[twitter-dev] Re: Retweets of a given tweet limited to 20 items
Ho John, On Nov 30, 3:46 am, John Kalucki jkalu...@gmail.com wrote: I haven't run into this issue yet, but have you tried the count parameter? yes, I have tried with and without the parameter, but I can't get more than 20 retweets. That is to say, if I put a value count=X smaller than 20, I get only X retweets, but if I try with X bigger than 20, I get only 20 retweets. For example, this Mashable's tweet has more than 100 retweets: http://twitter.com/mashable/status/6181809784 However, when I try to access http://api.twitter.com/1/statuses/retweets/6181809784.xml?count=100 I only get 20 (latest?) retweets and there's no way to get more. Thank you.
[twitter-dev] Re: Geo-enabled but only geo/ in xml
An as of two days ago Tweetings for the iPhone too On Nov 30, 12:02 am, Mark McBride mmcbr...@twitter.com wrote: And as of today, Tweetie 2.1. ---Mark On Sun, Nov 29, 2009 at 11:29 AM, Raffi Krikorian ra...@twitter.com wrote: fromhttp://blog.twitter.com/2009/11/think-globally-tweet-locally.html birdfeed - http://birdfeedapp.com/ foursquare - http://foursquare.com/ gowalla - http://gowalla.com/ twitdroid - http://twidroid.com/ twitterlator pro - http://j.mp/twitpro and seesmic web (http://www.seesmic.com/app) is set up to consume the data. HI there Raffi, below is a snippet of the home_timeline.XML (the last 8 lines for the status element). ... statuses_count317/statuses_count notificationsfalse/notifications geo_enabledtrue/geo_enabled verifiedfalse/verified followingfalse/following /user geo/ /status The update was added from twitter.com, so if the site itself doesn't supply the data, would you know which clients are populating geo data at this time? Kind Rgds, Chris. On Nov 29, 6:55 pm, Raffi Krikorian ra...@twitter.com wrote: the geotag needs to be passed in explicitly by the application doing the update http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-statuses%C2%A0u... Hi there, I'm confused by the apparent status of geotagging in twitter. The API documentation only mentions it for status update and advice on geo-enabling in applications. So I enabled this on my profile and so am seeing the geo_enabledtrue/geo_enabled when using 'twitter.com/statuses/ user_timeline.xml' with basic authentication. But. There is pnly a single empty geo/ tag in the XML, no actual data at all. Does anyone know what is happening? Many Thanks, Chris. -- Raffi Krikorian Twitter Platform Team ra...@twitter.com | @raffi -- Raffi Krikorian Twitter Platform Team ra...@twitter.com | @raffi
[twitter-dev] Re: Track Limiting
Thank you John. On Nov 24, 1:56 pm, John Kalucki jkalu...@gmail.com wrote: Andres, Alltrackresults are currently rate limited in the Streaming API. Each level of access gives more keywords and also a larger proportion of the total stream. To help you manage this, we sent a limit notice after each limited period expires. If you count the statuses received and also examine the limit notice, you can determine the amount that you are over-requesting. -John Kaluckihttp://twitter.com/jkalucki Services, Twitter Inc. On Nov 24, 8:14 am, Andres andresburg...@gmail.com wrote: We currentlytrackabout 300 keywords using thetrackstreaming API. We have been granted 1st level elevated access but was wondering if there is a total limit to the results we get. I'll try to explain this: We are tracking words like, Twitter, Twilight,Coke etc. We also recently added the word Friday so that we cantrackBlack Friday results and noticed that we should be getting a lot more results. Is there a maximum limit that is returned for all keywords or are specific keywords limited? I hope that makes sense. Thanks. Andres
[twitter-dev] Oauth authentication- all the process in application ?
Hi, I would like to know if exist a way to do all the oauth authentication process in application. a way that does not need to log in on the twitter.. thanks, Daniel
[twitter-dev] Re: Oauth authentication- all the process in application ?
The whole point of oAuth is to send the user to Twitter so that all authentication is done on their servers and to give the user a level of trust that they aren't giving their passwords out to anyone but Twitter. On Nov 30, 3:59 pm, dmsiva danielmartinssi...@gmail.com wrote: Hi, I would like to know if exist a way to do all the oauth authentication process in application. a way that does not need to log in on the twitter.. thanks, Daniel
[twitter-dev] Using Browser application type instead of Client...for a client?
Is it against the terms of use to select Browser as the Application Type in Twitter's application settings when using the API? The reason I want to use it instead of client is because browser allows for a callback URL whereas client prompts for a PIN which isn't supported by my app. Thanks
Re: [twitter-dev] Re: Oauth authentication- all the process in application ?
What Rich said is correct. If I understand correctly, such a scheme would be a huge security hole for us. On Mon, Nov 30, 2009 at 8:03 AM, Rich rhyl...@gmail.com wrote: The whole point of oAuth is to send the user to Twitter so that all authentication is done on their servers and to give the user a level of trust that they aren't giving their passwords out to anyone but Twitter. On Nov 30, 3:59 pm, dmsiva danielmartinssi...@gmail.com wrote: Hi, I would like to know if exist a way to do all the oauth authentication process in application. a way that does not need to log in on the twitter.. thanks, Daniel
[twitter-dev] Re: Using Browser application type instead of Client...for a client?
I meant: Is it against the terms of use to select the Browser type for a client? On Nov 30, 10:44 am, pcwiz pcwiz.supp...@gmail.com wrote: Is it against the terms of use to select Browser as the Application Type in Twitter's application settings when using the API? The reason I want to use it instead of client is because browser allows for a callback URL whereas client prompts for a PIN which isn't supported by my app. Thanks
[twitter-dev] What Is The Status of Twitter OAuth?
Last information I've seen said that Twitter OAuth is in public beta, if I remember correctly. Has that status changed, as in, has OAuth been moved out of beta and into production? The reason I ask is I notice on help.twitter.com that all Twitter users are now essentially being advised to distrust applications that use Basic Auth. The page also says, We recommend that all third-party applications connect through OAuth connection, as described above. [1] How can you say that if OAuth is not yet in stable production mode?? Dewald [1] http://help.twitter.com/forums/10711/entries/76052
Re: [twitter-dev] What Is The Status of Twitter OAuth?
On Mon, Nov 30, 2009 at 1:27 PM, Dewald Pretorius dpr...@gmail.com wrote: How can you say that if OAuth is not yet in stable production mode?? Because there have been several sites that used Twitter user's login for nefarious purposes, and Twitter wants to start getting people out of the habit of blindly trusting any site that asks for their twitter information. TjL not speaking for Twitter Inc.
Re: [twitter-dev] What Is The Status of Twitter OAuth?
On Mon, 30 Nov 2009 10:27:24 -0800 (PST) Dewald Pretorius dpr...@gmail.com wrote: Last information I've seen said that Twitter OAuth is in public beta, if I remember correctly. Has that status changed, as in, has OAuth been moved out of beta and into production? This doesn't look beta to me: http://oauth.net/core/1.0a A is a revision code, not alpha. Chris signature.asc Description: PGP signature
Re: [twitter-dev] What Is The Status of Twitter OAuth?
He's not referring to OAuth the specification. He is referring to Twitter's implementation of it. Ryan On Mon, Nov 30, 2009 at 1:54 PM, Chris Babcock cbabc...@kolonelpanic.orgwrote: On Mon, 30 Nov 2009 10:27:24 -0800 (PST) Dewald Pretorius dpr...@gmail.com wrote: Last information I've seen said that Twitter OAuth is in public beta, if I remember correctly. Has that status changed, as in, has OAuth been moved out of beta and into production? This doesn't look beta to me: http://oauth.net/core/1.0a A is a revision code, not alpha. Chris
Re: [twitter-dev] What Is The Status of Twitter OAuth?
Did you not use gmail till it went out of beta too? :) On Mon, Nov 30, 2009 at 11:27, Dewald Pretorius dpr...@gmail.com wrote: Last information I've seen said that Twitter OAuth is in public beta, if I remember correctly. Has that status changed, as in, has OAuth been moved out of beta and into production? The reason I ask is I notice on help.twitter.com that all Twitter users are now essentially being advised to distrust applications that use Basic Auth. The page also says, We recommend that all third-party applications connect through OAuth connection, as described above. [1] How can you say that if OAuth is not yet in stable production mode?? Dewald [1] http://help.twitter.com/forums/10711/entries/76052 -- Internets. Serious business.
[twitter-dev] Re: What Is The Status of Twitter OAuth?
JDG, you're talking apples and oranges. If Twitter OAuth is stable enough for Twitter to recommend that that all third-party applications connect through OAuth connection, then move it out of beta and into production mode, and announce it as such. If not, then don't make that recommendation. On Nov 30, 3:10 pm, JDG ghil...@gmail.com wrote: Did you not use gmail till it went out of beta too? :) On Mon, Nov 30, 2009 at 11:27, Dewald Pretorius dpr...@gmail.com wrote: Last information I've seen said that Twitter OAuth is in public beta, if I remember correctly. Has that status changed, as in, has OAuth been moved out of beta and into production? The reason I ask is I notice on help.twitter.com that all Twitter users are now essentially being advised to distrust applications that use Basic Auth. The page also says, We recommend that all third-party applications connect through OAuth connection, as described above. [1] How can you say that if OAuth is not yet in stable production mode?? Dewald [1]http://help.twitter.com/forums/10711/entries/76052 -- Internets. Serious business.
[twitter-dev] Profile Images of Different sizes
Hi I am getting profile images of different sizes for different users via the profile_image_url tag in the XML returned thru the API. Is there any way of getting the small (48x48 px) image consistently? Thanks Vinayak
[twitter-dev] Call for action #StopBritneyBots
I'm hearing from many Twitter users that the frustration level caused by the Britney Bots is rising. I'm going to use some euphemisms to make this message safe for work, but the particular bots in question are certainly not work-safe. The _modus operandi_ of these bots is as follows: 1. Get a Twitter account. These are usually of the form small English word5 digit number. The profile picture is typically not safe for work. 2. Collect screen names somehow. They must at least be polling the public timeline. Frequent tweeters seem to get more of them. Perhaps they are doing searches as well, or mining the profiles of the screen names they've collected for more screen names. 3. Send an @ reply to each name collected. These come in bursts - I haven't done any research into the frequency at which they are sent but a number of tweets go out in a burst. The tweets themselves are not safe for work. The bots do *not* appear to be following anybody - they only show up if you do a mentions search. What's worse, though, is that people are retweeting these things! There is a movement on Twitter, using the hashtag #StopBritneyBots, to attempt to get Twitter to put some kind of filtering in place. I'm not sure what the status of that is in Twitter - perhaps some of the Twitter people on this list can chime in. Meanwhile, this particular bot has an easily-detected signature - you can collect the bot names via Twitter search! 1. Do a Twitter search for the following string (the double quotes are part of the string!): '(Click the link at top right of my profile)' Note that the returned tweets from this search will mostly be not safe for work! 2. Break each resulting tweet into space-separated tokens. 3. Scan the tokens from right to left. The first @name you encounter will be the destination victim. The second one you encounter will be the bot that sent it. At this point, you could build a bot to report the bots as spammers. Personally, I think anyone who retweets one of these ought to be considered a spammer as well. ;-) In any event, I've got some code using the Net::Twitter Perl library that collects the tweets, and I can supply a list of names to Twitter if they'd like. I'd prefer, of course, that Twitter deal with this at the inlets to the tweet stream. But I think there's a significant enough groundswell in the community that we will see bots arise using the algorithm I've described above. I've been asked to create one, but I'm holding off - there are some murky legalities involved and I have more interesting research in Twitter text mining I want to do. ;-) Twitter, what say you? Developer community, what say you? -- M. Edward (Ed) Borasky http://borasky-research.net/smart-at-znmeb I've always regarded nature as the clothing of God. ~Alan Hovhaness
Re: [twitter-dev] Call for action #StopBritneyBots
On Mon, Nov 30, 2009 at 4:19 PM, M. Edward (Ed) Borasky zzn...@gmail.com wrote: Twitter, what say you? Developer community, what say you? Twitter, Inc. can't even keep up with porn spammers reported manually using the Report As Spam links, what makes you think they would be able to keep up with an automated version? TjL
[twitter-dev] Lists API call not working?
I'm trying to use this call from the documentation, which previously worked - now it doesn't: http://api.twitter.com/1/twitterapidocs/lists.xml I get redirected to http://api.twitter.com/lists/not_yet This seems to affect other API calls I've tried as well. Lee
[twitter-dev] Re: Lists API call not working?
I can confirm the issue. List API calls are broken. Here's the headers you get: HTTP/1.1 404 Not Found Date: Mon, 30 Nov 2009 21:43:31 GMT Server: Apache Last-Modified: Wed, 25 Nov 2009 02:42:58 GMT Accept-Ranges: bytes Content-Length: 6480 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 On Nov 30, 5:36 pm, LeeS - @semel lse...@gmail.com wrote: I'm trying to use this call from the documentation, which previously worked - now it doesn't: http://api.twitter.com/1/twitterapidocs/lists.xml I get redirected tohttp://api.twitter.com/lists/not_yet This seems to affect other API calls I've tried as well. Lee
Re: [twitter-dev] Lists API call not working?
They've turned off lists on twitter.com at the moment. I'd expect this would cause the API to stop working too.. On Tue, Dec 1, 2009 at 10:36 AM, LeeS - @semel lse...@gmail.com wrote: I'm trying to use this call from the documentation, which previously worked - now it doesn't: http://api.twitter.com/1/twitterapidocs/lists.xml I get redirected to http://api.twitter.com/lists/not_yet This seems to affect other API calls I've tried as well. Lee
[twitter-dev] retweet
How can i know witch status i have beem retweeted? API say's that Note: For backwards compatibility reasons, retweets are stripped out of the user_timeline. If you'd like them included, you can merge them in from statuses retweeted_by_me. There is a url that includes retweet values in user_timeline? thank you, Daniel
[twitter-dev] Re: Lists API call not working?
Yep it affects the API http://status.twitter.com/post/263867698/responding-to-high-error-rate-lists-feature On Nov 30, 9:54 pm, Tim Haines tmhai...@gmail.com wrote: They've turned off lists on twitter.com at the moment. I'd expect this would cause the API to stop working too.. On Tue, Dec 1, 2009 at 10:36 AM, LeeS - @semel lse...@gmail.com wrote: I'm trying to use this call from the documentation, which previously worked - now it doesn't: http://api.twitter.com/1/twitterapidocs/lists.xml I get redirected tohttp://api.twitter.com/lists/not_yet This seems to affect other API calls I've tried as well. Lee
Re: [twitter-dev] Call for action #StopBritneyBots
On 11/30/09 4:23 PM, TJ Luoma wrote: On Mon, Nov 30, 2009 at 4:19 PM, M. Edward (Ed) Borasky zzn...@gmail.com wrote: Twitter, what say you? Developer community, what say you? Twitter, Inc. can't even keep up with porn spammers reported manually using the Report As Spam links, what makes you think they would be able to keep up with an automated version? +1. It's time someone created an anti-spam product that auto-blocks Twitter users that are determined to be spammers. Expecting Twitter to do this is unreasonable at this point, and probably undermines their entire business model of selling ad-blasting accounts to companies. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [twitter-dev] Call for action #StopBritneyBots
Sign in to your Twitter account, go to http://twitblock.org, and drop EVERY SINGLE JUNK FOLLOWER YOU HAVE. No, the junk followers aren't britbots, but if you don't have any losers following you your britbot exposure goes way, way, way down. I'm particularly suspicious of the followers that have 800 people they watch, no profile information, and no one following them back. That's an obvious sleeper/query type thing that could be feeding such behavior. Of course, you have to start valuing your followers differently - total count is meaningless unless you're factoring in their @Klout or something similar. My 600 real people followers are worth far more than 60,000 random Twitter users that never actually read the things those marketing drone accounts are saying ... On Mon, Nov 30, 2009 at 3:19 PM, M. Edward (Ed) Borasky zzn...@gmail.comwrote: I'm hearing from many Twitter users that the frustration level caused by the Britney Bots is rising. I'm going to use some euphemisms to make this message safe for work, but the particular bots in question are certainly not work-safe. The _modus operandi_ of these bots is as follows: 1. Get a Twitter account. These are usually of the form small English word5 digit number. The profile picture is typically not safe for work. 2. Collect screen names somehow. They must at least be polling the public timeline. Frequent tweeters seem to get more of them. Perhaps they are doing searches as well, or mining the profiles of the screen names they've collected for more screen names. 3. Send an @ reply to each name collected. These come in bursts - I haven't done any research into the frequency at which they are sent but a number of tweets go out in a burst. The tweets themselves are not safe for work. The bots do *not* appear to be following anybody - they only show up if you do a mentions search. What's worse, though, is that people are retweeting these things! There is a movement on Twitter, using the hashtag #StopBritneyBots, to attempt to get Twitter to put some kind of filtering in place. I'm not sure what the status of that is in Twitter - perhaps some of the Twitter people on this list can chime in. Meanwhile, this particular bot has an easily-detected signature - you can collect the bot names via Twitter search! 1. Do a Twitter search for the following string (the double quotes are part of the string!): '(Click the link at top right of my profile)' Note that the returned tweets from this search will mostly be not safe for work! 2. Break each resulting tweet into space-separated tokens. 3. Scan the tokens from right to left. The first @name you encounter will be the destination victim. The second one you encounter will be the bot that sent it. At this point, you could build a bot to report the bots as spammers. Personally, I think anyone who retweets one of these ought to be considered a spammer as well. ;-) In any event, I've got some code using the Net::Twitter Perl library that collects the tweets, and I can supply a list of names to Twitter if they'd like. I'd prefer, of course, that Twitter deal with this at the inlets to the tweet stream. But I think there's a significant enough groundswell in the community that we will see bots arise using the algorithm I've described above. I've been asked to create one, but I'm holding off - there are some murky legalities involved and I have more interesting research in Twitter text mining I want to do. ;-) Twitter, what say you? Developer community, what say you? -- M. Edward (Ed) Borasky http://borasky-research.net/smart-at-znmeb I've always regarded nature as the clothing of God. ~Alan Hovhaness -- mailto:n...@layer3arts.com // GoogleTalk: nrauhau...@gmail.com IM: nealrauhauser
[twitter-dev] Need to revoke access from all users
I have an application that users get logged in using Twitter OAuth. The problem, is that new functionalities emerged, and now I need to change the access type from read only to read and update. I think in revoke aceess from all users, but currently, there is no way to do that. So I changed costumer key and didn't worked too. How can I proceed? Ideas? I will need to remove my app and then recreate? Thanks in advance for good solutions. Caio Ariede http://caioariede.com/
[twitter-dev] Re: Retweets of a given tweet limited to 20 items
Still no help about this issue? Am I the only one getting this weird behaviour? I tried also with different accounts and different IP addresses, same problem.
[twitter-dev] Re: Lists API call not working?
Makes sense. I hadn't found out about lists being turned off. Lee On Nov 30, 5:20 pm, Rich rhyl...@gmail.com wrote: Yep it affects the APIhttp://status.twitter.com/post/263867698/responding-to-high-error-rat... On Nov 30, 9:54 pm, Tim Haines tmhai...@gmail.com wrote: They've turned off lists on twitter.com at the moment. I'd expect this would cause the API to stop working too.. On Tue, Dec 1, 2009 at 10:36 AM, LeeS - @semel lse...@gmail.com wrote: I'm trying to use this call from the documentation, which previously worked - now it doesn't: http://api.twitter.com/1/twitterapidocs/lists.xml I get redirected tohttp://api.twitter.com/lists/not_yet This seems to affect other API calls I've tried as well. Lee
[twitter-dev] Authorizing users for my app's API
Here's the situation: My app lets users OAuth via Twitter as their login. Simple and standard. Now, I've created an API for my app. I want other apps, say Twitter clients, to be able to use my app, as if they are one of my app's users. What's the best way to let the user authorize that app to use my app? Do I have to implement OAuth myself, and then have the user OAuth twice, once into my app and once into Twitter via my app to let my app access Twitter? That's a lot of screens for the user to go through. I'm curious how you'd handle this, and if there's a simpler solution. Lee
[twitter-dev] Help parsing Latlon data from XML
Hi there, I've identified how to include the Geo-tagging information in the API, and having posted using tweetie 2.1 I see some tweets with the new data, which is excellent. But I'm having I bit of a problem parsing the latlon info out of the XML I have tried: var latlng = item.getElementsByTagNameNS(http://www.georss.org/ georss,point)[0].childNodes[0].nodeValue.split( ); var lat = latlng[0]; var lng = latlng[1]; and //var latlng = item.getElementsByTagName(georss:point)[0].childNodes [0].nodeValue.split( ); //var lat = latlng[0]; //var lng = latlng[1]; but neither seem to be helping. I'm able to extract the rest of the status data OK, using: var tweetText = item.getElementsByTagName(text)[0].childNodes [0].nodeValue; var tweetUsername = item.getElementsByTagName(name)[0].childNodes [0].nodeValue; var tweetUserAvatar = item.getElementsByTagName(profile_image_url) [0].childNodes[0].nodeValue; Do I need a condition to check for existence of the geo tags for each status, because I think it's failing to loop through tweets that don't include the geotagging data? If anyone is a whizz with extracting these particular tags, and can help I'd be enormously grateful. (the API call is HomeTimeline.XML btw) kind rgds, Chris.
[twitter-dev] Re: Call for action #StopBritneyBots
In this particular case, the detection at Twitter's inlets would be trivial. Sure, spammers can and will get smarter, but fercryinoutloud - dozens / hundreds of accounts with the same avatar spewing bursts of tweets with the phrase '(Click the link at top right of my profile)'? I'm thinking there have to be humans in the loop somewhere - isn't there a captcha when you create an account? If not, well, maybe there should be! By the way, there was a decided drop in the BritneyBot activity while lists were shut down. Lists are back, so are BritneyBots. Coinicidence? Twitter, what say you? On Nov 30, 2:35 pm, neal rauhauser nrauhau...@gmail.com wrote: Sign in to your Twitter account, go tohttp://twitblock.org, and drop EVERY SINGLE JUNK FOLLOWER YOU HAVE. No, the junk followers aren't britbots, but if you don't have any losers following you your britbot exposure goes way, way, way down. I'm particularly suspicious of the followers that have 800 people they watch, no profile information, and no one following them back. That's an obvious sleeper/query type thing that could be feeding such behavior. Of course, you have to start valuing your followers differently - total count is meaningless unless you're factoring in their @Klout or something similar. My 600 real people followers are worth far more than 60,000 random Twitter users that never actually read the things those marketing drone accounts are saying ... On Mon, Nov 30, 2009 at 3:19 PM, M. Edward (Ed) Borasky zzn...@gmail.comwrote: I'm hearing from many Twitter users that the frustration level caused by the Britney Bots is rising. I'm going to use some euphemisms to make this message safe for work, but the particular bots in question are certainly not work-safe. The _modus operandi_ of these bots is as follows: 1. Get a Twitter account. These are usually of the form small English word5 digit number. The profile picture is typically not safe for work. 2. Collect screen names somehow. They must at least be polling the public timeline. Frequent tweeters seem to get more of them. Perhaps they are doing searches as well, or mining the profiles of the screen names they've collected for more screen names. 3. Send an @ reply to each name collected. These come in bursts - I haven't done any research into the frequency at which they are sent but a number of tweets go out in a burst. The tweets themselves are not safe for work. The bots do *not* appear to be following anybody - they only show up if you do a mentions search. What's worse, though, is that people are retweeting these things! There is a movement on Twitter, using the hashtag #StopBritneyBots, to attempt to get Twitter to put some kind of filtering in place. I'm not sure what the status of that is in Twitter - perhaps some of the Twitter people on this list can chime in. Meanwhile, this particular bot has an easily-detected signature - you can collect the bot names via Twitter search! 1. Do a Twitter search for the following string (the double quotes are part of the string!): '(Click the link at top right of my profile)' Note that the returned tweets from this search will mostly be not safe for work! 2. Break each resulting tweet into space-separated tokens. 3. Scan the tokens from right to left. The first @name you encounter will be the destination victim. The second one you encounter will be the bot that sent it. At this point, you could build a bot to report the bots as spammers. Personally, I think anyone who retweets one of these ought to be considered a spammer as well. ;-) In any event, I've got some code using the Net::Twitter Perl library that collects the tweets, and I can supply a list of names to Twitter if they'd like. I'd prefer, of course, that Twitter deal with this at the inlets to the tweet stream. But I think there's a significant enough groundswell in the community that we will see bots arise using the algorithm I've described above. I've been asked to create one, but I'm holding off - there are some murky legalities involved and I have more interesting research in Twitter text mining I want to do. ;-) Twitter, what say you? Developer community, what say you? -- M. Edward (Ed) Borasky http://borasky-research.net/smart-at-znmeb I've always regarded nature as the clothing of God. ~Alan Hovhaness -- mailto:n...@layer3arts.com // GoogleTalk: nrauhau...@gmail.com IM: nealrauhauser
[twitter-dev] Oauth on j2me app
hi all. i'm building an application in j2me. but, i get stuck on oauth. should i get request token everytime user want to login ? should user enter pin code everytime ? should i get access token everytime ? if no, how to authenticate user ? should i save the access token on my database ? thanks..
[twitter-dev] Re: Authorizing users for my app's API
Thanks for asking. I was just wondering the same thing. :-) On Nov 30, 3:19 pm, LeeS - @semel lse...@gmail.com wrote: Here's the situation: My app lets users OAuth via Twitter as their login. Simple and standard. Now, I've created an API for my app. I want other apps, say Twitter clients, to be able to use my app, as if they are one of my app's users. What's the best way to let the user authorize that app to use my app? Do I have to implement OAuth myself, and then have the user OAuth twice, once into my app and once into Twitter via my app to let my app access Twitter? That's a lot of screens for the user to go through. I'm curious how you'd handle this, and if there's a simpler solution. Lee
Re: [twitter-dev] Re: Authorizing users for my app's API
To all who are wondering about this - I raised this issue and some suggestions a while back, got 1 response from Twitter, but when I asked the dev community who else struggles with this, it was awfully silent (perhaps people hoping Twitter would never deprecate basic auth)... See this thread: http://groups.google.com/group/twitter-development-talk/browse_frm/thread/ac 563255efcb On 11/30/09 4:48 PM, Brian Morearty bmorea...@gmail.com wrote: Thanks for asking. I was just wondering the same thing. :-) On Nov 30, 3:19 pm, LeeS - @semel lse...@gmail.com wrote: Here's the situation: My app lets users OAuth via Twitter as their login. Simple and standard. Now, I've created an API for my app. I want other apps, say Twitter clients, to be able to use my app, as if they are one of my app's users. What's the best way to let the user authorize that app to use my app? Do I have to implement OAuth myself, and then have the user OAuth twice, once into my app and once into Twitter via my app to let my app access Twitter? That's a lot of screens for the user to go through. I'm curious how you'd handle this, and if there's a simpler solution. Lee
[twitter-dev] Help! Invalid / expired token. (PHP using Abraham Williams' library.)
I can't figure this out for the life of me. I've authorized my application and retrieved the access token. The access token and secret are stored in a database. Then I try to make a 'verify credentials' query using Abraham's library, as shown in the example code: $connection = new TwitterOAuth($consumer_key, $consumer_secret, $access_token, $access_secret); $content = $connection-get('account/verify_credentials'); I keep getting the following error response: {request:/1/account/verify_credentials.json?oauth_consumer_key= [my_consumer_key] oauth_nonce=1e10a10ba19315ee8c935f819e082b4coauth_signature=a99dyAMXN7vI %2FZqRqzHPkKrgfWw%3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1259628414oauth_token=[my_access_token] oauth_version=1.0a,error:Invalid / expired Token} Does anyone know what could be causing this? I've checked and rechecked the tokens and keys ad nauseum, so I think the problem is somewhere else. Thanks in advance!
[twitter-dev] Re: Authorizing users for my app's API
I know some people will kick my shins over this, but I would not recommend using Twitter OAuth (or Facebook Connect for that matter) as the primary mechanism for logins to your own site. Why would one expose your site to the stability, availability, temperament, and good graces of another service over which you have no control? If they are down, or for some reason they blocked you, your app is dead in the water (nobody can login), even if there is functionality that does not depend on API calls to the external service. You may have a lot of things cached so that your site can function even when Twitter OAuth is on the blink. That helps you nothing if you depend on Twitter OAuth for user logins to your site. On Nov 30, 9:03 pm, Michael Steuer mste...@gmail.com wrote: To all who are wondering about this - I raised this issue and some suggestions a while back, got 1 response from Twitter, but when I asked the dev community who else struggles with this, it was awfully silent (perhaps people hoping Twitter would never deprecate basic auth)... See this thread: http://groups.google.com/group/twitter-development-talk/browse_frm/th... 563255efcb On 11/30/09 4:48 PM, Brian Morearty bmorea...@gmail.com wrote: Thanks for asking. I was just wondering the same thing. :-) On Nov 30, 3:19 pm, LeeS - @semel lse...@gmail.com wrote: Here's the situation: My app lets users OAuth via Twitter as their login. Simple and standard. Now, I've created an API for my app. I want other apps, say Twitter clients, to be able to use my app, as if they are one of my app's users. What's the best way to let the user authorize that app to use my app? Do I have to implement OAuth myself, and then have the user OAuth twice, once into my app and once into Twitter via my app to let my app access Twitter? That's a lot of screens for the user to go through. I'm curious how you'd handle this, and if there's a simpler solution. Lee
Re: [twitter-dev] Re: Authorizing users for my app's API
While that may be true in a more generic sense, I think that for most of us on this mailinglist, the core functionality of our apps depends on Twitter being up and available... So for me there's really little point in authenticating users when Twitter is down and my app doesn't provide its core functionality... But anyways, this is all slightly OT. The reality is, oAuth is Twitter's preferred authentication protocol, it will soon be the only one, and it lacks delegation, ie. anyone who's providing APIs to 3rd parties (twitpic, twitvid, yfrog, anyone!) are going to be SOL once basic auth is deprecated unless Twitter provides some form or oAuth delegation... And for those of us not providing basic autha and already using oauth exclusively, we're already SOL, as we can't provide, nor consume APIs that require basic authentication. Time to re-start this discussion please... On 11/30/09 5:43 PM, Dewald Pretorius dpr...@gmail.com wrote: I know some people will kick my shins over this, but I would not recommend using Twitter OAuth (or Facebook Connect for that matter) as the primary mechanism for logins to your own site. Why would one expose your site to the stability, availability, temperament, and good graces of another service over which you have no control? If they are down, or for some reason they blocked you, your app is dead in the water (nobody can login), even if there is functionality that does not depend on API calls to the external service. You may have a lot of things cached so that your site can function even when Twitter OAuth is on the blink. That helps you nothing if you depend on Twitter OAuth for user logins to your site. On Nov 30, 9:03 pm, Michael Steuer mste...@gmail.com wrote: To all who are wondering about this - I raised this issue and some suggestions a while back, got 1 response from Twitter, but when I asked the dev community who else struggles with this, it was awfully silent (perhaps people hoping Twitter would never deprecate basic auth)... See this thread: http://groups.google.com/group/twitter-development-talk/browse_frm/th... 563255efcb On 11/30/09 4:48 PM, Brian Morearty bmorea...@gmail.com wrote: Thanks for asking. I was just wondering the same thing. :-) On Nov 30, 3:19 pm, LeeS - @semel lse...@gmail.com wrote: Here's the situation: My app lets users OAuth via Twitter as their login. Simple and standard. Now, I've created an API for my app. I want other apps, say Twitter clients, to be able to use my app, as if they are one of my app's users. What's the best way to let the user authorize that app to use my app? Do I have to implement OAuth myself, and then have the user OAuth twice, once into my app and once into Twitter via my app to let my app access Twitter? That's a lot of screens for the user to go through. I'm curious how you'd handle this, and if there's a simpler solution. Lee
Re: [twitter-dev] Re: What Is The Status of Twitter OAuth?
I was not aware oauth was still considered beta. It has been live for months now and seems to be in stable condition. So it should be fine for production use. Josh On Mon, Nov 30, 2009 at 1:55 PM, Dewald Pretorius dpr...@gmail.com wrote: JDG, you're talking apples and oranges. If Twitter OAuth is stable enough for Twitter to recommend that that all third-party applications connect through OAuth connection, then move it out of beta and into production mode, and announce it as such. If not, then don't make that recommendation. On Nov 30, 3:10 pm, JDG ghil...@gmail.com wrote: Did you not use gmail till it went out of beta too? :) On Mon, Nov 30, 2009 at 11:27, Dewald Pretorius dpr...@gmail.com wrote: Last information I've seen said that Twitter OAuth is in public beta, if I remember correctly. Has that status changed, as in, has OAuth been moved out of beta and into production? The reason I ask is I notice on help.twitter.com that all Twitter users are now essentially being advised to distrust applications that use Basic Auth. The page also says, We recommend that all third-party applications connect through OAuth connection, as described above. [1] How can you say that if OAuth is not yet in stable production mode?? Dewald [1]http://help.twitter.com/forums/10711/entries/76052 -- Internets. Serious business.
[twitter-dev] Re: 401 Unauthorized problem
I have try to follow to OAuth document to set up Authorization header, but still get 401 Unauthorized when I am using _method as parameter, and here is the result: *Response Headers DateTue, 01 Dec 2009 03:21:03 GMT Server hi WWW-AuthenticateBasic realm=Twitter API Status 401 Unauthorized Content-Typeapplication/xml; charset=utf-8 Cache-Control no-cache, max-age=1800 Set-Cookie _twitter_sess=BAh7CjoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj %250AOWM1YzllYzAyYTVjOWU2NGM6CXVzZXJpBDmg6AM6EXRyYW5zX3Byb21wdDAi %250ACmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7%250AAAY6CkB1c2VkewA6B2lkIiU5ZWI2NmY2MTU5ZmYyODM4NGE3YTAxNGUxMmMy %250AMTAyNg%253D%253D--4353873c14c39b48b0d30c48abba5858bff5a3a0; domain=.twitter.com; path=/ Expires Tue, 01 Dec 2009 03:51:03 GMT VaryAccept-Encoding Content-Encodinggzip Content-Length 140 Connection close *Request Headers Hostapi.twitter.com User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 GTB6 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 300 Connection keep-alive Cookie __qca=P0-1306444636-1259550182670; __utma=43838368.345398731.1259564074.1259574616.1259577218.3; __utmz=43838368.1259577218.3.2.utmcsr=forum7.hkgolden.com|utmccn= (referral)|utmcmd=referral|utmcct=/view.aspx; __utmv=43838368.lang%3A %20en; _twitter_sess=BAh7CjoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj %250AOWM1YzllYzAyYTVjOWU2NGM6EXRyYW5zX3Byb21wdDA6CXVzZXJpBDmg6AM6%250AB2lkIiU5ZWI2NmY2MTU5ZmYyODM4NGE3YTAxNGUxMmMyMTAyNiIKZmxhc2hJ %250AQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVz %250AZWR7AA%253D%253D--00951782ee94404e73d0edcbd7d02f1800f10915 *Post Data: Content-type: application/x-www-form-urlencoded Authorization: OAuth realm=Test,oauth_signature_method=HMAC- SHA1,oauth_token=65577017- K65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ,oauth_nonce=9399,oauth_timestamp=1259637691,oauth_version=1.0,oauth_consumer_key=WiW3RrjmAhPvWvTn6oPLA,oauth_signature=BhLQP0o0OKLXjiQWn1l9ca7Fsek %3D Content-length: 28 id=77938855%5Fmethod=DELETE I wonder this the the problem of _method since when I use other parameter, there are no problem at all. So, do anyone know what is the problem of my request and could twitter provide a correct Request example which using _method as a OAuth parameter? Thanks. Wilfred On Nov 27, 1:24 pm, Mark McBride mmcbr...@twitter.com wrote: It looks like you're trying to actually include the OAuth Authorization header in your POST body, which isn't the way you want to do it. Instead, you should be using the Authorization HTTP header to transmit this info (seehttp://oauth.net/core/1.0a#anchor46). To make things extra weird, in one case you do have an Authorization header set, but it's basic auth. ---Mark On Thu, Nov 26, 2009 at 6:47 PM, Wilfred yau wld991...@gmail.com wrote: I have already solve the special char problem because encoding in Flex. but I still find that when I call _method= DELETE inListAPI, I still get 401 Unauthorized from api.twitter.com. On Nov 25, 11:09 am, Wilfred yau wld991...@gmail.com wrote: I am using OAuth to accessListAPI, but I find that if the request URL contain some char like _, (, then twitter will return 401 Unauthorized. Does anyone know what is the problem?? and this is my request: *Request URL: http://api.twitter.com/1/wilfred_yau/yedsrc/members.xml *Request header: Host:api.twitter.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22; __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)| utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en; __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264; _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh %250ANjE1YzdjOWU4MTE5MGJjOhF0cmFuc19wcm9tcHQwOgl1c2VyaQQ5oOgDOg5y %250AZXR1cm5fdG8iJGh0dHA6Ly90d2l0dGVyLmNvbS9zb2Z0cGVkaWFtYWM6B2lk %250AIiU0Y2JmMWJmNjc0YzJmOTlhZGZjMTA1MzE3NzI3ZGUwNiIKZmxhc2hJQzon %250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA %253D%253D--3573176707558a7f9cd9653e6a60c073c94e91f5; __utmc=43838368 *Post Data: Content-type: application/x-www-form-urlencoded Content-length: 300
[twitter-dev] Re: Oauth on j2me app
hai can someone help me ? :-) 2009/12/1 ZilM3ier asfau...@gmail.com hi all. i'm building an application in j2me. but, i get stuck on oauth. should i get request token everytime user want to login ? should user enter pin code everytime ? should i get access token everytime ? if no, how to authenticate user ? should i save the access token on my database ? thanks..
Re: [twitter-dev] Re: Oauth on j2me app
Responses to questions below. Hope it helps. Josh should i get request token everytime user want to login ? You must fetch a request token when ever you begin a new OAuth handshake. You need this to build the authorization redirect url which sends the user to twitter to authorize your application. should user enter pin code everytime ? The user must provide you with the PIN code if you are not using callback URLs. This being a j2me application, you will probably just be using the PIN method, so you don't need to worry about callbacks for now. should i get access token everytime ? No. Once the user has authorized you just re-use the access token. The only time you need to re-do the handshake is if the access token gets revoked. if no, how to authenticate user ? should i save the access token on my database ? You wil want to probably store the access token on the device. So when ever you application accesses twitter look to see if you have an access token. If not do the OAuth handshake.
[twitter-dev] Seeking information on moving groups of followers and others following
Hello: I want to ask the development team if there's a way to move your followers and others following you between one or more twitter accounts in an automated fashion? Second question: What is the best way to optimize a Twitter list targeting a special interest? Example: Fitness Group taking place on Saturday mornings in Queens, NY. Of course only twitter users in the Queens, NY area will be interested in learning about this group. That said, is there a way to target message/ list to a niche audience on Twitter by geographic area and not have it be received as spam? Maybe some type of contextual functionality? Many thanks, Steve Eisenberg
Re: [twitter-dev] Seeking information on moving groups of followers and others following
I want to ask the development team if there's a way to move your followers and others following you between one or more twitter accounts in an automated fashion? nope. Second question: What is the best way to optimize a Twitter list targeting a special interest? Example: Fitness Group taking place on Saturday mornings in Queens, NY. Of course only twitter users in the Queens, NY area will be interested in learning about this group. That said, is there a way to target message/ list to a niche audience on Twitter by geographic area and not have it be received as spam? Maybe some type of contextual functionality? not right now, unfortunately. -- Raffi Krikorian Twitter Platform Team ra...@twitter.com | @raffi
Re: [twitter-dev] Re: Oauth on j2me app
correct me if i wrong : no access token yet : - request token - redirect to oauth/authorizehttp://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-authorize with the token as parameter - users allow application to access their twitter - users get pin - users enter pin on j2me application - application try to get access token with pin (oauth_verifier) - application store the access token on device database has access token : - application get the access token from device database - application user the token to access twitter is like that ? 2009/12/1 Josh Roesslein jroessl...@gmail.com Responses to questions below. Hope it helps. Josh should i get request token everytime user want to login ? You must fetch a request token when ever you begin a new OAuth handshake. You need this to build the authorization redirect url which sends the user to twitter to authorize your application. should user enter pin code everytime ? The user must provide you with the PIN code if you are not using callback URLs. This being a j2me application, you will probably just be using the PIN method, so you don't need to worry about callbacks for now. should i get access token everytime ? No. Once the user has authorized you just re-use the access token. The only time you need to re-do the handshake is if the access token gets revoked. if no, how to authenticate user ? should i save the access token on my database ? You wil want to probably store the access token on the device. So when ever you application accesses twitter look to see if you have an access token. If not do the OAuth handshake.