone handles this by setting a callback URL to a
specific protocol (pownce://) which launches the app and grabs the
AccessToken that way.

I'm probably being dim, but is there a better way to handle this?

[twitter-dev] Why is http://twitter.com/statuses/followers/... restricted, but /friends/... not?

[Thomas Thurman]

I run a site which tracks who's added a user to their friendslist on
LiveJournal (and allows you to draw charts and graphs of the
information when it's gathered over time).  Two of my users in the
last week have asked whether it's possible to extend it to track who's
following them on Twitter.

Here's the problem, though: the useful information to track in this
case is in .../statuses/followers/username.format, because people know
who they've started and stopped following, but they want to keep a
list of who starts and stops following them.  However, this is
restricted only to people who authenticate as that user.  Why is this,
when .../statuses/friends/username.format is public information?  Is
this ever likely to change?

(I suppose I could solve their problem by basically turning the site
into a Twitter client and allowing each of them to store login
information for their Twitter account, but it seems a rather baroque
solution.)

Thomas

[twitter-dev] get replies to a tweet

[Jarred Bishop]

Hello.
Is there a way to get public tweets that are in reply to a specific
status?
If we could search on in_reply_to_status_id that would be fantastic,
but I can't seem to find anything like it.

Thanks.

@jarred

[twitter-dev] PHP and special chars. How to?

[Carlo]

Hi. I'm new in flickr api, and i'm still looking around to better
understand how it works.

I'm working with PHP and I have a problem with special chars. I send
to twitter a request like this:

$url = "http://twitter.com/statuses/friends_timeline.xml";;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "username:password");
$result = curl_exec($ch);
curl_close($ch);

Then I handle the result with something like this:

$xml = simplexml_load_string($result);
foreach ($xml->status as $status) {
  $image = $status->user->profile_image_url;
  $name = $status->user->screen_name;
  $icon = '';
  $text = $status->text;
  echo "" . $icon . " " . $text . "\n";
}

The problem is in special chars. If I wrote (in italian) the following
text:

"Il mio nome è Carlo"

the API returns something like:

"Il mio nome À Carlo"

I used PHP function htmlspecialchars(), but with no success.

Can anybody help me?

Thanks a lot
Carlo

[twitter-dev] Re: Friends and followers listing ends abruptly for large numbers

[Sarah L]

Same problem myself, would like to see a fix in for this

On Mar 19, 9:42 am, Patrick  wrote:
> Cheers guys,
>
> I've read your post Jeffrey but it doesn't come to the answer why the
> friends/follower list ends before it should. I'm not seeing 502 errors
> from the api also in my case, just a list that is not complete
>
> Andrew, i've tried the search but couldn't locate a solution. Would
> you be able to point the way?
>
> On Mar 18, 9:21 pm, Jeffrey Greenberg 
> wrote:
>
> > Interesting... I've reported this also: I'm seeing consistent 502 errors on
> > users with large follow lists when using the social api
> > The fact is that it's inconsistent: i am able to see page 648 and 649, but
> > not 1000...
>
> > On Wed, Mar 18, 2009 at 11:29 AM, Andrew Badera  wrote:
> > > Google Is Your Friend -- this issue has come up more than once recently.
> > > Check the list archives.
>
> > > On Wed, Mar 18, 2009 at 11:51 AM, Patrick  wrote:
>
> > >> I'm using the api to retrieve friends and followers for a popular user
> > >> but it seems the api and the twitter friends and followers webpage end
> > >> the listing quite early in the listing. (I'm assuming the webpages
> > >> just use the api behind the scenes)
>
> > >> For example check out stephenfry's profile...
>
> > >> He's got 316888 followers which should result in over 15000 pages of
> > >> followers (20 per page). However if you go to, say, page 1000 there
> > >> are no results:http://twitter.com/stephenfry/followers?page=1000
>
> > >> (the listing actually ends on page 647:
> > >>http://twitter.com/stephenfry/followers?page=647)
>
> > >> I'm seeing the exact same issue with my client. The api also stops the
> > >> listing early.
>
> > >> Anyone able to shed any light?

[twitter-dev] Re: public_timeline not up to date

[bootchec]

It is happening again.
I am having updates from yestarday 6pm at the moment.

-

-

donbuie: Thank You. I want to thank everyone who has posted comments
supporting the redevelopment efforts in Downtown Albany.

-

donbuie: Thank You. I want to thank everyone who has posted comments
supporting the redevelopment efforts in Downtown Albany.

Thu, 19 Mar 2009 18:35:05 +
http://twitter.com/donbuie/statuses/1355909552
http://twitter.com/donbuie/statuses/1355909552


On Mar 20, 4:26 am, Cameron Kaiser  wrote:
> [Charset ISO-8859-1 unsupported, filtering to ASCII...]
>
>
>
>
>
> > Is this occurring again? I haven't received any updates in several
> > hours through the public timeline.
>
> > Thanks.
>
> > On Mar 17, 9:55_pm, Alex Payne  wrote:
> > > Yes, this is a known issue. The process that feeds thepublictimeline
> > > is particularly susceptible to database replication lag. We've just
> > > added some capacity that should alleviate this issue.
>
> > > On Tue, Mar 17, 2009 at 15:08, bootchec  wrote:
>
> > > > Recently I have noticed that 
> > > > sometimeshttp://twitter.com/statuses/public_timeline.rss
> > > > returns bit odd results, which is the same time for each update and
> > > > they are always old: 7-8 hours. And they are repeaded, so no matetr
> > > > how many times I call it, it gives me the same updates. At the moment
> > > > I tried it several times and I gotalwasy this as a first update:
> > > > 
> > > > billthomas: via Sammy Simpson @tunedin _Talk radio idea for this
> > > > economyhttp://ow.ly/11w4
> > > > 
> > > > -
> > > > 
> > > > billthomas: via Sammy Simpson @tunedin _Talk radio idea for this
> > > > economyhttp://ow.ly/11w4
> > > > 
> > > > Tue, 17 Mar 2009 14:17:49 +
> > > > http://twitter.com/billthomas/statuses/1342266945
> > > > http://twitter.com/billthomas/statuses/1342266945
> > > > 
>
> > > --
> > > Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x-Hide quoted 
> > > text -
>
> > > - Show quoted text -
>
> --
>  personal:http://www.cameronkaiser.com/--
>   Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com
> -- BOND THEME NOW PLAYING: "Goldfinger" 
> ---

[twitter-dev] Invalid OAuth request on posting to /statuses/update

[Celso Pinto]

Hi all,

I'm trying to set up a client and I want to use OAuth. The oauth
authorization went ok, my app shows on my settings page but when I try
to make an OAuth post to /statuses/update.json I get an "Invalid OAuth
request" response. I've tried setting the OAuth authorization header
(both with and without a realm) but this always fails as it apparently
tries to authenticate using HTTP Basic Auth. Thoughts?

Anyhow, here's a dump of the HTTP transaction (some response headers
omitted), am I missing something? TIA.


POST http://twitter.com/statuses/update.json HTTP/1.1

Host: twitter.com

Accept-Encoding: identity

Content-Length: 280

Content-Type: application/x-www-form-urlencoded



oauth_nonce=21598464&oauth_timestamp=1237549916&oauth_consumer_key=zApimJxrvgM7xpJTAEFDA&oauth_signature_method=HMAC-
SHA1&oauth_version=1.0&oauth_token=4927481-
uCDTzmk9jls6Rgdzmoy6MW3CjDW7E8Hi8vJgKgxqU4&oauth_signature=lt1k8jLt22AKnZlk
%2BpfNsdiF5b8%3D&status=hello+from+handivi%21

HTTP/1.0 401 Unauthorized

Date: Fri, 20 Mar 2009 11:51:57 GMT

Server: hi

Status: 401 Unauthorized

Cache-Control: no-cache, max-age=300

Content-Type: text/html; charset=utf-8

Content-Length: 21


Invalid OAuth Request

[twitter-dev] Re: PHP and special chars. How to?

[Cameron Kaiser]

> The problem is in special chars. If I wrote (in italian) the following
> text:
> 
> "Il mio nome _ Carlo"
> 
> the API returns something like:
> 
> "Il mio nome _ Carlo"
>
> I used PHP function htmlspecialchars(), but with no success.

Your problem here is UTF-8 (which of course Elm just ate), not HTML special
characters. Going into PHP multibyte support is not germaine for this list,
but look at the utf8_{encode,decode} functions, iconv and mbstring. This is a
nice cheatsheet on mbstring:

http://www.nicknettleton.com/zine/php/php-utf-8-cheatsheet

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- When relatives are outlawed, only outlaws will have inlaws. 

[twitter-dev] Re: About Rules For Developing Application using Search API

[Cameron Kaiser]

> I am Developing an Application Using Search API. I am Using JSON. I
> want to Know Answers to Following Questions? Please Help me.
> 
> 1. Do i need to get any token or Permissions for that.

No. Just be nice.

> 2. Does the Twitter API Charge me Anything?

Possibly a nice beer, if you're in the area. Otherwise, authentication is
not needed.

> 3. What is the Limit For requests?

"High enough for most people not to notice." It is currently intentionally
unspecified.

> 4. In My application I hit server Many times SO it takes Many Calls.
> Do I need to Get White Listing for that.
> 5. What Should I Do, to Stop My IP from getting Blocked.

Depending on the number of calls you make, you may well get rate limited
or throttled. I'm sure @dougw will have a suggestion about that when he's
upandatom. Arrangements can be made for high-volume applications, at
Twitter's sole discretion.

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- Magic armour is not all it's cracked up to be. -- Terry Pratchett --

[twitter-dev] Re: About Rules For Developing Application using Search API

[Cameron Kaiser]

> > I am Developing an Application Using Search API. I am Using JSON. I
> > want to Know Answers to Following Questions? Please Help me.
> > 3. What is the Limit For requests?
> 
> "High enough for most people not to notice." It is currently intentionally
> unspecified.

I should also add that the API call number pool for the Search API and the
regular Twitter API is different, in case you are using both (probable).
Look at

http://apiwiki.twitter.com/REST+API+Documentation#RateLimiting

for information about that.

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- I'm too old to use emacs. -- Rod MacDonald -

[twitter-dev] Which site to show the link to my application?

[Gary Zhao]

I received the following email after source parameter approved. My question
is which site is referred by the highlighted part. I checked
http://twitter.pbwiki.com/Apps, but couldn't find my app.
Thanks

-- Forwarded message --
From: Twitter 
Date: 2009/3/18
Subject: Your request for a Twitter source parameter has been approved
To: garyz...@gmail.com


TW1TTERBEIS:

Thanks for requesting a source parameter link for your application,
TwitterBEIS

Please have your application send a parameter named "source"
with a value of "twitterbeis" when you POST updates to the Twitter API.

The link to your application should show up on the Twitter site
in the next 24 to 48 hours.

Thanks much, and good luck with your application!



-- 
Gary
http://twitter.com/garyzhao

[twitter-dev] Re: get replies to a tweet

[Abraham Williams]

http://code.google.com/p/twitter-api/issues/detail?id=142

On Fri, Mar 20, 2009 at 03:21, Jarred Bishop wrote:

>
> Hello.
> Is there a way to get public tweets that are in reply to a specific
> status?
> If we could search on in_reply_to_status_id that would be fantastic,
> but I can't seem to find anything like it.
>
> Thanks.
>
> @jarred
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.

[twitter-dev] Re: Which site to show the link to my application?

[Abraham Williams]

Twitter.com. If your application interacts with the API and uses the source
parameter the it will show up on individual tweets like:
https://twitter.com/poseurtech/status/1356664112. See "about 17 hours ago
from Identica". The highlighted part would be replaced with TwitterBEIS.

The pbwiki site is community based and anybody can add their application to
the list.

On Fri, Mar 20, 2009 at 08:21, Gary Zhao  wrote:

> I received the following email after source parameter approved. My question
> is which site is referred by the highlighted part. I checked
> http://twitter.pbwiki.com/Apps, but couldn't find my app.
> Thanks
>
> -- Forwarded message --
> From: Twitter 
> Date: 2009/3/18
> Subject: Your request for a Twitter source parameter has been approved
> To: garyz...@gmail.com
>
>
> TW1TTERBEIS:
>
> Thanks for requesting a source parameter link for your application,
> TwitterBEIS
>
> Please have your application send a parameter named "source"
> with a value of "twitterbeis" when you POST updates to the Twitter API.
>
> The link to your application should show up on the Twitter site
> in the next 24 to 48 hours.
>
> Thanks much, and good luck with your application!
>
>
>
> --
> Gary
> http://twitter.com/garyzhao
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from: Madison WI United States.

[twitter-dev] Re: public_timeline not up to date

[egeem2]

Is this the same issue as before? Any idea when the feed will be live
again?

On Mar 20, 7:44 am, bootchec  wrote:
> It is happening again.
> I am having updates from yestarday 6pm at the moment.
>
> -
> 
> -
> 
> donbuie: Thank You. I want to thank everyone who has posted comments
> supporting the redevelopment efforts in Downtown Albany.
> 
> -
> 
> donbuie: Thank You. I want to thank everyone who has posted comments
> supporting the redevelopment efforts in Downtown Albany.
> 
> Thu, 19 Mar 2009 18:35:05 +
> http://twitter.com/donbuie/statuses/1355909552
> http://twitter.com/donbuie/statuses/1355909552
> 
>
> On Mar 20, 4:26 am, Cameron Kaiser  wrote:
>
>
>
> > [Charset ISO-8859-1 unsupported, filtering to ASCII...]
>
> > > Is this occurring again? I haven't received any updates in several
> > > hours through the public timeline.
>
> > > Thanks.
>
> > > On Mar 17, 9:55_pm, Alex Payne  wrote:
> > > > Yes, this is a known issue. The process that feeds thepublictimeline
> > > > is particularly susceptible to database replication lag. We've just
> > > > added some capacity that should alleviate this issue.
>
> > > > On Tue, Mar 17, 2009 at 15:08, bootchec  wrote:
>
> > > > > Recently I have noticed that 
> > > > > sometimeshttp://twitter.com/statuses/public_timeline.rss
> > > > > returns bit odd results, which is the same time for each update and
> > > > > they are always old: 7-8 hours. And they are repeaded, so no matetr
> > > > > how many times I call it, it gives me the same updates. At the moment
> > > > > I tried it several times and I gotalwasy this as a first update:
> > > > > 
> > > > > billthomas: via Sammy Simpson @tunedin _Talk radio idea for this
> > > > > economyhttp://ow.ly/11w4
> > > > > 
> > > > > -
> > > > > 
> > > > > billthomas: via Sammy Simpson @tunedin _Talk radio idea for this
> > > > > economyhttp://ow.ly/11w4
> > > > > 
> > > > > Tue, 17 Mar 2009 14:17:49 +
> > > > > http://twitter.com/billthomas/statuses/1342266945
> > > > > http://twitter.com/billthomas/statuses/1342266945
> > > > > 
>
> > > > --
> > > > Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x-Hidequoted 
> > > > text -
>
> > > > - Show quoted text -
>
> > --
> >  
> > personal:http://www.cameronkaiser.com/--
> >   Cameron Kaiser * Floodgap Systems *www.floodgap.com*ckai...@floodgap.com
> > -- BOND THEME NOW PLAYING: "Goldfinger" 
> >  Hide quoted text -
>
> - Show quoted text -

[twitter-dev] Re: Why is http://twitter.com/statuses/followers/... restricted, but /friends/... not?

[Abraham Williams]

I think this is a bug. Open an issue:
http://code.google.com/p/twitter-api/issues/list

You can also try using:
http://apiwiki.twitter.com/REST+API+Documentation#SocialGraphMethods

On Fri, Mar 20, 2009 at 00:09, Thomas Thurman  wrote:

>
> I run a site which tracks who's added a user to their friendslist on
> LiveJournal (and allows you to draw charts and graphs of the
> information when it's gathered over time).  Two of my users in the
> last week have asked whether it's possible to extend it to track who's
> following them on Twitter.
>
> Here's the problem, though: the useful information to track in this
> case is in .../statuses/followers/username.format, because people know
> who they've started and stopped following, but they want to keep a
> list of who starts and stops following them.  However, this is
> restricted only to people who authenticate as that user.  Why is this,
> when .../statuses/friends/username.format is public information?  Is
> this ever likely to change?
>
> (I suppose I could solve their problem by basically turning the site
> into a Twitter client and allowing each of them to store login
> information for their Twitter account, but it seems a rather baroque
> solution.)
>
> Thomas
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from: Madison WI United States.

[twitter-dev] Re: About the Time Zone Problems

[Doug Williams]

Basha,
By the quick test I ran it looks to be GMT.

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Fri, Mar 20, 2009 at 2:52 AM, basha  wrote:

>
> Hi, I am Using Search API for Development of my Application. I just
> Started Using it. In what TimeZone Does the tweets return.? I want to
> Know if there are any issues about time zone.
>

[twitter-dev] Re: OAuth POST requests

[Shannon Whitley]

Yep.  That must have been the problem.

On Mar 19, 3:54 pm, Dimebrain  wrote:
> That makes sense, .NET's HttpUtility.UrlEncode method doesn't encode
> in uppercase hexadecimal, and the OAuth 1.0 spec requires that.
>
> On Mar 19, 7:20 pm, Shannon Whitley  wrote:
>
>
>
> > It's working now.  I changed the method for url encoding my post
> > variables and that seemed to fix the problem.  I'm using the UrlEncode
> > method from the .NET oAuth library instead of HttpUtility's method.
>
> > On Mar 19, 2:40 pm, Shannon Whitley  wrote:
>
> > > I'm running into this as well.  My POSTs are not working (401 error).
> > > GETs are fine.
>
> > > On Feb 16, 11:50 pm, Ryan W  wrote:
>
> > > > Any luck with this?  Running into the same problem here, wondering
> > > > what the right combination of data to put in URL params vs post data
> > > > vs headers, etc.
>
> > > > On Feb 14, 12:18 pm,ChadEtzel wrote:
>
> > > > > I have gottenOAuthGET requests working nicely, but POST is a
> > > > > different story.  I am trying to post an update (tweet) usingOAuth,
> > > > > and I'm not quite sure where to put all of the parameters.
>
> > > > > Endpoint:http://twitter.com/statuses/update.xml
>
> > > > > I have tried puting all of the parameters (status, source,
> > > > > in_reply_to_id, oauth_*) in the POSTDATA fields of the request, but I
> > > > > get a 401 "InvalidOAuthRequest" response.
>
> > > > > Then I tried putting just the twitter specific params (status, source,
> > > > > in_reply_to_id) in the POSTDATA fields, and leaving the oauth_* params
> > > > > in the query string of the URL. Same 401 "InvalidOAuthRequest"
> > > > > response.
>
> > > > > I am curious which of these ways *should* work?
>
> > > > > I can get verify_credentials, favorites, etc using the same
> > > > > oauth_token and nonce/signature methods just fine.
>
> > > > > Anybody got POST requests going yet?
>
> > > > > Thanks,
> > > > > -Chad- Hide quoted text -
>
> - Show quoted text -

[twitter-dev] Re: Preparing for OAuth

[Abraham Williams]

You don't need to set a callback url. The only information that Twitter
passes to a callback url is the oauth_token and whatever other information
you decided to add. Once the user approves on Twitter you can have them
click a continue button and the widget can trade the request token for an
access token behind the scenes.

On Fri, Mar 20, 2009 at 05:22, Nial  wrote:

>
> I'm working on a Twitter dashboard widget for Mac OS X (http://
> airmailr.com) that's currently chugging along in private beta.
> However, I've recently noticed that the OAuth beta is no longer
> private and feel it'd be a wise move to integrate it into my app
> before going public.
>
> I'm pretty sure I've got an alright understanding of how OAuth works,
> but I'm slightly concerned over usability and implementation.
> Specifically, from the widget perspective, it's fairly easy to force
> Safari to open and direct the user to the Twitter authorize_url. From
> there, however, I'm not sure how to handle the situation of a callback
> url to grab a valid AccessToken.
>
> Pownce for the iPhone handles this by setting a callback URL to a
> specific protocol (pownce://) which launches the app and grabs the
> AccessToken that way.
>
> I'm probably being dim, but is there a better way to handle this?
>
>


-- 
Abraham Williams | http://the.hackerconundrum.com
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from: Madison WI United States.

[twitter-dev] Re: Which site to show the link to my application?

[Gary Zhao]

Thanks a lot.

2009/3/20 Abraham Williams <4bra...@gmail.com>

> Twitter.com. If your application interacts with the API and uses the source
> parameter the it will show up on individual tweets like:
> https://twitter.com/poseurtech/status/1356664112. See "about 17 hours ago
> from Identica". The highlighted part would be replaced with TwitterBEIS.
>
> The pbwiki site is community based and anybody can add their application to
> the list.
>
>
> On Fri, Mar 20, 2009 at 08:21, Gary Zhao  wrote:
>
>> I received the following email after source parameter approved. My
>> question is which site is referred by the highlighted part. I checked
>> http://twitter.pbwiki.com/Apps, but couldn't find my app.
>> Thanks
>>
>> -- Forwarded message --
>> From: Twitter 
>> Date: 2009/3/18
>> Subject: Your request for a Twitter source parameter has been approved
>> To: garyz...@gmail.com
>>
>>
>> TW1TTERBEIS:
>>
>> Thanks for requesting a source parameter link for your application,
>> TwitterBEIS
>>
>> Please have your application send a parameter named "source"
>> with a value of "twitterbeis" when you POST updates to the Twitter API.
>>
>> The link to your application should show up on the Twitter site
>> in the next 24 to 48 hours.
>>
>> Thanks much, and good luck with your application!
>>
>>
>>
>> --
>> Gary
>> http://twitter.com/garyzhao
>>
>
>
>
> --
> Abraham Williams | http://the.hackerconundrum.com
> Web608 | Community Evangelist | http://web608.org
> This email is: [ ] blogable [x] ask first [ ] private.
> Sent from: Madison WI United States.




-- 
Gary
http://twitter.com/garyzhao

[twitter-dev] Re: Invalid OAuth request on posting to /statuses/update

[Joshua Perry]

Are you including your url-encoded form variables in your signature 
calculation?


Celso Pinto wrote:

Hi all,

I'm trying to set up a client and I want to use OAuth. The oauth
authorization went ok, my app shows on my settings page but when I try
to make an OAuth post to /statuses/update.json I get an "Invalid OAuth
request" response. I've tried setting the OAuth authorization header
(both with and without a realm) but this always fails as it apparently
tries to authenticate using HTTP Basic Auth. Thoughts?

Anyhow, here's a dump of the HTTP transaction (some response headers
omitted), am I missing something? TIA.


POST http://twitter.com/statuses/update.json HTTP/1.1

Host: twitter.com

Accept-Encoding: identity

Content-Length: 280

Content-Type: application/x-www-form-urlencoded



oauth_nonce=21598464&oauth_timestamp=1237549916&oauth_consumer_key=zApimJxrvgM7xpJTAEFDA&oauth_signature_method=HMAC-
SHA1&oauth_version=1.0&oauth_token=4927481-
uCDTzmk9jls6Rgdzmoy6MW3CjDW7E8Hi8vJgKgxqU4&oauth_signature=lt1k8jLt22AKnZlk
%2BpfNsdiF5b8%3D&status=hello+from+handivi%21

HTTP/1.0 401 Unauthorized

Date: Fri, 20 Mar 2009 11:51:57 GMT

Server: hi

Status: 401 Unauthorized

Cache-Control: no-cache, max-age=300

Content-Type: text/html; charset=utf-8

Content-Length: 21


Invalid OAuth Request
  

[twitter-dev] Re: oAuth and 401 Unauthorised Request

[Dimebrain]

Hi Matt,

Is there an issue # to track this? I'm definitely seeing intermittent
refusals for tokens with a different amount of waiting time each time,
at the request_token, access_token and protected resource stages. I
was just curious if this was still a live issue.

On Feb 23, 2:31 pm, Matt Sanford  wrote:
> Hi there,
>
>      I am working on a fix for the case where a brand new token takes  
> a few seconds to propagate to all of our database slaves. During that  
> time you would see errors like "Invalid / expired Token" and then they  
> would suddenly start working. They may even work on some requests and  
> not others because you don't hit the same database every time. Like I  
> said, working on a fix for it now. Once the fix is done I'll keep and  
> eye out for more reports like this.
>
> Thanks;
>    — Matt
>
> On Feb 21, 2009, at 02:47 PM, Santosh Panda wrote:
>
> > Hi Paul,
> > We see the same issue couple of times but infrequently. In another  
> > threaded mail, few more developers have conveyed the same.
>
> > cheers,
> > Santosh Panda
> >www.twitblogs.com
>
> > On Sat, Feb 21, 2009 at 9:50 PM, Paul Kinlan   
> > wrote:
> > Hi,
>
> > Following on from my previous email about not being able to use  
> > verify_credentials, I am still having sporadic problems and I am  
> > wondering if anyone else has seen them.
>
> > Our page call creates a request_token and navigates to the the  
> > twitter oAuth page, on successful return we swap our tokens for an  
> > access token, we then call verify_credentials.json.  Sometimes  
> > (quite often) when we call this method we get a 401 Un-authorised  
> > exception.  If no-one else see's this then I will have to see if the  
> > library I am using has the problem.
>
> > Kind Regards,
> > Paul Kinlan.

[twitter-dev] Re: About Rules For Developing Application using Search API

[Doug Williams]

Basha,
Cameron got everything but since the topic of search API usage comes up a
lot, I'll put something on the record.

To guide you in your development, I'd like to give some words of advice.
Unnecessary searches hurt performance and potentially degrades the
experience for everyone if left unchecked. So when writing an app that
heavily leverages the search API we ask that you be smart:

1) Dynamically adjust rates of query. When your app finds a query that only
updates on average once every three minutes, decay it's rate of refresh.
This will save your app from making unnecessary calls. See
http://search.twitter.com/javascripts/search/refresher.js for an example.
2) Use your since_id's. There is a refresh_url attribute provided with
search results to make this effortless.
3) If you start getting HTTP 503 messages, you need to immediately back off
all queries. The 'Retry-After' header will tell your application when in the
future we'd be happy to honor your requests again. How do we know which IPs
to blacklist? We look for those IPs that consistently require and ignore 503
rate limiting.
4) After doing everything above, If you feel like you have a case where
search whitelisting is warranted, add a unique User-Agent string to your
search requests so we can study your app with you and contact us:
@twitterapi or a...@twitter.com.

Thanks Cameron for offering Basha so much help above.

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Fri, Mar 20, 2009 at 9:03 AM, Cameron Kaiser wrote:

>
> > > I am Developing an Application Using Search API. I am Using JSON. I
> > > want to Know Answers to Following Questions? Please Help me.
> > > 3. What is the Limit For requests?
> >
> > "High enough for most people not to notice." It is currently
> intentionally
> > unspecified.
>
> I should also add that the API call number pool for the Search API and the
> regular Twitter API is different, in case you are using both (probable).
> Look at
>
>http://apiwiki.twitter.com/REST+API+Documentation#RateLimiting
>
> for information about that.
>
> --
>  personal:
> http://www.cameronkaiser.com/ --
>  Cameron Kaiser * Floodgap Systems * www.floodgap.com *
> ckai...@floodgap.com
> -- I'm too old to use emacs. -- Rod MacDonald
> -
>

[twitter-dev] Re: Invalid Oauth Request - Twitter

[rlamfink]

Thanks Joshua,

That got me down the right path and now I'm getting an authorized
connection.

Randy



On Mar 19, 3:12 pm, Joshua Perry  wrote:
> Just an FYI, there should be nothing sensitive in an OAuth URI...  Which
> is a good thing because even under SSL nothing in a querystring is
> encrypted.
>
> Thank you for bringing this up... because there is something sensitive
> in your URI which is also sent by my own implementation, the
> oauth_token_secret should be included in the signature but not in the
> request...
>
> I did a quick edit on my code to elide the secret but when I do that I
> get the same error that you are getting, I am going to have to do a more
> in-depth review of my code to figure out what is going wrong.
>
> See the OAuth spec section 6 [1] it shows the pieces of data that should
> flow between the consumer and provider at each step in the
> authentication flow.
>
> 1.http://oauth.net/core/1.0/#anchor9
>
>
>
> rlamfink wrote:
> > Oauth noob. I've got all the token exchange parts working and can get
> > an access_token& secret. But when I make an http POST, the captured
> > url string looks right, but I get Invalid Oauth Request with a status
> > code of 401.
>
> > Here's the string with the security sensitive parts changed.
> > Is there something obvious that I'm missing?
>
> >http://twitter.com/statuses/update.xml?oauth_consumer_key=XXX...- 
> >Hide quoted text -
>
> - Show quoted text -

[twitter-dev] Re: Invalid OAuth request on posting to /statuses/update

[Celso Pinto]

That was it, thanks a lot!

On Mar 20, 2:06 pm, Joshua Perry  wrote:
> Are you including your url-encoded form variables in your signature
> calculation?
>
> Celso Pinto wrote:
> > Hi all,
>
> > I'm trying to set up a client and I want to use OAuth. The oauth
> > authorization went ok, my app shows on my settings page but when I try
> > to make an OAuth post to /statuses/update.json I get an "Invalid OAuth
> > request" response. I've tried setting the OAuth authorization header
> > (both with and without a realm) but this always fails as it apparently
> > tries to authenticate using HTTP Basic Auth. Thoughts?
>
> > Anyhow, here's a dump of the HTTP transaction (some response headers
> > omitted), am I missing something? TIA.
>
> > POSThttp://twitter.com/statuses/update.jsonHTTP/1.1
>
> > Host: twitter.com
>
> > Accept-Encoding: identity
>
> > Content-Length: 280
>
> > Content-Type: application/x-www-form-urlencoded
>
> > oauth_nonce=21598464&oauth_timestamp=1237549916&oauth_consumer_key=zApimJxrvgM7xpJTAEFDA&oauth_signature_method=HMAC-
> > SHA1&oauth_version=1.0&oauth_token=4927481-
> > uCDTzmk9jls6Rgdzmoy6MW3CjDW7E8Hi8vJgKgxqU4&oauth_signature=lt1k8jLt22AKnZlk
> > %2BpfNsdiF5b8%3D&status=hello+from+handivi%21
>
> > HTTP/1.0 401 Unauthorized
>
> > Date: Fri, 20 Mar 2009 11:51:57 GMT
>
> > Server: hi
>
> > Status: 401 Unauthorized
>
> > Cache-Control: no-cache, max-age=300
>
> > Content-Type: text/html; charset=utf-8
>
> > Content-Length: 21
>
> > Invalid OAuth Request

[twitter-dev] Re: About Rules For Developing Application using Search API

[Chad Etzel]

Maybe I'm not looking hard enough, or Firebug is reporting
erroneously, but lately I have not seen any Retry-After headers in 503
responses from Search API calls, making it difficult to know when to
try again.  In the past this retry-after amount has ranged from 30
seconds to 14 minutes.  Can somebody confirm that Retry-After is still
being sent?  I'd rather not intentionally rate-limit myself to find
out.

-Chad

On Fri, Mar 20, 2009 at 10:26 AM, Doug Williams  wrote:
> Basha,
> Cameron got everything but since the topic of search API usage comes up a
> lot, I'll put something on the record.
>
> To guide you in your development, I'd like to give some words of advice.
> Unnecessary searches hurt performance and potentially degrades the
> experience for everyone if left unchecked. So when writing an app that
> heavily leverages the search API we ask that you be smart:
>
> 1) Dynamically adjust rates of query. When your app finds a query that only
> updates on average once every three minutes, decay it's rate of refresh.
> This will save your app from making unnecessary calls. See
> http://search.twitter.com/javascripts/search/refresher.js for an example.
> 2) Use your since_id's. There is a refresh_url attribute provided with
> search results to make this effortless.
> 3) If you start getting HTTP 503 messages, you need to immediately back off
> all queries. The 'Retry-After' header will tell your application when in the
> future we'd be happy to honor your requests again. How do we know which IPs
> to blacklist? We look for those IPs that consistently require and ignore 503
> rate limiting.
> 4) After doing everything above, If you feel like you have a case where
> search whitelisting is warranted, add a unique User-Agent string to your
> search requests so we can study your app with you and contact us:
> @twitterapi or a...@twitter.com.
>
> Thanks Cameron for offering Basha so much help above.
>
> Doug Williams
> Twitter API Support
> http://twitter.com/dougw
>
>
> On Fri, Mar 20, 2009 at 9:03 AM, Cameron Kaiser 
> wrote:
>>
>> > > I am Developing an Application Using Search API. I am Using JSON. I
>> > > want to Know Answers to Following Questions? Please Help me.
>> > > 3. What is the Limit For requests?
>> >
>> > "High enough for most people not to notice." It is currently
>> > intentionally
>> > unspecified.
>>
>> I should also add that the API call number pool for the Search API and the
>> regular Twitter API is different, in case you are using both (probable).
>> Look at
>>
>>http://apiwiki.twitter.com/REST+API+Documentation#RateLimiting
>>
>> for information about that.
>>
>> --
>>  personal:
>> http://www.cameronkaiser.com/ --
>>  Cameron Kaiser * Floodgap Systems * www.floodgap.com *
>> ckai...@floodgap.com
>> -- I'm too old to use emacs. -- Rod MacDonald
>> -
>
>

[twitter-dev] Re: What does "following" in user information do?

[Doug Williams]

Looking at the issues, this is known [1], [2]. Add a star to show it's a
priority:

1. http://code.google.com/p/twitter-api/issues/detail?id=157
2. http://code.google.com/p/twitter-api/issues/detail?id=99

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Fri, Mar 20, 2009 at 11:54 AM, Pleasant Software <
pleasantsoftw...@googlemail.com> wrote:

>
> Same problem here. I guess it's a bug.
>
> Eberhard
>
> On Mar 20, 9:40 am, Hwee-Boon Yar  wrote:
> > So if I do,http://twitter.com/users/show/XXX.xml
> >
> > What does the value of following (true/false) mean? I tried
> > authenticating as someone that both follows and is followed by XXX and
> > yet the value of following is still false.
> >
> > Docs say: boolean indicating if a user is following a given user
> >
> > Any thoughts?
> >
> > --
> > Hwee-Boon
>

[twitter-dev] Re: What does "following" in user information do?

[Pleasant Software]

Same problem here. I guess it's a bug.

Eberhard

On Mar 20, 9:40 am, Hwee-Boon Yar  wrote:
> So if I do,http://twitter.com/users/show/XXX.xml
>
> What does the value of following (true/false) mean? I tried
> authenticating as someone that both follows and is followed by XXX and
> yet the value of following is still false.
>
> Docs say: boolean indicating if a user is following a given user
>
> Any thoughts?
>
> --
> Hwee-Boon

[twitter-dev] Re: Direct message appearing and disappearing on each refresh

[Alex Payne]

http://code.google.com/p/twitter-api/issues/entry

On Thu, Mar 19, 2009 at 18:25, Gary Zhao  wrote:
> Where is the right place to file bugs?
>
> On Thu, Mar 19, 2009 at 8:42 AM, Sean Spencer 
> wrote:
>>
>> I'm assuming the recent disappearing tweets issue is a known bug as well?
>> I filed it anyway, but it seems to be widespread enough to have already
>> attracted attention...
>>
>> On Thu, Mar 19, 2009 at 11:32 AM, benjackson  wrote:
>>>
>>> Seems like Twitterfone is fine (I assume it's using different params
>>> as it archives locally). Though Tweetie is also FUBAR.
>>>
>>> On Mar 18, 7:53 pm, Alex Payne  wrote:
>>> > Very much so.
>>> >
>>> > On Wed, Mar 18, 2009 at 14:43, benjackson  wrote:
>>> >
>>> > > We're seeing an issue where the latest direct message is cut out of
>>> > > the list when refreshing, and then included/cut again upon each
>>> > > refresh.
>>> >
>>> > > Is this a known issue?
>>> >
>>> > --
>>> > Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x
>
>
>
> --
> Gary
> http://twitter.com/garyzhao
>



-- 
Alex Payne - API Lead, Twitter, Inc.
http://twitter.com/al3x

[twitter-dev] Anyone else getting 502 HTTP Response when using OAuth since 8:00am EDT?

[Pankaj Jain]

Since 8:00am EDT, I've been getting nothing but 502 responses to OAuth
requests.  I've waited, I've tried again and again but can't any info
about there being a problem with the OAuth API so I'm beginning to
think it's my app.  Can anyone confirm?
Cheers,
Pankaj

[twitter-dev] Re: Anyone else getting 502 HTTP Response when using OAuth since 8:00am EDT?

[Doug Williams]

Pankaj,
My test app is happy. Can you be more specific about what you are seeing?

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Fri, Mar 20, 2009 at 2:09 PM, Pankaj Jain  wrote:

>
> Since 8:00am EDT, I've been getting nothing but 502 responses to OAuth
> requests.  I've waited, I've tried again and again but can't any info
> about there being a problem with the OAuth API so I'm beginning to
> think it's my app.  Can anyone confirm?
> Cheers,
> Pankaj
>

[twitter-dev] Re: Anyone else getting 502 HTTP Response when using OAuth since 8:00am EDT?

[Pankaj Jain]

Hey Doug,
Thanks for the quick reply.  Below is a snippet of the HTTP Response
I'm getting back in my Perl script.  Any suggestions would be greatly
appreciated.

   '_headers' => HTTP::Headers=HASH(0xaede20)
  'accept-ranges' => 'bytes'
  'client-date' => 'Fri, 20 Mar 2009 18:30:22 GMT'
  'client-peer' => '128.121.146.100:443'
  'client-response-num' => 1
  'client-ssl-cert-issuer' => '/C=US/O=Equifax Secure Inc./
CN=Equifax Secure Global eBusiness CA-1'
  'client-ssl-cert-subject' => '/C=US/O=twitter.com/OU=GT09721236/
OU=See www.rapidssl.com/resources/cps (c)08/OU=Domain Control
Validated - RapidSSL(R)/CN=twitter.com'
  'client-ssl-cipher' => 'DHE-RSA-AES256-SHA'
  'client-ssl-warning' => 'Peer certificate not verified'
  'connection' => 'close'
  'content-language' => 'en-us'
  'content-length' => 4469
  'content-type' => ARRAY(0xb77a80)
 0  'text/html; charset=UTF-8'
 1  'text/html; charset=utf-8'
  'date' => 'Fri, 20 Mar 2009 18:30:22 GMT'
  'last-modified' => 'Thu, 05 Mar 2009 20:43:06 GMT'
  'server' => 'Apache'
  'title' => 'Twitter / Over capacity'
  'vary' => 'Accept-Encoding'
   '_msg' => 'Bad Gateway'
   '_protocol' => 'HTTP/1.1'
   '_rc' => 502
   '_request' => HTTP::Request=HASH(0xa43910)
  '_content' => ''
  '_headers' => HTTP::Headers=HASH(0xa43900)
 'content-length' => 0
 'content-type' => 'application/x-www-form-urlencoded'
 'listening to podcast - vv show #52 - sam wyly of maverick
capital, green mountain energy, michaels store and sterling software
from greg...' => undef
 'user-agent' => 'libwww-perl/5.825'
  '_method' => 'POST'
  '_uri' => URI::https=SCALAR(0x92b600)
 -> 'https://twitter.com/status/update.xml?
oauth_consumer_key=YhurMAbhrLPFXlCJzmyTVw&oauth_nonce=9djqyE1O6mx5ua4s&oauth_signature=
%2FrIlSXU3ti0wTq6vdgKk4qrxkuU%3D&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1237573818&oauth_version=1.0'
  '_uri_canonical' => URI::https=SCALAR(0xa43990)
 -> 'https://twitter.com/status/update.xml?
oauth_consumer_key=YhurMAbhrLPFXlCJzmyTVw&oauth_nonce=9djqyE1O6mx5ua4s&oauth_signature=
%2FrIlSXU3ti0wTq6vdgKk4qrxkuU%3D&oauth_signature_method=HMAC-
SHA1&oauth_timestamp=1237573818&oauth_version=1.0'

[twitter-dev] statuses/public_timeline down

[Doug Williams]

We've been getting a lot of reports that the public_timeline method
has been returning stale data. We hear you and we're working on it.
Thanks!

Doug Williams
Twitter API Support
http://twitter.com/dougw

[twitter-dev] Can OAuth approval process work in an IFRAME?

[Scott Carter]

I'm starting to look at the OAuth process and had a question for the
OAuth folks at Twitter.

My application BigTweet is invoked via a bookmarklet and displays as
an IFRAME on any web page that a Twitter user happens to be
browsing.Ideally I would like to be able to complete the entire
OAuth process within the IFRAME (for initial login).

I believe that Twitter recently added measures to prevent framing of
their site to stop phishing attacks.   Does this extend to the OAuth
approval page?   Could an exception be made for the OAuth page when
invoked from a registered application presenting a valid Request
Token?  If so, could this be documented (perhaps in the OAuth Twitter
FAQ)?

The authorization page at Twitter appears to have a fairly small
content section (with Deny/Allow buttons, etc), which could fit into a
reasonably sized IFRAME.  If you are agreeable to allow IFRAME
support, would it be possible to standardize on content dimensions
(for IFRAME sizing) and document this as well?

Thanks for considering my request.

Scott
http://twitter.com/scott_carter

[twitter-dev] Re: statuses/public_timeline down

[Doug Williams]

The public_timeline method is live according to my console. Enjoy the
tweets...

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Fri, Mar 20, 2009 at 2:41 PM, Doug Williams  wrote:

>
> We've been getting a lot of reports that the public_timeline method
> has been returning stale data. We hear you and we're working on it.
> Thanks!
>
> Doug Williams
> Twitter API Support
> http://twitter.com/dougw
>

[twitter-dev] Re: public_timeline not up to date

[Doug Williams]

Just linking you guys to the thread I (erroneously) created today [1]. In
short, the public_timeline is back up and all is Zen.

Thanks for toughing these replication lag [2] issues out with us.

1.
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/c9600b8e2c020d19
2. http://twitter.com/al3x/status/1361791651

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Fri, Mar 20, 2009 at 9:40 AM, egeem2  wrote:

>
>
> Is this the same issue as before? Any idea when the feed will be live
> again?
>
> On Mar 20, 7:44 am, bootchec  wrote:
> > It is happening again.
> > I am having updates from yestarday 6pm at the moment.
> >
> > -
> > 
> > -
> > 
> > donbuie: Thank You. I want to thank everyone who has posted comments
> > supporting the redevelopment efforts in Downtown Albany.
> > 
> > -
> > 
> > donbuie: Thank You. I want to thank everyone who has posted comments
> > supporting the redevelopment efforts in Downtown Albany.
> > 
> > Thu, 19 Mar 2009 18:35:05 +
> > http://twitter.com/donbuie/statuses/1355909552
> > http://twitter.com/donbuie/statuses/1355909552
> > 
> >
> > On Mar 20, 4:26 am, Cameron Kaiser  wrote:
> >
> >
> >
> > > [Charset ISO-8859-1 unsupported, filtering to ASCII...]
> >
> > > > Is this occurring again? I haven't received any updates in several
> > > > hours through the public timeline.
> >
> > > > Thanks.
> >
> > > > On Mar 17, 9:55_pm, Alex Payne  wrote:
> > > > > Yes, this is a known issue. The process that feeds
> thepublictimeline
> > > > > is particularly susceptible to database replication lag. We've just
> > > > > added some capacity that should alleviate this issue.
> >
> > > > > On Tue, Mar 17, 2009 at 15:08, bootchec 
> wrote:
> >
> > > > > > Recently I have noticed that sometimeshttp://
> twitter.com/statuses/public_timeline.rss
> > > > > > returns bit odd results, which is the same time for each update
> and
> > > > > > they are always old: 7-8 hours. And they are repeaded, so no
> matetr
> > > > > > how many times I call it, it gives me the same updates. At the
> moment
> > > > > > I tried it several times and I gotalwasy this as a first update:
> > > > > > 
> > > > > > billthomas: via Sammy Simpson @tunedin _Talk radio idea for this
> > > > > > economyhttp://ow.ly/11w4
> > > > > > 
> > > > > > -
> > > > > > 
> > > > > > billthomas: via Sammy Simpson @tunedin _Talk radio idea for this
> > > > > > economyhttp://ow.ly/11w4
> > > > > > 
> > > > > > Tue, 17 Mar 2009 14:17:49 +
> > > > > > http://twitter.com/billthomas/statuses/1342266945
> > > > > > http://twitter.com/billthomas/statuses/1342266945
> > > > > > 
> >
> > > > > --
> > > > > Alex Payne - API Lead, Twitter, Inc.
> http://twitter.com/al3x-Hidequoted text -
> >
> > > > > - Show quoted text -
> >
> > > --
> > >  personal:
> http://www.cameronkaiser.com/--
> > >   Cameron Kaiser * Floodgap Systems *www.floodgap.com*
> ckai...@floodgap.com
> > > -- BOND THEME NOW PLAYING: "Goldfinger"
>  Hide quoted text -
> >
> > - Show quoted text -
>

[twitter-dev] Re: Consistent 502 errors for users with large friend & follower lists

[Dossy Shiobara]

On 3/3/09 4:13 PM, Alex Payne wrote:

That would definitely require us to weigh our current knowledge of
Thrift vs Protocol Buffers. I'll think about it.


Alternatively, returning responses from Twitter's API encoded with 
Thrift would be great, too.  Publish the structure definition files and 
add support for .thrift on URLs instead of .xml or .json.


Presumably, if you already pass data structures around encoded as Thrift 
internally, simply passing them along as the HTTP response shouldn't be 
a tremendous effort, yes?


--
Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network   | http://panoptic.com/
  "He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)

[twitter-dev] Re: Where has the following tag gone??

[Doug Williams]

Joshua,
I'm getting the followers element for both xml and json data. That method is
supposed to return the following element so if you are still seeing this
problem, please reply here and create a new issue to track the defect.

Also, we know variability causes headaches and we are working towards
uniformity. It makes developing for and maintaining the API challenging.
Twitter is growing up fast and what is being learned now will make it's way
into future releases, like the v2 milestone on the horizon.

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Thu, Mar 19, 2009 at 4:08 PM, Joshua Perry  wrote:

>
> I started getting errors in my client when retrieving extended user
> information using the verify_credentials method.  Suddenly the
> false no longer appears in the returned dataset.
> Is this tag not being included any longer?
>
> I know schemas are not RESTy but it is really annoying to have 13
> different datasets and not know when to expect an element or not.  An
> actual schema would tell us if an element is optional (can be
> missing/null).
>
> I also know it is kind of silly for the data to tell me if I'm following
> myself, but I would rather have 3 or 4 uniform datasets than a mess of
> sets of data.
>
> Another place where this is kind of annoying is the status tag under the
> user info, the "schema" on the API site says that status will include
> user info in the user element, but that tag is missing, I know it is
> redundant in this situation since the status is IN the user but is
> another discontinuity.
>
> For uniformity I would prefer user and status to be siblings in the
> responses...
>

[twitter-dev] TwitterAuth for Rails

[Michael Bleigh]

I have just finished putting together a new Rails plugin that allows
for the use of Twitter as a Single Sign-On provider using either OAuth
or HTTP Basic for Rails. I'm planning on blogging about it/releasing
it for real on Monday but wanted to soft-launch to the members of the
Twitter dev community in case someone wants to try it out and hunt
down some bugs.

You can find it here: http://github.com/mbleigh/twitter-auth/

The README should have the basic info about how to use it, as of now
it has to be installed as a plugin instead of a gem (trying to track
down the bug that's causing that), but I want to know what you think!

Thanks,
Michael Bleigh

[twitter-dev] Re: PHP and special chars. How to?

[Carlo]

Hi, Cameron.
I used

$text = utf8_decode($status->text);

and it works!

Thanks a lot



On 20 Mar, 13:54, Cameron Kaiser  wrote:
> > The problem is in special chars. If I wrote (in italian) the following
> > text:
>
> > "Il mio nome _ Carlo"
>
> > the API returns something like:
>
> > "Il mio nome _ Carlo"
>
> > I used PHP function htmlspecialchars(), but with no success.
>
> Your problem here is UTF-8 (which of course Elm just ate), not HTML special
> characters. Going into PHP multibyte support is not germaine for this list,
> but look at the utf8_{encode,decode} functions, iconv and mbstring. This is a
> nice cheatsheet on mbstring:
>
>        http://www.nicknettleton.com/zine/php/php-utf-8-cheatsheet
>
> --
>  personal:http://www.cameronkaiser.com/--
>   Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com
> -- When relatives are outlawed, only outlaws will have inlaws. 
> 

[twitter-dev] Re: PHP and special chars. How to?

[Carlo]

Hi, Cameron.

I used

$text = utf8_decode($status->text);

and it works well.

Thanks a lot



On 20 Mar, 13:54, Cameron Kaiser  wrote:
> > The problem is in special chars. If I wrote (in italian) the following
> > text:
>
> > "Il mio nome _ Carlo"
>
> > the API returns something like:
>
> > "Il mio nome _ Carlo"
>
> > I used PHP function htmlspecialchars(), but with no success.
>
> Your problem here is UTF-8 (which of course Elm just ate), not HTML special
> characters. Going into PHP multibyte support is not germaine for this list,
> but look at the utf8_{encode,decode} functions, iconv and mbstring. This is a
> nice cheatsheet on mbstring:
>
>        http://www.nicknettleton.com/zine/php/php-utf-8-cheatsheet
>
> --
>  personal:http://www.cameronkaiser.com/--
>   Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com
> -- When relatives are outlawed, only outlaws will have inlaws. 
> 

[twitter-dev] Re: Where has the following tag gone??

[Joshua Perry]

Thanks for the heads up and info on v2 Doug.  Let me check again because 
as of last night I was also seeing the "notifications" tag missing.


Josh

Doug Williams wrote:

Joshua,
I'm getting the followers element for both xml and json data. That 
method is supposed to return the following element so if you are still 
seeing this problem, please reply here and create a new issue to track 
the defect.


Also, we know variability causes headaches and we are working towards 
uniformity. It makes developing for and maintaining the API 
challenging. Twitter is growing up fast and what is being learned now 
will make it's way into future releases, like the v2 milestone on the 
horizon.


Doug Williams
Twitter API Support
http://twitter.com/dougw


On Thu, Mar 19, 2009 at 4:08 PM, Joshua Perry > wrote:



I started getting errors in my client when retrieving extended user
information using the verify_credentials method.  Suddenly the
false no longer appears in the returned
dataset.
Is this tag not being included any longer?

I know schemas are not RESTy but it is really annoying to have 13
different datasets and not know when to expect an element or not.  An
actual schema would tell us if an element is optional (can be
missing/null).

I also know it is kind of silly for the data to tell me if I'm
following
myself, but I would rather have 3 or 4 uniform datasets than a mess of
sets of data.

Another place where this is kind of annoying is the status tag
under the
user info, the "schema" on the API site says that status will include
user info in the user element, but that tag is missing, I know it is
redundant in this situation since the status is IN the user but is
another discontinuity.

For uniformity I would prefer user and status to be siblings in the
responses...

[twitter-dev] Re: Consistent 502 errors for users with large friend & follower lists

[Cameron Kaiser]

> > That would definitely require us to weigh our current knowledge of
> > Thrift vs Protocol Buffers. I'll think about it.
> 
> Alternatively, returning responses from Twitter's API encoded with 
> Thrift would be great, too.  Publish the structure definition files and 
> add support for .thrift on URLs instead of .xml or .json.

Instead of? Not in addition to?

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- "The ants are my friends/They're blowing in the wind" --

[twitter-dev] Re: TwitterAuth for Rails

[Alex Payne]

Very cool! If you make it an OpenID provider too, you'll make a lot of
standards nerds very happy ;)

On Fri, Mar 20, 2009 at 12:29, Michael Bleigh  wrote:
>
> I have just finished putting together a new Rails plugin that allows
> for the use of Twitter as a Single Sign-On provider using either OAuth
> or HTTP Basic for Rails. I'm planning on blogging about it/releasing
> it for real on Monday but wanted to soft-launch to the members of the
> Twitter dev community in case someone wants to try it out and hunt
> down some bugs.
>
> You can find it here: http://github.com/mbleigh/twitter-auth/
>
> The README should have the basic info about how to use it, as of now
> it has to be installed as a plugin instead of a gem (trying to track
> down the bug that's causing that), but I want to know what you think!
>
> Thanks,
> Michael Bleigh
>



-- 
Alex Payne - API Lead, Twitter, Inc.
http://twitter.com/al3x

[twitter-dev] How to load xml from flash

[Hazku]

I got problems to loading xml data from flash due to security error
#2048. Anyone has an idea how to solve, i tried to Security.allowDomain
('*') but seems the problem is the http://twitter.com/crossdomain.xml
file doesnt allow flash to access from any server, any ideas?

[twitter-dev] Re: Consistent 502 errors for users with large friend & follower lists

[Dossy Shiobara]

On 3/20/09 3:49 PM, Cameron Kaiser wrote:

Publish the structure definition files and add support for .thrift
on URLs instead of .xml or .json.


Instead of? Not in addition to?



Sure, in addition to ... either way.  :-)

--
Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network   | http://panoptic.com/
  "He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)

[twitter-dev] Re: How to load xml from flash

[Doug Williams]

The following thread is from earlier this month:
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/8d09970f449abc70

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Fri, Mar 20, 2009 at 4:02 PM, Hazku  wrote:

>
> I got problems to loading xml data from flash due to security error
> #2048. Anyone has an idea how to solve, i tried to Security.allowDomain
> ('*') but seems the problem is the http://twitter.com/crossdomain.xml
> file doesnt allow flash to access from any server, any ideas?
>

[twitter-dev] Re: How to load xml from flash

[Stuart]

2009/3/20 Doug Williams :
> The following thread is from earlier this month:
> http://groups.google.com/group/twitter-development-talk/browse_thread/thread/8d09970f449abc70

You mean in March 2008, but your reference still stands ;-)

-Stuart

-- 
http://stut.net/projects/twitter/

> On Fri, Mar 20, 2009 at 4:02 PM, Hazku  wrote:
>>
>> I got problems to loading xml data from flash due to security error
>> #2048. Anyone has an idea how to solve, i tried to Security.allowDomain
>> ('*') but seems the problem is the http://twitter.com/crossdomain.xml
>> file doesnt allow flash to access from any server, any ideas?
>
>

[twitter-dev] Re: How to load xml from flash

[Chad Etzel]

Your best bet is to create a local proxy script to get the xml data
from twitter, and then pass it up to your flash app.  A pain, but it
works.
-Chad

On Fri, Mar 20, 2009 at 4:14 PM, Stuart  wrote:
>
> 2009/3/20 Doug Williams :
>> The following thread is from earlier this month:
>> http://groups.google.com/group/twitter-development-talk/browse_thread/thread/8d09970f449abc70
>
> You mean in March 2008, but your reference still stands ;-)
>
> -Stuart
>
> --
> http://stut.net/projects/twitter/
>
>> On Fri, Mar 20, 2009 at 4:02 PM, Hazku  wrote:
>>>
>>> I got problems to loading xml data from flash due to security error
>>> #2048. Anyone has an idea how to solve, i tried to Security.allowDomain
>>> ('*') but seems the problem is the http://twitter.com/crossdomain.xml
>>> file doesnt allow flash to access from any server, any ideas?
>>
>>
>

[twitter-dev] Re: What does "following" in user information do?

[Hwee-Boon Yar]

I'm seeing it in XML though. The bugs are for JSON format.

--
Hwee-Boon

On Mar 21, 12:06 am, Doug Williams  wrote:
> Looking at the issues, this is known [1], [2]. Add a star to show it's a
> priority:
>
> 1.http://code.google.com/p/twitter-api/issues/detail?id=157
> 2.http://code.google.com/p/twitter-api/issues/detail?id=99
>
> Doug Williams
> Twitter API Supporthttp://twitter.com/dougw
>
> On Fri, Mar 20, 2009 at 11:54 AM, Pleasant Software <
>
>
>
> pleasantsoftw...@googlemail.com> wrote:
>
> > Same problem here. I guess it's a bug.
>
> > Eberhard
>
> > On Mar 20, 9:40 am, Hwee-Boon Yar  wrote:
> > > So if I do,http://twitter.com/users/show/XXX.xml
>
> > > What does the value of following (true/false) mean? I tried
> > > authenticating as someone that both follows and is followed by XXX and
> > > yet the value of following is still false.
>
> > > Docs say: boolean indicating if a user is following a given user
>
> > > Any thoughts?
>
> > > --
> > > Hwee-Boon

[twitter-dev] Re: Can OAuth approval process work in an IFRAME?

[Ivan Kirigin]

I'd love to be able to do this also, and have mentioned it off the
list.

Imagine a "Twitter Connect" button, which would be a tiny iframe
loaded from twitter.com. If signed in, the token exchange could take
place right there. If not signed in, a new window could load with the
regular OAuth process. The callback in the button would be to a tiny
iframe acting as a confirmation of the success, loaded by the
consumer.

There is a diminished phishing risk, because the widget isn't asking
for your password. Only the new window would.

The only question is how the rest of the widget gets the notification
that the OAuth access grant has taken place. My thought is that the
widget could just ping the web service to see if things are integrated
properly. Cross domain iframe communication is a HUGE pain in the ass.
You can get around it if the twitter iframe loaded a designated hidden
iframe from the 3rd party.

Alternatively, you could ask the user to refresh the widget /
bookmarklet.

Generally, I'd like to see some standard buttons from twitter, so
normalize the OAuth experience. You can see on the top of http://tipjoy.com
a banner we made that uses twitter fonts and colors.

Best,
Ivan
http://tipjoy.com

ps check out our twitter payments api: http://tipjoy.com/api
feedback welcome!

On Mar 20, 3:00 pm, Scott Carter  wrote:
> I'm starting to look at the OAuth process and had a question for the
> OAuth folks at Twitter.
>
> My application BigTweet is invoked via a bookmarklet and displays as
> an IFRAME on any web page that a Twitter user happens to be
> browsing.    Ideally I would like to be able to complete the entire
> OAuth process within the IFRAME (for initial login).
>
> I believe that Twitter recently added measures to prevent framing of
> their site to stop phishing attacks.   Does this extend to the OAuth
> approval page?   Could an exception be made for the OAuth page when
> invoked from a registered application presenting a valid Request
> Token?  If so, could this be documented (perhaps in the OAuth Twitter
> FAQ)?
>
> The authorization page at Twitter appears to have a fairly small
> content section (with Deny/Allow buttons, etc), which could fit into a
> reasonably sized IFRAME.  If you are agreeable to allow IFRAME
> support, would it be possible to standardize on content dimensions
> (for IFRAME sizing) and document this as well?
>
> Thanks for considering my request.
>
> Scotthttp://twitter.com/scott_carter

[twitter-dev] Re: Can OAuth approval process work in an IFRAME?

[Joshua Perry]

The interesting thing is, that you could omit the callback URL in your 
application registration with Twitter.  On your site when the user 
clicks the "connect twitter" button you would go and grab a request 
token and pop a new window with that request token in the URI like 
usual.  The user would click accept and since there is not a callback 
URL Twitter will say "You can close this window and complete the Connect 
process".  Waiting on your webpage would be the "complete connection" 
button which, when clicked, would request Twitter to convert the request 
token into an access token.


Instead of popping a window I don't know why you couldn't load the 
Twitter authorization page into an IFrame, but the message to "close 
this window" may be a bit confusing to the user.


This flow is the same as a desktop application has to use to accomplish 
an OAuth connection and should work the similarly well with a web 
application.


Josh

Ivan Kirigin wrote:

I'd love to be able to do this also, and have mentioned it off the
list.

Imagine a "Twitter Connect" button, which would be a tiny iframe
loaded from twitter.com. If signed in, the token exchange could take
place right there. If not signed in, a new window could load with the
regular OAuth process. The callback in the button would be to a tiny
iframe acting as a confirmation of the success, loaded by the
consumer.

There is a diminished phishing risk, because the widget isn't asking
for your password. Only the new window would.

The only question is how the rest of the widget gets the notification
that the OAuth access grant has taken place. My thought is that the
widget could just ping the web service to see if things are integrated
properly. Cross domain iframe communication is a HUGE pain in the ass.
You can get around it if the twitter iframe loaded a designated hidden
iframe from the 3rd party.

Alternatively, you could ask the user to refresh the widget /
bookmarklet.

Generally, I'd like to see some standard buttons from twitter, so
normalize the OAuth experience. You can see on the top of http://tipjoy.com
a banner we made that uses twitter fonts and colors.

Best,
Ivan
http://tipjoy.com

ps check out our twitter payments api: http://tipjoy.com/api
feedback welcome!

On Mar 20, 3:00 pm, Scott Carter  wrote:
  

I'm starting to look at the OAuth process and had a question for the
OAuth folks at Twitter.

My application BigTweet is invoked via a bookmarklet and displays as
an IFRAME on any web page that a Twitter user happens to be
browsing.Ideally I would like to be able to complete the entire
OAuth process within the IFRAME (for initial login).

I believe that Twitter recently added measures to prevent framing of
their site to stop phishing attacks.   Does this extend to the OAuth
approval page?   Could an exception be made for the OAuth page when
invoked from a registered application presenting a valid Request
Token?  If so, could this be documented (perhaps in the OAuth Twitter
FAQ)?

The authorization page at Twitter appears to have a fairly small
content section (with Deny/Allow buttons, etc), which could fit into a
reasonably sized IFRAME.  If you are agreeable to allow IFRAME
support, would it be possible to standardize on content dimensions
(for IFRAME sizing) and document this as well?

Thanks for considering my request.

Scotthttp://twitter.com/scott_carter

[twitter-dev] Re: Can OAuth approval process work in an IFRAME?

[Abraham Williams]

If you have the approval process take place in the iframe there is no way to
for the user to actually verify they are interacting with twitter. if they
are not logged into twitter already you are then asking users to enter
username/password on a potentially unsafe site and opening up to fishing.

On Fri, Mar 20, 2009 at 16:29, Joshua Perry  wrote:

>
> The interesting thing is, that you could omit the callback URL in your
> application registration with Twitter.  On your site when the user clicks
> the "connect twitter" button you would go and grab a request token and pop a
> new window with that request token in the URI like usual.  The user would
> click accept and since there is not a callback URL Twitter will say "You can
> close this window and complete the Connect process".  Waiting on your
> webpage would be the "complete connection" button which, when clicked, would
> request Twitter to convert the request token into an access token.
>
> Instead of popping a window I don't know why you couldn't load the Twitter
> authorization page into an IFrame, but the message to "close this window"
> may be a bit confusing to the user.
>
> This flow is the same as a desktop application has to use to accomplish an
> OAuth connection and should work the similarly well with a web application.
>
> Josh
>
>
> Ivan Kirigin wrote:
>
>> I'd love to be able to do this also, and have mentioned it off the
>> list.
>>
>> Imagine a "Twitter Connect" button, which would be a tiny iframe
>> loaded from twitter.com. If signed in, the token exchange could take
>> place right there. If not signed in, a new window could load with the
>> regular OAuth process. The callback in the button would be to a tiny
>> iframe acting as a confirmation of the success, loaded by the
>> consumer.
>>
>> There is a diminished phishing risk, because the widget isn't asking
>> for your password. Only the new window would.
>>
>> The only question is how the rest of the widget gets the notification
>> that the OAuth access grant has taken place. My thought is that the
>> widget could just ping the web service to see if things are integrated
>> properly. Cross domain iframe communication is a HUGE pain in the ass.
>> You can get around it if the twitter iframe loaded a designated hidden
>> iframe from the 3rd party.
>>
>> Alternatively, you could ask the user to refresh the widget /
>> bookmarklet.
>>
>> Generally, I'd like to see some standard buttons from twitter, so
>> normalize the OAuth experience. You can see on the top of
>> http://tipjoy.com
>> a banner we made that uses twitter fonts and colors.
>>
>> Best,
>> Ivan
>> http://tipjoy.com
>>
>> ps check out our twitter payments api: http://tipjoy.com/api
>> feedback welcome!
>>
>> On Mar 20, 3:00 pm, Scott Carter  wrote:
>>
>>
>>> I'm starting to look at the OAuth process and had a question for the
>>> OAuth folks at Twitter.
>>>
>>> My application BigTweet is invoked via a bookmarklet and displays as
>>> an IFRAME on any web page that a Twitter user happens to be
>>> browsing.Ideally I would like to be able to complete the entire
>>> OAuth process within the IFRAME (for initial login).
>>>
>>> I believe that Twitter recently added measures to prevent framing of
>>> their site to stop phishing attacks.   Does this extend to the OAuth
>>> approval page?   Could an exception be made for the OAuth page when
>>> invoked from a registered application presenting a valid Request
>>> Token?  If so, could this be documented (perhaps in the OAuth Twitter
>>> FAQ)?
>>>
>>> The authorization page at Twitter appears to have a fairly small
>>> content section (with Deny/Allow buttons, etc), which could fit into a
>>> reasonably sized IFRAME.  If you are agreeable to allow IFRAME
>>> support, would it be possible to standardize on content dimensions
>>> (for IFRAME sizing) and document this as well?
>>>
>>> Thanks for considering my request.
>>>
>>> Scotthttp://twitter.com/scott_carter
>>>
>>>
>>


-- 
Abraham Williams | http://the.hackerconundrum.com
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from: Madison Wisconsin United States.

[twitter-dev] Re: How to load xml from flash

[Andrew Badera]

Wait, you mean there's a SEARCHABLE ARCHIVE of this list? *agog*



On Fri, Mar 20, 2009 at 4:14 PM, Stuart  wrote:

>
> 2009/3/20 Doug Williams :
> > The following thread is from earlier this month:
> >
> http://groups.google.com/group/twitter-development-talk/browse_thread/thread/8d09970f449abc70
>
> You mean in March 2008, but your reference still stands ;-)
>
> -Stuart
>
> --
> http://stut.net/projects/twitter/
>
> > On Fri, Mar 20, 2009 at 4:02 PM, Hazku 
> wrote:
> >>
> >> I got problems to loading xml data from flash due to security error
> >> #2048. Anyone has an idea how to solve, i tried to Security.allowDomain
> >> ('*') but seems the problem is the http://twitter.com/crossdomain.xml
> >> file doesnt allow flash to access from any server, any ideas?
> >
> >
>

[twitter-dev] limiting number of follower ids

[Allen]

I'm using this url to pull the id numbers for the followers of a user
(e.g., bob)

http://twitter.com/followers/ids/bob.xml

It turns out that if there are too many people who follow bob, the
return message will be an over capacity notice.  Is there a way to
limit the number of users, like you can do with other calls using
Count, or Since?

Thanks

[twitter-dev] Re: How to load xml from flash

[Dossy Shiobara]

On 3/20/09 6:28 PM, Andrew Badera wrote:

Wait, you mean there's a SEARCHABLE ARCHIVE of this list? *agog*


zo...@#  The AMAZING power of the INTER-NET!

--
Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network   | http://panoptic.com/
  "He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)

[twitter-dev] Re: limiting number of follower ids

[Dossy Shiobara]

On 3/20/09 6:37 PM, Allen wrote:

I'm using this url to pull the id numbers for the followers of a user
(e.g., bob)

http://twitter.com/followers/ids/bob.xml

It turns out that if there are too many people who follow bob, the
return message will be an over capacity notice.  Is there a way to
limit the number of users, like you can do with other calls using
Count, or Since?


Or, can it just work and return all the IDs?  :-)

Similarly, the old friends/followers API calls seem to fail when 
paginating past 10,000 users.


--
Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network   | http://panoptic.com/
  "He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)

[twitter-dev] Rate limit status with OAuth

[Joshua Perry]

Is anyone else having issues getting the rate limit stats when using 
OAuth?  It seems to just be returning 100 remaining and an hour until 
reset at every request.

Josh

[twitter-dev] Re: Can OAuth approval process work in an IFRAME?

[Scott Carter]

I think Ivan's suggestion could answer the concern about the case
where a user needs to enter a username/password:
"If not signed in, a new window could load with the regular OAuth
process. "

For the case where the user is already logged in, there doesn't appear
to be any risk here.  Consider the scenario where the IFRAME is
populating a page from a site pretending to be Twitter with an Allow/
Deny button.   By clicking "Allow", nothing bad can happen.  Twitter
isn't Allowing anything in this case since it wasn't their page to
begin with.

FYI - I think my case is different than Ivan's since he is discussing
a widget whereas my app lives entirely in the IFRAME.   The  callback
from Twitter after authorization would simply cause the IFRAME to
redirect back to a page on bigtweet.com where I could then present a
different (logged in) view for the user.

Joshua's suggestion would work, but providing IFRAME support with a
callback URL would save the user two steps - needing to close the
Authorization window, and clicking the Complete Connection button.

Scott


On Mar 20, 5:50 pm, Abraham Williams <4bra...@gmail.com> wrote:
> If you have the approval process take place in the iframe there is no way to
> for the user to actually verify they are interacting with twitter. if they
> are not logged into twitter already you are then asking users to enter
> username/password on a potentially unsafe site and opening up to fishing.
>
>
>
> On Fri, Mar 20, 2009 at 16:29, Joshua Perry  wrote:
>
> > The interesting thing is, that you could omit the callback URL in your
> > application registration with Twitter.  On your site when the user clicks
> > the "connect twitter" button you would go and grab a request token and pop a
> > new window with that request token in the URI like usual.  The user would
> > click accept and since there is not a callback URL Twitter will say "You can
> > close this window and complete the Connect process".  Waiting on your
> > webpage would be the "complete connection" button which, when clicked, would
> > request Twitter to convert the request token into an access token.
>
> > Instead of popping a window I don't know why you couldn't load the Twitter
> > authorization page into an IFrame, but the message to "close this window"
> > may be a bit confusing to the user.
>
> > This flow is the same as a desktop application has to use to accomplish an
> > OAuth connection and should work the similarly well with a web application.
>
> > Josh
>
> > Ivan Kirigin wrote:
>
> >> I'd love to be able to do this also, and have mentioned it off the
> >> list.
>
> >> Imagine a "Twitter Connect" button, which would be a tiny iframe
> >> loaded from twitter.com. If signed in, the token exchange could take
> >> place right there. If not signed in, a new window could load with the
> >> regular OAuth process. The callback in the button would be to a tiny
> >> iframe acting as a confirmation of the success, loaded by the
> >> consumer.
>
> >> There is a diminished phishing risk, because the widget isn't asking
> >> for your password. Only the new window would.
>
> >> The only question is how the rest of the widget gets the notification
> >> that the OAuth access grant has taken place. My thought is that the
> >> widget could just ping the web service to see if things are integrated
> >> properly. Cross domain iframe communication is a HUGE pain in the ass.
> >> You can get around it if the twitter iframe loaded a designated hidden
> >> iframe from the 3rd party.
>
> >> Alternatively, you could ask the user to refresh the widget /
> >> bookmarklet.
>
> >> Generally, I'd like to see some standard buttons from twitter, so
> >> normalize the OAuth experience. You can see on the top of
> >>http://tipjoy.com
> >> a banner we made that uses twitter fonts and colors.
>
> >> Best,
> >> Ivan
> >>http://tipjoy.com
>
> >> ps check out our twitter payments api:http://tipjoy.com/api
> >> feedback welcome!
>
> >> On Mar 20, 3:00 pm, Scott Carter  wrote:
>
> >>> I'm starting to look at the OAuth process and had a question for the
> >>> OAuth folks at Twitter.
>
> >>> My application BigTweet is invoked via a bookmarklet and displays as
> >>> an IFRAME on any web page that a Twitter user happens to be
> >>> browsing.Ideally I would like to be able to complete the entire
> >>> OAuth process within the IFRAME (for initial login).
>
> >>> I believe that Twitter recently added measures to prevent framing of
> >>> their site to stop phishing attacks.   Does this extend to the OAuth
> >>> approval page?   Could an exception be made for the OAuth page when
> >>> invoked from a registered application presenting a valid Request
> >>> Token?  If so, could this be documented (perhaps in the OAuth Twitter
> >>> FAQ)?
>
> >>> The authorization page at Twitter appears to have a fairly small
> >>> content section (with Deny/Allow buttons, etc), which could fit into a
> >>> reasonably sized IFRAME.  If you are agreeable to allow IFRAME
> >>

[twitter-dev] Signup from Twiiter API

[Jeni]

Can we create (signup) the twitter account using APIs?

[twitter-dev] Re: Signup from Twiiter API

[Cameron Kaiser]

> Can we create (signup) the twitter account using APIs?

No, due to potential abuse.

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- Intel outside -- 6502 inside! --