[twitter-dev] Re: OAuth question
Yes, that is the difference. -Chad On Wed, Jul 22, 2009 at 2:44 AM, hansamann wrote: > > thanx, good to know. > > I am also wondering about one thing: > > - if a user has authorized himself (using the authorize URL, not > authenticate... will try that out later) and does the same process > again, e.g. get's redirected to the authorize URL again, but with a > new request token of course, he is AGAIN asked to sign in. I am not > sure why, twitter could in this case just know that the user is signed > in already. Also looking into the cookies, there is a twitter session > established. > > It could be the default is just to show the login screen again... > > Or... is this the little difference between the authentication / > authorization call. In this case authorization will always ask the > user to sign in, and grant access to my app, but not keep the signed > in user for the next call (which will not happen many times of course, > most people just authorize once per session or even less). > > Instead, the authentication process truely detects a already present > twitter session and will NOT ask the user to sign in even if he should > be signed in already. > > Is that correct? > > Cheers > Sven > > On Jul 21, 11:26 pm, Abraham Williams <4bra...@gmail.com> wrote: >> Last I heard it changes nothing currently. There might be some >> features restricted to it in the future like using the faster >> oauth/authenticate method. >> Abraham >> >> >> >> On Wed, Jul 22, 2009 at 01:03, hansamann wrote: >> >> > Hi all, >> >> > I am using twitter OAuth which works just fine, but I am not sure what >> > exactly this means on the oauth signup page: >> >> > Use Twitter for login: Yes, use Twitter for login >> > Does your application intend to use Twitter for authentication? >> >> > What happens if I check this box? Will there be something different or >> > is this just an internal tracking for Twitter so they know what people >> > intend to do? >> >> > Cheers >> > Sven >> >> -- >> Abraham Williams | Community Evangelist |http://web608.org >> Hacker |http://abrah.am|http://twitter.com/abraham >> Project |http://fireeagle.labs.poseurtech.com >> This email is: [ ] blogable [x] ask first [ ] private. >> Sent from Madison, WI, United States
[twitter-dev] Re: OAuth question
thanx, good to know. I am also wondering about one thing: - if a user has authorized himself (using the authorize URL, not authenticate... will try that out later) and does the same process again, e.g. get's redirected to the authorize URL again, but with a new request token of course, he is AGAIN asked to sign in. I am not sure why, twitter could in this case just know that the user is signed in already. Also looking into the cookies, there is a twitter session established. It could be the default is just to show the login screen again... Or... is this the little difference between the authentication / authorization call. In this case authorization will always ask the user to sign in, and grant access to my app, but not keep the signed in user for the next call (which will not happen many times of course, most people just authorize once per session or even less). Instead, the authentication process truely detects a already present twitter session and will NOT ask the user to sign in even if he should be signed in already. Is that correct? Cheers Sven On Jul 21, 11:26 pm, Abraham Williams <4bra...@gmail.com> wrote: > Last I heard it changes nothing currently. There might be some > features restricted to it in the future like using the faster > oauth/authenticate method. > Abraham > > > > On Wed, Jul 22, 2009 at 01:03, hansamann wrote: > > > Hi all, > > > I am using twitter OAuth which works just fine, but I am not sure what > > exactly this means on the oauth signup page: > > > Use Twitter for login: Yes, use Twitter for login > > Does your application intend to use Twitter for authentication? > > > What happens if I check this box? Will there be something different or > > is this just an internal tracking for Twitter so they know what people > > intend to do? > > > Cheers > > Sven > > -- > Abraham Williams | Community Evangelist |http://web608.org > Hacker |http://abrah.am|http://twitter.com/abraham > Project |http://fireeagle.labs.poseurtech.com > This email is: [ ] blogable [x] ask first [ ] private. > Sent from Madison, WI, United States
[twitter-dev] Re: OAuth question
Last I heard it changes nothing currently. There might be some features restricted to it in the future like using the faster oauth/authenticate method. Abraham On Wed, Jul 22, 2009 at 01:03, hansamann wrote: > > Hi all, > > I am using twitter OAuth which works just fine, but I am not sure what > exactly this means on the oauth signup page: > > Use Twitter for login:Yes, use Twitter for login > Does your application intend to use Twitter for authentication? > > What happens if I check this box? Will there be something different or > is this just an internal tracking for Twitter so they know what people > intend to do? > > Cheers > Sven > -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] OAuth question
Hi all, I am using twitter OAuth which works just fine, but I am not sure what exactly this means on the oauth signup page: Use Twitter for login:Yes, use Twitter for login Does your application intend to use Twitter for authentication? What happens if I check this box? Will there be something different or is this just an internal tracking for Twitter so they know what people intend to do? Cheers Sven
[twitter-dev] Re: Updating the APIs authentication limiting policy
Josh, is there a way, without verify_credentials, to identify that users have changed their Twitter passwords (and therefore you are no longer able to authenticate for them)? For client apps, I don't see this being as much of a problem, but for server-based apps that run regular scripts on behalf of users this could become a regular issue, which is why we were running it. In addition, what is the best way with OAuth to identify the screen name of an individual? verify_credentials is the only way I'm aware of, unless there's something I'm missing (which is probably very likely). I'd love to know if there's a better way. A best practices doc on how to retrieve user information, and how to best verify users have not changed their passwords would certainly be useful I think. I'd like to know how Twitter recommends we do this. Jesse On Tue, Jul 21, 2009 at 8:50 PM, Josh Perry wrote: > > To be honest ever since the x-rate-limit HTTP headers were added we > removed the call to verify_credentials from our Twitter API layer. > > Every time that our Twitter API layer does an HTTP request it > squirrels away the header values and any requests to our API from the > application for rate-limit information is just fulfilled from those > saved variables. So we don't need verify_credentials for rate-limit > information > > Every time that our API does an HTTP request it watches for > unauthorized HTTP responses, so we don't need verify_credentials to > verify that our app is still authorized on the account or that the > user's password is still the same. > > Every single twitter API method could be used to brute-force by > sending HTTP auth headers and watching the HTTP response, but you are > rate-limited to 150 requests/hour/ip, if this rate-limit is good > enough for all the other attack vectors it should probably be good > enough for verify_credentials. In fact verify_credentials is basically > a nop function, which IMHO really isn't needed any longer. > > Josh > > On Jul 21, 7:00 pm, Doug Williams wrote: > > Devs --A change shipped last week that limited the number of times a user > > could access the account/verify_credentials method [1] in a given hour. > This > > change proved hasty and short-sighted as pointed out by the subsequent > > discussion [2]. We apologize to any developer that was adversely > > affected. Given the problems, we want to fix this in a > > public and transparent manner. > > Like most web services, we limit the number of attempts users can make to > > login to > > their accounts on Twitter.com to prevent brute force dictionary > > attacks. This same security is not extended to the platform > > and leaves accounts vulnerable to the same method of attack through the > API. > > > > The change we shipped to limit user accounts to 15 calls an hour to the > > account/verify_credentials method [1] was intended to mitigate this risk. > It > > was thought to limit the number of tests a potential attack could run in > the > > hour, even in a distributed fashion. However, we only protected a single > > resource which still leaves all other authenticated methods exposed as a > > vector of attack (limited only by the API rate limit). > > > > Our thinking is now that we will limit the total number of unsuccessful > > attempts to access authenticated resources to 15 an hour per user per IP > > address. If a single IP address makes 15 attempts to access a protected > > resource unsuccessfully for a given user (as indicated by an HTTP 401), > then > > the user will be locked out of authenticated resources from that IP > address > > for 1 hour. > > > > This scheme has all of the positive effects that we need, however we want > to > > make sure that we have thought through all of the potential problems on > the > > developer's side before we proceed with this change. Please contribute to > > the subsequent discussion if you have an opinion or concern. Once we come > to > > an agreement, we will update with details and a timeline for shipping > this > > update. > > > > 1.http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0ve. > .. > > 2.http://groups.google.com/group/twitter-development-talk/browse_thread. > .. > > > > Regards, > > Doug
[twitter-dev] Re: Twitter credentials
Raj, You might also want to describe what you are trying to do, and some can help you to understand the way they do it. Thanks Peter On Jul 21, 2009, at 9:32 PM, raj wrote: 1.Is there any twitter api method (php) to get credentials both username and password 2.How to use oauth_token returned in call back url, with this token is there any way to get twitter credentials both username and password, Thanks for your help in advance!
[twitter-dev] Re: Twitter credentials
On Tue, Jul 21, 2009 at 11:32 PM, raj wrote: > 1.Is there any twitter api method (php) to get credentials both > username and password > 2.How to use oauth_token returned in call back url, with this token is > there any way to get twitter credentials both username and password, No. -damon
[twitter-dev] Re: Twitter credentials
Hi You don't need credentials username and password. Better to store oauth token And oauth token secret in your database or cookie On Wed, Jul 22, 2009 at 10:02 AM, raj wrote: > > 1.Is there any twitter api method (php) to get credentials both > username and password > 2.How to use oauth_token returned in call back url, with this token is > there any way to get twitter credentials both username and password, > Thanks for your help in advance! > -- Regards Mandakini
[twitter-dev] Twitter credentials
1.Is there any twitter api method (php) to get credentials both username and password 2.How to use oauth_token returned in call back url, with this token is there any way to get twitter credentials both username and password, Thanks for your help in advance!
[twitter-dev] Re: Search API: since_id is now unreliable
Thanks for posting this Chad! Doug, please keep us updated on how things progress with this issue so we can pass along guidance to our user-base. Hopefully the improvements will come in the near-term. Thanks for all that you guys do! Brooks On Jul 21, 3:45 pm, Doug Williams wrote: > Chad,Your assessment is spot on. > > At the heart of search there are a number of data stores that accept queries > (reads) while at the same time perform writes from an indexer. Heavy load -- > large numbers of queries, large number of writes or both, or both -- can > cause the write replication between the indexer and various data stores to > grow inconsistent when a particular data store is blocked on a read. > > Unfortunately there is no easy fix for this problem at the moment. The > search team has grown considerably in the last couple of weeks so as they > get up to speed, the feature set and stability of search should continue to > improve. > > Thanks, > Doug > > > > On Tue, Jul 21, 2009 at 11:57 AM, Chad Etzel wrote: > > > Hi API Team, > > > A few of us have been discussing off list a funky behavior we have > > been noticing and now users are starting to notice. > > > There is a problem for sites/apps like TweetGrid and TweetChat which > > auto-refresh tweets based on the Search API using the since_id. People > > are noticing that these sites are "missing tweets" when compared to > > the search.twitter.com results page for the same query. > > > We believe what is happening is that the search servers are not > > indexing tweets in a serial manner, and so a tweet with a higher id > > may sneak into a search server and be indexed first before a tweet > > with a lower id. This means that when the since_id is sent back from > > the query (or derived from the first result in the results array), > > using that since_id to refresh the query will miss lower id tweets > > when they finally do get indexed. So the illusion of "missing tweets" > > is created. You can run TweetGrid and TweetChat in separate tabs using > > the same query and see that sometimes the results don't match up > > because of this. > > > I'll try to give an example to be clear. > > > Let's say for the sake of simplicity that I'm searching for "twitter" > > and that every 10th tweet in the public timeline matches. So, all > > tweets ending in 0 match my query. > > > Search server 1 may index: > > > 20 > > 30 > > 40 > > 60 > > 70 > > > (notice missing 50) > > > At the same time, Search server 2 may index: > > > 20 > > 30 > > 40 > > 50 > > > (notice hasn't indexed 60 or 70 yet) > > > I send a query and get a response from Server 1 and get a since_id of > > 70. On my next request I use that since_id=70 and I'll never see > > tweet 50. Thus the "missing tweets". > > > This is quite annoying, especially now that users are noticing and > > complaining to us (the app devs) that are apps are broken. > > > I cannot think of a good work around for this that would be simple > > enough to implement and be worth the effort. > > > Is this behavior something anyone else can confirm? Are tweets > > supposed to be indexed/replicated serially by the search servers? > > > -Chad
[twitter-dev] Re: Updating the APIs authentication limiting policy
To be honest ever since the x-rate-limit HTTP headers were added we removed the call to verify_credentials from our Twitter API layer. Every time that our Twitter API layer does an HTTP request it squirrels away the header values and any requests to our API from the application for rate-limit information is just fulfilled from those saved variables. So we don't need verify_credentials for rate-limit information Every time that our API does an HTTP request it watches for unauthorized HTTP responses, so we don't need verify_credentials to verify that our app is still authorized on the account or that the user's password is still the same. Every single twitter API method could be used to brute-force by sending HTTP auth headers and watching the HTTP response, but you are rate-limited to 150 requests/hour/ip, if this rate-limit is good enough for all the other attack vectors it should probably be good enough for verify_credentials. In fact verify_credentials is basically a nop function, which IMHO really isn't needed any longer. Josh On Jul 21, 7:00 pm, Doug Williams wrote: > Devs --A change shipped last week that limited the number of times a user > could access the account/verify_credentials method [1] in a given hour. This > change proved hasty and short-sighted as pointed out by the subsequent > discussion [2]. We apologize to any developer that was adversely > affected. Given the problems, we want to fix this in a > public and transparent manner. > Like most web services, we limit the number of attempts users can make to > login to > their accounts on Twitter.com to prevent brute force dictionary > attacks. This same security is not extended to the platform > and leaves accounts vulnerable to the same method of attack through the API. > > The change we shipped to limit user accounts to 15 calls an hour to the > account/verify_credentials method [1] was intended to mitigate this risk. It > was thought to limit the number of tests a potential attack could run in the > hour, even in a distributed fashion. However, we only protected a single > resource which still leaves all other authenticated methods exposed as a > vector of attack (limited only by the API rate limit). > > Our thinking is now that we will limit the total number of unsuccessful > attempts to access authenticated resources to 15 an hour per user per IP > address. If a single IP address makes 15 attempts to access a protected > resource unsuccessfully for a given user (as indicated by an HTTP 401), then > the user will be locked out of authenticated resources from that IP address > for 1 hour. > > This scheme has all of the positive effects that we need, however we want to > make sure that we have thought through all of the potential problems on the > developer's side before we proceed with this change. Please contribute to > the subsequent discussion if you have an opinion or concern. Once we come to > an agreement, we will update with details and a timeline for shipping this > update. > > 1.http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0ve... > 2.http://groups.google.com/group/twitter-development-talk/browse_thread... > > Regards, > Doug
[twitter-dev] Re: Updating the APIs authentication limiting policy
Thanks for the update Doug. Does this still apply to OAuth apps? Also, if a user goes through an app and unsuccessfully attempts to login 15 times will that app be blocked from authenticating anybody for an hour or just that user? The previous change seemed to block the entire app from making an authentication request on anybody once the limit had been hit.
[twitter-dev] Re: Too many requests in this time period. Try again later.
Let's bring the discussion on the update to the new thread: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/2d68c74567bc9809 Thanks, Doug On Mon, Jul 20, 2009 at 10:08 PM, Doug Williams wrote: > Martin, > The change certainly went out prematurely which is admittedly a > mistake on our end. I will have details tomorrow morning to share > about our fix. > > Thanks, > Doug > > > > > On Mon, Jul 20, 2009 at 7:45 PM, Martin Omander > wrote: > > > > Doug, > > > > Thanks for letting us know about the new request limit. I was worried > > something was wrong on my side. Like the others are saying; it would > > have been nice with a heads-up. > > > > Cheers, > > > > /Martin > > >
[twitter-dev] Updating the APIs authentication limiting policy
Devs --A change shipped last week that limited the number of times a user could access the account/verify_credentials method [1] in a given hour. This change proved hasty and short-sighted as pointed out by the subsequent discussion [2]. We apologize to any developer that was adversely affected. Given the problems, we want to fix this in a public and transparent manner. Like most web services, we limit the number of attempts users can make to login to their accounts on Twitter.com to prevent brute force dictionary attacks. This same security is not extended to the platform and leaves accounts vulnerable to the same method of attack through the API. The change we shipped to limit user accounts to 15 calls an hour to the account/verify_credentials method [1] was intended to mitigate this risk. It was thought to limit the number of tests a potential attack could run in the hour, even in a distributed fashion. However, we only protected a single resource which still leaves all other authenticated methods exposed as a vector of attack (limited only by the API rate limit). Our thinking is now that we will limit the total number of unsuccessful attempts to access authenticated resources to 15 an hour per user per IP address. If a single IP address makes 15 attempts to access a protected resource unsuccessfully for a given user (as indicated by an HTTP 401), then the user will be locked out of authenticated resources from that IP address for 1 hour. This scheme has all of the positive effects that we need, however we want to make sure that we have thought through all of the potential problems on the developer's side before we proceed with this change. Please contribute to the subsequent discussion if you have an opinion or concern. Once we come to an agreement, we will update with details and a timeline for shipping this update. 1. http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0verify_credentials 2. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/b057014336ff502b Regards, Doug
[twitter-dev] Re: Registering our application as browser-based or desktop
If you set the oauth_callback with a value of "oob", it will not redirect the user, but provide the PIN style authorization behavior. See this older post on the new style of calling these params: http://groups.google.com/group/twitter-api-announce/browse_thread/thread/472500cfe9e7cdb9 Hope this helps. Hedley On Tue, Jul 21, 2009 at 2:06 PM, Bradley Wagner wrote: > > Hi, > > I work on a Content Management System solution in which we're > currently trying to integrate Twitter. Here is the issue: > > Our software is installed, so while it is browser-based there is not a > consistent URL to redirect people to and thus nothing that really > makes sense to fill out when registering our application. > > That said, I'd like to avoid to requiring the users of our software to > visit a url and copy/paste a PIN to authorize our application to send > updates to their twitter accounts. > > Is there a recommended way to do this? Where should that URL be > redirecting them to? It's my understanding that if they visit the URL, > an access token can be generated without the use of a pin (we're using > twitter4j for this part). I guess we could just redirect them to our > product's website or some page that says "go back into our app and > click OK to enable the twitter connection". > > Thanks, > Bradley >
[twitter-dev] Registering our application as browser-based or desktop
Hi, I work on a Content Management System solution in which we're currently trying to integrate Twitter. Here is the issue: Our software is installed, so while it is browser-based there is not a consistent URL to redirect people to and thus nothing that really makes sense to fill out when registering our application. That said, I'd like to avoid to requiring the users of our software to visit a url and copy/paste a PIN to authorize our application to send updates to their twitter accounts. Is there a recommended way to do this? Where should that URL be redirecting them to? It's my understanding that if they visit the URL, an access token can be generated without the use of a pin (we're using twitter4j for this part). I guess we could just redirect them to our product's website or some page that says "go back into our app and click OK to enable the twitter connection". Thanks, Bradley
[twitter-dev] Re: Keep getting suspended
On Jul 21, 3:48 am, sjespers wrote: > Because there is no AS2 > Twitter API, I'm using a server side API proxy. So, the Flash Lite app > connects to mtwit.net > mtwit.net connects to Twitter.com > mtwit > returns XML data to my app. Is there some reason the app cannot connect directly to Twitter? I understand there's no API (by which I think you mean existing library), but Twitter's XML and JSON API isn't difficult to deal with directly. I don't know enough about ActionScript to know if there's some technical limitation requiring you to run a proxying app in the middle. > In theory, a limit of 2 means I can only support 133 concurrent > users (if they all leave the app running for an hour). I don't speak for Twitter, but that topic has come up on this list a few times before, and it's easy to demonstrate mathematically (as you've just done) that if you're doing auth'd requests on behalf of a significant number of users, then there's an excellent chance whitelisting is going to work against you rather than in your favor.
[twitter-dev] Re: Help on posting a link on Twitter...
I'm assuming your link should have an & instead of a second ? . Bad http://maps.google.com/maps?f=q?q=100.0,50.0%20%28SPOT%20NAME%29"; Good http://maps.google.com/maps?f=q&q=100.0,50.0%20%28SPOT%20NAME%29"; On Jul 21, 2:53 pm, Travis Williams wrote: > I could really use some probably simple help on posting a Google Map > link to Twitter, which comes from an app of mine through the API. > Basically I'd want to post the entire link like this to twitter from > my app: > > Here is the data I send twitter in the API: > > "is sharing the location for > NAME.http://maps.google.com/maps?f=q?q=100.0,50.0%20%28SPOT%20NAME%29"; > > and twitter only posts: > > MYACCOUNT is sharing the location for SPOT NAME.http://maps.google.com/maps... > > "http://maps.google.com/maps..."; shows as a hyperlink, but the rest is > truncated/missing. And the link takes you to "http://maps.google.com/ > maps?f=q" and then stops. > > Are there more characters I should replace in the data before I send > it to Twitter? To replace the ? or the in what I sent twitter and > forward? I tried %25 instead of a ?, etc. > > Please help. Still picking up these HTML tricks!
[twitter-dev] Help on posting a link on Twitter...
I could really use some probably simple help on posting a Google Map link to Twitter, which comes from an app of mine through the API. Basically I'd want to post the entire link like this to twitter from my app: Here is the data I send twitter in the API: "is sharing the location for NAME. http://maps.google.com/maps?f=q?q=100.0,50.0%20%28SPOT%20NAME%29"; and twitter only posts: MYACCOUNT is sharing the location for SPOT NAME. http://maps.google.com/maps... "http://maps.google.com/maps..."; shows as a hyperlink, but the rest is truncated/missing. And the link takes you to "http://maps.google.com/ maps?f=q" and then stops. Are there more characters I should replace in the data before I send it to Twitter? To replace the ? or the in what I sent twitter and forward? I tried %25 instead of a ?, etc. Please help. Still picking up these HTML tricks!
[twitter-dev] Re: Search API: since_id is now unreliable
Chad,Your assessment is spot on. At the heart of search there are a number of data stores that accept queries (reads) while at the same time perform writes from an indexer. Heavy load -- large numbers of queries, large number of writes or both, or both -- can cause the write replication between the indexer and various data stores to grow inconsistent when a particular data store is blocked on a read. Unfortunately there is no easy fix for this problem at the moment. The search team has grown considerably in the last couple of weeks so as they get up to speed, the feature set and stability of search should continue to improve. Thanks, Doug On Tue, Jul 21, 2009 at 11:57 AM, Chad Etzel wrote: > > Hi API Team, > > A few of us have been discussing off list a funky behavior we have > been noticing and now users are starting to notice. > > There is a problem for sites/apps like TweetGrid and TweetChat which > auto-refresh tweets based on the Search API using the since_id. People > are noticing that these sites are "missing tweets" when compared to > the search.twitter.com results page for the same query. > > We believe what is happening is that the search servers are not > indexing tweets in a serial manner, and so a tweet with a higher id > may sneak into a search server and be indexed first before a tweet > with a lower id. This means that when the since_id is sent back from > the query (or derived from the first result in the results array), > using that since_id to refresh the query will miss lower id tweets > when they finally do get indexed. So the illusion of "missing tweets" > is created. You can run TweetGrid and TweetChat in separate tabs using > the same query and see that sometimes the results don't match up > because of this. > > I'll try to give an example to be clear. > > Let's say for the sake of simplicity that I'm searching for "twitter" > and that every 10th tweet in the public timeline matches. So, all > tweets ending in 0 match my query. > > Search server 1 may index: > > 20 > 30 > 40 > 60 > 70 > > (notice missing 50) > > At the same time, Search server 2 may index: > > 20 > 30 > 40 > 50 > > (notice hasn't indexed 60 or 70 yet) > > I send a query and get a response from Server 1 and get a since_id of > 70. On my next request I use that since_id=70 and I'll never see > tweet 50. Thus the "missing tweets". > > This is quite annoying, especially now that users are noticing and > complaining to us (the app devs) that are apps are broken. > > I cannot think of a good work around for this that would be simple > enough to implement and be worth the effort. > > Is this behavior something anyone else can confirm? Are tweets > supposed to be indexed/replicated serially by the search servers? > > -Chad >
[twitter-dev] How many ID's are returned on API Call -> blocks blocking ids
I'm wondering how many ids are returned when you ask for the authenticated users blocked id's. The other id calls return 5,000 per page, but I was unsure on blocks. Thanks.
[twitter-dev] Re: Twitter user Id
Depends on how many users sign up for twitter. You should be plenty safe with 32 bit signed integer. On Jul 20, 2:20 pm, mattlf wrote: > Hi > What is the size of a Twitter user Id ? > Thank you
[twitter-dev] Re: 140 character limit overridden for Twitgoo?
yes just the twitgoo website On Jul 21, 8:38 am, Justin Hart wrote: > Hi, what app were you using? Just the website? > > On Jul 20, 4:20 pm, Abir wrote: > > > Abraham: Thanks, but not sure I understand why the counter said 140 > > when i was inputting but the post count is 133? > > > On Jul 20, 3:11 pm, Abraham Williams <4bra...@gmail.com> wrote: > > > > If you look at the status you will find that it only posted at 133 > > > characters. > > > >http://twitter.com/ABIRB123/status/2745931292 > > > Abraham > > > > On Mon, Jul 20, 2009 at 16:36, Abir wrote: > > > > > Guys: > > > > > Just posted this on Twitgoo. > > > > > -It let me post a 140 character > > > > > + > > > > > -The URL > > > > > it is an oryx antelope, it's just a stock image from my laptop's > > > > repository. why do this? well i am testing!http://twitgoo.com/1ke92 > > > > > Isn't the total limit 140 characters? or are URL's not counted? I am > > > > developing a service to buy and sell things on Twitter and this would > > > > be helpful to know. Thanks > > > > -- > > > Abraham Williams | Community Evangelist |http://web608.org > > > Hacker |http://abrah.am|http://twitter.com/abraham > > > Project |http://fireeagle.labs.poseurtech.com > > > This email is: [ ] blogable [x] ask first [ ] private. > > > Sent from Madison, WI, United States
[twitter-dev] Re: encoding password
If you are POSTing the user/pass down to a script that uses curl to get the information, you should urlencode the username and password before you POST them then urldecode them once received by the curl'ing script. An & sign in a variable will screw up your POST variables if not escaped/encoded before being POSTed to another script. -Chad On Tue, Jul 21, 2009 at 7:35 AM, RV wrote: > > Hi, > > I have been using the twitter api for 2 weeks now and everything seems > to work, but i have 1 problem with a certain user to get his user > feed. Í'm using curl to retrieve the data but im getting the following > error: > > > > /statuses/user_timeline.xml > This method requires authentication. > > > Out of the 25 twitter users im collecting data from this one is the > only one that is giving me problem. I have checked if the supplied > username + password are correct and they are. There is one thing > though this user uses special character in his password (&-sign). I've > tried urlencoding the password and using htmlentities, both resulting > in the same error. Does anyone know a sollution to this problem? > > Best Regards, > RV >
[twitter-dev] Search API: since_id is now unreliable
Hi API Team, A few of us have been discussing off list a funky behavior we have been noticing and now users are starting to notice. There is a problem for sites/apps like TweetGrid and TweetChat which auto-refresh tweets based on the Search API using the since_id. People are noticing that these sites are "missing tweets" when compared to the search.twitter.com results page for the same query. We believe what is happening is that the search servers are not indexing tweets in a serial manner, and so a tweet with a higher id may sneak into a search server and be indexed first before a tweet with a lower id. This means that when the since_id is sent back from the query (or derived from the first result in the results array), using that since_id to refresh the query will miss lower id tweets when they finally do get indexed. So the illusion of "missing tweets" is created. You can run TweetGrid and TweetChat in separate tabs using the same query and see that sometimes the results don't match up because of this. I'll try to give an example to be clear. Let's say for the sake of simplicity that I'm searching for "twitter" and that every 10th tweet in the public timeline matches. So, all tweets ending in 0 match my query. Search server 1 may index: 20 30 40 60 70 (notice missing 50) At the same time, Search server 2 may index: 20 30 40 50 (notice hasn't indexed 60 or 70 yet) I send a query and get a response from Server 1 and get a since_id of 70. On my next request I use that since_id=70 and I'll never see tweet 50. Thus the "missing tweets". This is quite annoying, especially now that users are noticing and complaining to us (the app devs) that are apps are broken. I cannot think of a good work around for this that would be simple enough to implement and be worth the effort. Is this behavior something anyone else can confirm? Are tweets supposed to be indexed/replicated serially by the search servers? -Chad
[twitter-dev] Re: encoding password
Basic Auth requires that the username and password are Base64 encoded, concatenated together with a colon (":") between them. Be sure that you're encoding the username and password without applying URL encoding or HTML escaping. An ampersand ("&") will never occur in a Base64 encoded string. An example, in Ruby: >> Base64.b64encode('bob:pass&word') => "Ym9iOnBhc3Mmd29yZA==\n" On Tue, Jul 21, 2009 at 04:35, RV wrote: > > Hi, > > I have been using the twitter api for 2 weeks now and everything seems > to work, but i have 1 problem with a certain user to get his user > feed. Í'm using curl to retrieve the data but im getting the following > error: > > > > /statuses/user_timeline.xml > This method requires authentication. > > > Out of the 25 twitter users im collecting data from this one is the > only one that is giving me problem. I have checked if the supplied > username + password are correct and they are. There is one thing > though this user uses special character in his password (&-sign). I've > tried urlencoding the password and using htmlentities, both resulting > in the same error. Does anyone know a sollution to this problem? > > Best Regards, > RV > -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: using whitelisted account for getting multiple user statuses
It's possible to apply whitelisted rate limits to authenticated requests, whether the request is made with Basic Auth or OAuth. If the requesting user is whitelisted, the higher rate limit will take effect. On Mon, Jul 20, 2009 at 23:38, BG wrote: > > My application retrieves status of multiple Twitter users. I have a > whitelisted account for a username. The Twitter API documentation > recommends that I use whitelisted IP Addresses to get the statuses. > However, my IP addresses change pretty often, so I would like to know > if it is possible to make more than 150 status requests using a > whitelisted account (OAuth). > > If it isn't possible, what other options do I have? > > Thanks, > BG > -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Search API error {"error":"since_id too recent, poll less frequently"}
Chad, Good to know. Thanks for your help. Matthew On Jul 21, 2:13 pm, Chad Etzel wrote: > That usually happens when the search servers get out of sync and the > since_id tweet hasn't been indexed on the other server(s) yet, so it > thinks it's a tweet from the future. > -Chad > > > > On Tue, Jul 21, 2009 at 12:38 PM, matthew wrote: > > > I am polling the Search API and intermittently receive the following > > error: > > > {"error":"since_id too recent, poll less frequently"} > > > Is this to be expected or this something going wrong on the server > > side? > > > Matthew Schrock
[twitter-dev] Re: tex
Please see http://help.twitter.com/ for questions about using Twitter over SMS. On Mon, Jul 20, 2009 at 20:07, canpaul wrote: > > i have a metroPCS cell phone i cant get your texes whats up with that. > -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Search API error {"error":"since_id too recent, poll less frequently"}
That usually happens when the search servers get out of sync and the since_id tweet hasn't been indexed on the other server(s) yet, so it thinks it's a tweet from the future. -Chad On Tue, Jul 21, 2009 at 12:38 PM, matthew wrote: > > I am polling the Search API and intermittently receive the following > error: > > {"error":"since_id too recent, poll less frequently"} > > Is this to be expected or this something going wrong on the server > side? > > Matthew Schrock >
[twitter-dev] Search API error {"error":"since_id too recent, poll less frequently"}
I am polling the Search API and intermittently receive the following error: {"error":"since_id too recent, poll less frequently"} Is this to be expected or this something going wrong on the server side? Matthew Schrock
[twitter-dev] Search API error {"error":"since_id too recent, poll less frequently"}
I am polling the search API every 60 seconds and intermittently receiving the following error: {"error":"since_id too recent, poll less frequently"} Is this behavior to be expected or is there some problem? Matthew Schrock
[twitter-dev] Re: 140 character limit overridden for Twitgoo?
Hi, what app were you using? Just the website? On Jul 20, 4:20 pm, Abir wrote: > Abraham: Thanks, but not sure I understand why the counter said 140 > when i was inputting but the post count is 133? > > On Jul 20, 3:11 pm, Abraham Williams <4bra...@gmail.com> wrote: > > > If you look at the status you will find that it only posted at 133 > > characters. > > >http://twitter.com/ABIRB123/status/2745931292 > > Abraham > > > On Mon, Jul 20, 2009 at 16:36, Abir wrote: > > > > Guys: > > > > Just posted this on Twitgoo. > > > > -It let me post a 140 character > > > > + > > > > -The URL > > > > it is an oryx antelope, it's just a stock image from my laptop's > > > repository. why do this? well i am testing!http://twitgoo.com/1ke92 > > > > Isn't the total limit 140 characters? or are URL's not counted? I am > > > developing a service to buy and sell things on Twitter and this would > > > be helpful to know. Thanks > > > -- > > Abraham Williams | Community Evangelist |http://web608.org > > Hacker |http://abrah.am|http://twitter.com/abraham > > Project |http://fireeagle.labs.poseurtech.com > > This email is: [ ] blogable [x] ask first [ ] private. > > Sent from Madison, WI, United States
[twitter-dev] Anyone got a Gears compatible cell phone?
I'm trying to get Gears working with my cell phone to do one-click status updates of my location. It works fine when I have GPS switched on, but should work from cell tower info, but doesn't - Can someone test it if they have a cell that does work? Ignore all the other stuff, I'm just fiddling with proximate tweets and stuff http://linkky.com/twitter.html
[twitter-dev] Re: json - user.following
Thank you, that helped me alot :) On 21 Jul., 16:01, Abraham Williams <4bra...@gmail.com> wrote: > It was there to represent relationships between the user that the > information is being returned about and the user authenticating to make the > call. > The information is known to be unreliable though and has been deprecated in > favor ofhttp://apiwiki.twitter.com/Twitter-REST-API-Method:-friendships-exists > > Abraham
[twitter-dev] Re: json - user.following
It was there to represent relationships between the user that the information is being returned about and the user authenticating to make the call. The information is known to be unreliable though and has been deprecated in favor of http://apiwiki.twitter.com/Twitter-REST-API-Method:-friendships-exists Abraham On Tue, Jul 21, 2009 at 08:55, Stoned wrote: > > Hi, > > I am making a Twitter Mod for Garry's Mod (HL2 Modification). > When checking out the Tweets which I receive with json I was wondering > about this: http://gtweet.pastebin.com/m3b888a6 > > As you can see, some Tweets have the entry user.following = true / > false and some just don't have it. > > Can anyone explain this or tell what user.following was ment to be? > > Best Regards, > Stoned > -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, WI, United States
[twitter-dev] json - user.following
Hi, I am making a Twitter Mod for Garry's Mod (HL2 Modification). When checking out the Tweets which I receive with json I was wondering about this: http://gtweet.pastebin.com/m3b888a6 As you can see, some Tweets have the entry user.following = true / false and some just don't have it. Can anyone explain this or tell what user.following was ment to be? Best Regards, Stoned
[twitter-dev] Is it possible to create a webslice to see / update his Twitter status ?
Hello, I was wondering if it is possible to have a webslice in IE8 that would allow us to see/modify our status on Twitter. I think webslice is a good way to integrate Twitter into IE, and it's pretty easy to implemented (you just need to add class="hslice" to an element and provide an url where to read the slice. Regards, Fremy
[twitter-dev] encoding password
Hi, I have been using the twitter api for 2 weeks now and everything seems to work, but i have 1 problem with a certain user to get his user feed. Í'm using curl to retrieve the data but im getting the following error: /statuses/user_timeline.xml This method requires authentication. Out of the 25 twitter users im collecting data from this one is the only one that is giving me problem. I have checked if the supplied username + password are correct and they are. There is one thing though this user uses special character in his password (&-sign). I've tried urlencoding the password and using htmlentities, both resulting in the same error. Does anyone know a sollution to this problem? Best Regards, RV
[twitter-dev] Re: Is the rate limiting on IP or User a/c
Thank you Chris. It did worked. Victor J. C. -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of Chris Thomson Sent: Thursday, July 16, 2009 2:27 AM To: twitter-development-talk@googlegroups.com Subject: [twitter-dev] Re: Is the rate limiting on IP or User a/c Victor, email twitter-development-talk+unsubscr...@googlegroups.com to unsubscribe. -- Chris Thomson On 2009-07-16, at 2:15 AM, victor castleton wrote: > > Hello All, can anybody tell how to stop me unwanted mail from > coming, I am > getting hundreds of mails and I cannot find the way to stop them. > Thanks VJC
[twitter-dev] Re: Is it possible to control the source name
Thank you for the info; @ any rate is has slow down considerably, it seems to be manageable for the time being. VJC -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of victor castleton Sent: Wednesday, July 15, 2009 10:11 PM To: twitter-development-talk@googlegroups.com Subject: [twitter-dev] Re: Is it possible to control the source name Hi, how do I cut myself out of this group, or better yet control or change the type of mail that I am getting? Can you help? Sincerely, Victor -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of AccountingSoftwareGuy Sent: Wednesday, July 15, 2009 7:46 PM To: Twitter Development Talk Subject: [twitter-dev] Is it possible to control the source name Hi I am using the new oAuth method for communicating with the Twitter API. It appears the default behavior is to include the application name as the source of a post. For instance... [date/time] from DynamicTweets This is fine in most cases but in certain cases we want to make a post look like it came from the web and not display our application name... [date/time] from web Is this possible, I've looked through many threads and I can't seem to find a way to do this and the "source=" parameter doesn't seem to work.
[twitter-dev] Re: How to use Sign-in-with-Twitter in Web App with username and password ?
Hi, The numeric user id is part of the access token (I believe it is the first part), however, on twollo.com I immediately call verify_credentials.json to get the account details of the authenticating user. Paul 2009/7/21 CG > > Hi all, > Sorry for a newbie question again but I am a bit confuse with the > Sign-in-with-Twitter feature .. > > I came across some Twitter app , which let user key in their twitter > account and password , then authenticate the user via API call . > > I came across also Sign-in-with-Twitter feature in Twitter developer > wiki which redirect user to https://www.twitter.com/oauth/authenticate > > > My question is , how should I code my web app home page ? > > Can I use the following logic ? > > When user access the app home page > 1. Getting a request token with cusumer key and secret, redirect to > https://www.twitter.com/oauth/authenticate with passing in oauth_token > . > > 2. User will be redirected to appropriate page by twitter based on the > flow in http://apiwiki.twitter.com/Sign-in-with-Twitter > > 3. After authenticated, twitter will redirect user to the callback > URL. (At this point , how do I get the user id ? call the > verify_credential ?) > > > With the above logic, user will be key in username and password at > twitter page, what about I would like to user to input username and > password at the page that I customize ? > > Sorry for a long question but I really need some help , any hints is > much appreciated .. > > Rgds, > CG >
[twitter-dev] How to use Sign-in-with-Twitter in Web App with username and password ?
Hi all, Sorry for a newbie question again but I am a bit confuse with the Sign-in-with-Twitter feature .. I came across some Twitter app , which let user key in their twitter account and password , then authenticate the user via API call . I came across also Sign-in-with-Twitter feature in Twitter developer wiki which redirect user to https://www.twitter.com/oauth/authenticate My question is , how should I code my web app home page ? Can I use the following logic ? When user access the app home page 1. Getting a request token with cusumer key and secret, redirect to https://www.twitter.com/oauth/authenticate with passing in oauth_token . 2. User will be redirected to appropriate page by twitter based on the flow in http://apiwiki.twitter.com/Sign-in-with-Twitter 3. After authenticated, twitter will redirect user to the callback URL. (At this point , how do I get the user id ? call the verify_credential ?) With the above logic, user will be key in username and password at twitter page, what about I would like to user to input username and password at the page that I customize ? Sorry for a long question but I really need some help , any hints is much appreciated .. Rgds, CG
[twitter-dev] Re: Keep getting suspended
Thanks. So I was able to verify that my server is whitelisted. However, is 2 API calls enough for a "proxy"? Let me explain. I'm building a Twitter client in Flash Lite. Flash Lite currently only supports ActionScript2. Because there is no AS2 Twitter API, I'm using a server side API proxy. So, the Flash Lite app connects to mtwit.net > mtwit.net connects to Twitter.com > mtwit returns XML data to my app. In theory, a limit of 2 means I can only support 133 concurrent users (if they all leave the app running for an hour). Thanks, Serge On Jul 21, 9:39 am, Doug Williams wrote: > Serge, > You can always verify the whitelisted status of your IP or user > through a call to account/rate_limit_status. For instance, here are my > results: > > doug$ curl -u dougw:PASSWORDhttp://twitter.com/account/rate_limit_status.xml > > > 2009-07-21T08:29:35+00:00 > 19995 > 2 > 1248164975 > > > Notice the hourly rate limit of 2 indiciating my account is > whitelisted. Removing the authentication will give me the results for > my IP address: > > doug$ curlhttp://twitter.com/account/rate_limit_status.xml version="1.0" encoding="UTF-8"?> > > 2009-07-21T08:27:45+00:00 > 148 > 150 > 1248164865 > > > The hourly limit here is 150 indiciating my IP is not whitelisted. > > For completeness, our rate limiting article is here [1]. Again, > whitelisting does not ensure your users will not get suspended. > Whitelisting only affects rate limits. > > 1.http://apiwiki.twitter.com/Rate-limiting > > Thanks, > Doug > > -- > Do you follow me?http://twitter.com/dougw > > > > On Tue, Jul 21, 2009 at 12:29 AM, sjespers wrote: > > > Thanks for looking in to this and for unsuspending my account. > > Did you also confirm that the server I am working from is whitelisted? > > How can I make sure that it is? If it's not, then I won't be able to > > release my application because everyone will get suspended who uses it > > then? > > > Thanks, > > Serge > > > On Jul 20, 11:11 pm, Doug Williams wrote: > >> Serge, > >> Looking at the account I'm not quite sure why it was suspended. The > >> records are inconclusive. I've unsuspended the account. > > >> For posterity's sake I'll repeat that whitelisting will not protect > >> you from suspension. Whitelisting raises select REST API limits. > > >> Thanks, > >> Doug
[twitter-dev] Re: Keep getting suspended
Serge, You can always verify the whitelisted status of your IP or user through a call to account/rate_limit_status. For instance, here are my results: doug$ curl -u dougw:PASSWORD http://twitter.com/account/rate_limit_status.xml 2009-07-21T08:29:35+00:00 19995 2 1248164975 Notice the hourly rate limit of 2 indiciating my account is whitelisted. Removing the authentication will give me the results for my IP address: doug$ curl http://twitter.com/account/rate_limit_status.xml 2009-07-21T08:27:45+00:00 148 150 1248164865 The hourly limit here is 150 indiciating my IP is not whitelisted. For completeness, our rate limiting article is here [1]. Again, whitelisting does not ensure your users will not get suspended. Whitelisting only affects rate limits. 1. http://apiwiki.twitter.com/Rate-limiting Thanks, Doug -- Do you follow me? http://twitter.com/dougw On Tue, Jul 21, 2009 at 12:29 AM, sjespers wrote: > > Thanks for looking in to this and for unsuspending my account. > Did you also confirm that the server I am working from is whitelisted? > How can I make sure that it is? If it's not, then I won't be able to > release my application because everyone will get suspended who uses it > then? > > Thanks, > Serge > > On Jul 20, 11:11 pm, Doug Williams wrote: >> Serge, >> Looking at the account I'm not quite sure why it was suspended. The >> records are inconclusive. I've unsuspended the account. >> >> For posterity's sake I'll repeat that whitelisting will not protect >> you from suspension. Whitelisting raises select REST API limits. >> >> Thanks, >> Doug >> >
[twitter-dev] Re: Keep getting suspended
Thanks for looking in to this and for unsuspending my account. Did you also confirm that the server I am working from is whitelisted? How can I make sure that it is? If it's not, then I won't be able to release my application because everyone will get suspended who uses it then? Thanks, Serge On Jul 20, 11:11 pm, Doug Williams wrote: > Serge, > Looking at the account I'm not quite sure why it was suspended. The > records are inconclusive. I've unsuspended the account. > > For posterity's sake I'll repeat that whitelisting will not protect > you from suspension. Whitelisting raises select REST API limits. > > Thanks, > Doug >
[twitter-dev] Re: Newbie to seek advice on the flow of a twitter app with OAuth
you can use localhost ? really ? just update the callback to http://localhost/xxx ? On Mon, Jul 20, 2009 at 6:06 PM, Andrew Badera wrote: > On Mon, Jul 20, 2009 at 6:05 AM, CG wrote: >> >> Please ignore my question, I already solve it. >> >> It seems like it required a 'real' callback URL to accomplish the >> authentication. >> >> CG >> > > > What do you mean by "real"? I'm able to authenticate using a localhost > address for testing. > > > Thanks- > - Andy Badera > - and...@badera.us > - Google me: http://www.google.com/search?q=andrew+badera > - This email is: [ ] bloggable [x] ask first [ ] private > > >