[twitter-dev] Re: Coming soon: a solution for Open Source applications using OAuth with the Twitter API

[alexkingorg]

This is excellent news and sounds like a much better user experience
than the previously discussed options. I would like to suggest it be
taken one step further. Could the encoded string with the keys be
returned programatically to the Open Source application instead of
asking the user to copy/paste? This way the user experience would be
very similar to a standard OAuth transaction.

Cheers,
--Alex

http://alexking.org


On Jun 11, 4:56 pm, Taylor Singletary 
wrote:
> Hi Developers,
>
> As has been discussed on the list recently, OAuth and Open Source
> applications are a difficult combination because token secrets shouldn't be
> embedded in widely distributed code.
>
> We're pleased to announce that we've devised a solution to this problem.
> [...]

Re: [twitter-dev] oauth status update returning error 401 invalid / used nonce

[Taylor Singletary]

xAuth in this case, I think, is unrelated to the issue. If you can use
a different key and use the "my token" feature to get your access
token, then try to tweet using that token, it will sufficiently
express the problem I think.

Taylor

On Jun 11, 2010, at 2:48 PM, Craig  wrote:

> Hello,
>
> I have an iphone app that is using xauth.  I am able to obtain the
> access token with no problem at all.  When I go to post a status
> update, I receive an invalid / used nonce error.  It can't actually be
> a used nonce since I have checked this multiple times.  Here are the
> details of the post:
>
> url:
> http://api.twitter.com/1/statuses/update.xml
>
> signature base string:
> POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> %2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_nonce
> %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
> SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken
> %26oauth_version%3D1.0%26status%3Dmy%2520tweet
>
> Authorization header:
> OAuth oauth_nonce="397vi5Ug1YHC3UAVUAoB", oauth_signature_method="HMAC-
> SHA1", oauth_timestamp="1276292596",
> oauth_consumer_key="myconsumerkey", oauth_token="mytoken",
> oauth_signature="yOh2zQPGDBlVEP5cDWhjddQWTLc%3D", oauth_version="1.0"
>
> Content-Type:
> [request setValue:@"application/x-www-form-urlencoded"
> forHTTPHeaderField:@"Content-Type"];
>
> I can see no reason why this shouldn't work.  Any help would be
> greatly appreciated!
>
> Thanks,
> Craig

[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce

[Craig]

Sure I can do that, althought I'll have to get approved for xAuth on
that application as well.  Will I have to request xAuth again?

Thanks,
Craig

On Jun 11, 8:10 pm, Taylor Singletary 
wrote:
> Based on another bug I've seen come up but have been unable to track
> consistently, can you try creating a new application and doing the
> oauth dance and then trying to make the status update again using the
> new keys and the new access tokens?
>
> Thanks!
>
>
>
>
>
> On Friday, June 11, 2010, Craig  wrote:
> > Thanks for your quick reply!  This error occurs consistently no matter
> > what nonce I'm using.  My timestamp appears to be aligned with the
> > time from your response.  I also tried a different nonce scheme and
> > that didn't seem to work either.
>
> > Here is my post body:
> > status=My%20Tweet
>
> > I just attempted to use a + instead of the %20 but that did not work.
> > I'm at a loss as to what it could be.  Maybe I'll try yet one more
> > nonce scheme?  Is the any scheme in particular that you have found to
> > work?
>
> > Thanks!
> > Craig
>
> > On Jun 11, 5:56 pm, Taylor Singletary 
> > wrote:
> >> We have a few (difficult to pin down) edge cases where we throw a "bad
> >> nonce" error in an otherwise legit scenario -- often while we are under
> >> heavy amounts of load.  Is this error consistent for you no matter what
> >> nonce you use?
>
> >> Do you know if your timestamp is aligned with the time indicated in an HTTP
> >> header of our response to your requests?
>
> >> While others have found complicated nonce values cause issues, your nonce
> >> seems relatively tame in comparison to those who ran into those issues. 
> >> Just
> >> the same, I'd recommend you try a different nonce generation scheme, 
> >> perhaps
> >> one with an eye for simplicity.
>
> >> Otherwise, your request seems structurally correct. What does your POST 
> >> body
> >> for this request look like? Do you receive the same error when you replace
> >> your "%20" space character in your POST body with plus?
>
> >> Taylor Singletary
> >> Developer Advocate, Twitterhttp://twitter.com/episod
>
> >> On Fri, Jun 11, 2010 at 2:48 PM, Craig  wrote:
> >> > Hello,
>
> >> > I have an iphone app that is using xauth.  I am able to obtain the
> >> > access token with no problem at all.  When I go to post a status
> >> > update, I receive an invalid / used nonce error.  It can't actually be
> >> > a used nonce since I have checked this multiple times.  Here are the
> >> > details of the post:
>
> >> > url:
> >> >http://api.twitter.com/1/statuses/update.xml
>
> >> > signature base string:
> >> > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> >> > %2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_nonce
> >> > %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
> >> > SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken
> >> > %26oauth_version%3D1.0%26status%3Dmy%2520tweet
>
> >> > Authorization header:
> >> > OAuth oauth_nonce="397vi5Ug1YHC3UAVUAoB", oauth_signature_method="HMAC-
> >> > SHA1", oauth_timestamp="1276292596",
> >> > oauth_consumer_key="myconsumerkey", oauth_token="mytoken",
> >> > oauth_signature="yOh2zQPGDBlVEP5cDWhjddQWTLc%3D", oauth_version="1.0"
>
> >> > Content-Type:
> >> > [request setValue:@"application/x-www-form-urlencoded"
> >> > forHTTPHeaderField:@"Content-Type"];
>
> >> > I can see no reason why this shouldn't work.  Any help would be
> >> > greatly appreciated!
>
> >> > Thanks,
> >> > Craig
>
> --
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod

[twitter-dev] Re: Coming soon: a solution for Open Source applications using OAuth with the Twitter API

[Dmitri Snytkine]

Interesting idea.

On Jun 11, 6:56 pm, Taylor Singletary 
wrote:
> Hi Developers,
>
> As has been discussed on the list recently, OAuth and Open Source
> applications are a difficult combination because token secrets shouldn't be
> embedded in widely distributed code.
>
> We're pleased to announce that we've devised a solution to this problem.
>
> Next week, we plan to release a new extension to the Twitter API that will
> allow Open Source applications to obtain OAuth consumer keys and secrets for
> their users, without having to distribute an application secret.
>
> Approved Open Source client applications will have an easy to implement
> ability, through dev.twitter.com, to generate new client tokens & secrets to
> be used specifically for each new instance of the application.
>
> While completing the process does require the end-user to complete a few
> extra operations, we think this is a good compromise.
>
> The source tag on tweets published by the child applications generated with
> this approach will be a variation on the originating application's name. For
> examples, if the name of the parent application was "AdventureTweet" and the
> user's screen name was @zork, then the child application's name would be
> "AdventureTweet (zork)".
>
> The work flow for these applications will be something like this:
>
>   1. You store your API Consumer Key in your application distribution (but
> never your secret!).
>   2. A user downloads/installs/checks out your open source application and
> runs it for the first time
>   3. Your application builds a URL to our key exchange endpoint, using your
> consumer key.
>       
> Example:http://dev.twitter.com/apps/key_exchange?oauth_consumer_key=abcdefghi...
>   4. You send the user to that URL in whatever way makes sense in your
> environment.
>   5. That user will have to login using their Twitter credentials (if they
> aren't already), and then approve your application's request to replicate
> itself on the user's behalf.
>   6. The approval will require that the user agrees to our terms of service,
> as this process results in them having control of their own application
>   7. The user is presented with a string that they are asked to paste into
> your application. The string will contain ah API key and secret, in addition
> to an access token and token secret for the member: everything that's needed
> to get the user up and running in your application.
>   8. The user pastes the string into your application, which then consumes
> and stores it to begin performing API calls using OAuth.
>
> The string containing the keys will be x-www-form-urlencoded. To keep the
> string brief, it will contain abbreviated key names.
>
> An example:
> ck=KIyzzZUM7KvKYOpnst2aOw&cs=4PQk1eH4MadmzzEZ1G1KdrWHIFC1IPxv1kXZg0G3E&at=542212-utEhFTv5GZZcc2R4w6thnApKtf1N1eKRedcFJthdeA&ats=FFdeOEwxOBWPPREd55dKx7AAaI8NfpK7xnibv4Yls
>
> Where: "ck" - consumer key, "cs" - consumer secret, "at" - access token,
> "ats" - access token secret
>
> This kind of key requisition service is new to the Twitter ecosystem, and
> we're going to be closely monitoring it for abuse. Once we announce its
> availability, we'll begin taking requests for Open Source applications that
> would like to offer the feature in their application.
>
> We're excited to offer this solution to the open source community. Thanks
> everyone!
>
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod

Re: [twitter-dev] oauth status update returning error 401 invalid / used nonce

[Taylor Singletary]

Based on another bug I've seen come up but have been unable to track
consistently, can you try creating a new application and doing the
oauth dance and then trying to make the status update again using the
new keys and the new access tokens?

Thanks!

On Friday, June 11, 2010, Craig  wrote:
> Thanks for your quick reply!  This error occurs consistently no matter
> what nonce I'm using.  My timestamp appears to be aligned with the
> time from your response.  I also tried a different nonce scheme and
> that didn't seem to work either.
>
> Here is my post body:
> status=My%20Tweet
>
> I just attempted to use a + instead of the %20 but that did not work.
> I'm at a loss as to what it could be.  Maybe I'll try yet one more
> nonce scheme?  Is the any scheme in particular that you have found to
> work?
>
> Thanks!
> Craig
>
>
> On Jun 11, 5:56 pm, Taylor Singletary 
> wrote:
>> We have a few (difficult to pin down) edge cases where we throw a "bad
>> nonce" error in an otherwise legit scenario -- often while we are under
>> heavy amounts of load.  Is this error consistent for you no matter what
>> nonce you use?
>>
>> Do you know if your timestamp is aligned with the time indicated in an HTTP
>> header of our response to your requests?
>>
>> While others have found complicated nonce values cause issues, your nonce
>> seems relatively tame in comparison to those who ran into those issues. Just
>> the same, I'd recommend you try a different nonce generation scheme, perhaps
>> one with an eye for simplicity.
>>
>> Otherwise, your request seems structurally correct. What does your POST body
>> for this request look like? Do you receive the same error when you replace
>> your "%20" space character in your POST body with plus?
>>
>> Taylor Singletary
>> Developer Advocate, Twitterhttp://twitter.com/episod
>>
>>
>>
>> On Fri, Jun 11, 2010 at 2:48 PM, Craig  wrote:
>> > Hello,
>>
>> > I have an iphone app that is using xauth.  I am able to obtain the
>> > access token with no problem at all.  When I go to post a status
>> > update, I receive an invalid / used nonce error.  It can't actually be
>> > a used nonce since I have checked this multiple times.  Here are the
>> > details of the post:
>>
>> > url:
>> >http://api.twitter.com/1/statuses/update.xml
>>
>> > signature base string:
>> > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
>> > %2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_nonce
>> > %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
>> > SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken
>> > %26oauth_version%3D1.0%26status%3Dmy%2520tweet
>>
>> > Authorization header:
>> > OAuth oauth_nonce="397vi5Ug1YHC3UAVUAoB", oauth_signature_method="HMAC-
>> > SHA1", oauth_timestamp="1276292596",
>> > oauth_consumer_key="myconsumerkey", oauth_token="mytoken",
>> > oauth_signature="yOh2zQPGDBlVEP5cDWhjddQWTLc%3D", oauth_version="1.0"
>>
>> > Content-Type:
>> > [request setValue:@"application/x-www-form-urlencoded"
>> > forHTTPHeaderField:@"Content-Type"];
>>
>> > I can see no reason why this shouldn't work.  Any help would be
>> > greatly appreciated!
>>
>> > Thanks,
>> > Craig
>

-- 
Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod

[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce

[Craig]

Thanks for your quick reply!  This error occurs consistently no matter
what nonce I'm using.  My timestamp appears to be aligned with the
time from your response.  I also tried a different nonce scheme and
that didn't seem to work either.

Here is my post body:
status=My%20Tweet

I just attempted to use a + instead of the %20 but that did not work.
I'm at a loss as to what it could be.  Maybe I'll try yet one more
nonce scheme?  Is the any scheme in particular that you have found to
work?

Thanks!
Craig


On Jun 11, 5:56 pm, Taylor Singletary 
wrote:
> We have a few (difficult to pin down) edge cases where we throw a "bad
> nonce" error in an otherwise legit scenario -- often while we are under
> heavy amounts of load.  Is this error consistent for you no matter what
> nonce you use?
>
> Do you know if your timestamp is aligned with the time indicated in an HTTP
> header of our response to your requests?
>
> While others have found complicated nonce values cause issues, your nonce
> seems relatively tame in comparison to those who ran into those issues. Just
> the same, I'd recommend you try a different nonce generation scheme, perhaps
> one with an eye for simplicity.
>
> Otherwise, your request seems structurally correct. What does your POST body
> for this request look like? Do you receive the same error when you replace
> your "%20" space character in your POST body with plus?
>
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod
>
>
>
> On Fri, Jun 11, 2010 at 2:48 PM, Craig  wrote:
> > Hello,
>
> > I have an iphone app that is using xauth.  I am able to obtain the
> > access token with no problem at all.  When I go to post a status
> > update, I receive an invalid / used nonce error.  It can't actually be
> > a used nonce since I have checked this multiple times.  Here are the
> > details of the post:
>
> > url:
> >http://api.twitter.com/1/statuses/update.xml
>
> > signature base string:
> > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> > %2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_nonce
> > %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
> > SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken
> > %26oauth_version%3D1.0%26status%3Dmy%2520tweet
>
> > Authorization header:
> > OAuth oauth_nonce="397vi5Ug1YHC3UAVUAoB", oauth_signature_method="HMAC-
> > SHA1", oauth_timestamp="1276292596",
> > oauth_consumer_key="myconsumerkey", oauth_token="mytoken",
> > oauth_signature="yOh2zQPGDBlVEP5cDWhjddQWTLc%3D", oauth_version="1.0"
>
> > Content-Type:
> > [request setValue:@"application/x-www-form-urlencoded"
> > forHTTPHeaderField:@"Content-Type"];
>
> > I can see no reason why this shouldn't work.  Any help would be
> > greatly appreciated!
>
> > Thanks,
> > Craig

[twitter-dev] Coming soon: a solution for Open Source applications using OAuth with the Twitter API

[Taylor Singletary]

Hi Developers,

As has been discussed on the list recently, OAuth and Open Source
applications are a difficult combination because token secrets shouldn't be
embedded in widely distributed code.

We're pleased to announce that we've devised a solution to this problem.

Next week, we plan to release a new extension to the Twitter API that will
allow Open Source applications to obtain OAuth consumer keys and secrets for
their users, without having to distribute an application secret.

Approved Open Source client applications will have an easy to implement
ability, through dev.twitter.com, to generate new client tokens & secrets to
be used specifically for each new instance of the application.

While completing the process does require the end-user to complete a few
extra operations, we think this is a good compromise.

The source tag on tweets published by the child applications generated with
this approach will be a variation on the originating application's name. For
examples, if the name of the parent application was "AdventureTweet" and the
user's screen name was @zork, then the child application's name would be
"AdventureTweet (zork)".

The work flow for these applications will be something like this:

  1. You store your API Consumer Key in your application distribution (but
never your secret!).
  2. A user downloads/installs/checks out your open source application and
runs it for the first time
  3. Your application builds a URL to our key exchange endpoint, using your
consumer key.
  Example:
http://dev.twitter.com/apps/key_exchange?oauth_consumer_key=abcdefghijklmnopqrstuvwxyz
  4. You send the user to that URL in whatever way makes sense in your
environment.
  5. That user will have to login using their Twitter credentials (if they
aren't already), and then approve your application's request to replicate
itself on the user's behalf.
  6. The approval will require that the user agrees to our terms of service,
as this process results in them having control of their own application
  7. The user is presented with a string that they are asked to paste into
your application. The string will contain ah API key and secret, in addition
to an access token and token secret for the member: everything that's needed
to get the user up and running in your application.
  8. The user pastes the string into your application, which then consumes
and stores it to begin performing API calls using OAuth.

The string containing the keys will be x-www-form-urlencoded. To keep the
string brief, it will contain abbreviated key names.

An example:
ck=KIyzzZUM7KvKYOpnst2aOw&cs=4PQk1eH4MadmzzEZ1G1KdrWHIFC1IPxv1kXZg0G3E&at=542212-utEhFTv5GZZcc2R4w6thnApKtf1N1eKRedcFJthdeA&ats=FFdeOEwxOBWPPREd55dKx7AAaI8NfpK7xnibv4Yls

Where: "ck" - consumer key, "cs" - consumer secret, "at" - access token,
"ats" - access token secret

This kind of key requisition service is new to the Twitter ecosystem, and
we're going to be closely monitoring it for abuse. Once we announce its
availability, we'll begin taking requests for Open Source applications that
would like to offer the feature in their application.

We're excited to offer this solution to the open source community. Thanks
everyone!

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod

[twitter-dev] Re: Geo-caching Without Lat/Long

[Sam Ramji]

We've built a free tool with similar capabilities but including OAuth
authentication and contextual links to the full Twitter API, and no
login required in order to save API calls.

You can see the same lat/long query here:

http://app.apigee.com/console/5ffbfabd-04c0-4802-a71d-542c23a1ec0e/rendersnapshotview

Hope this is helpful - we are seeking feedback on the tool if you have
any.

Thanks,

Sam

On Jun 11, 9:48 am, Bryan  wrote:
> Hey Abraham. The above example is dated. My point is appending
> max_result=1 onto any verified result results in a 404:
>
> http://hurl.it/hurls/08a6b684b494cab6138754d7b7470d9895968d59/88bbdc8...
>
> is okay, but with max_results=1:
>
> http://hurl.it/hurls/df8773b96e453cfd5426123c3ba4354fc2d96769/6d952ea...
>
> returns a 404
>
> Thanks for the link; that's a very useful tool!
>
> On Jun 11, 11:40 am, Abraham Williams <4bra...@gmail.com> wrote:
>
>
>
> > The lat/long you are passing to the API are in the Yellow Sea so Twitter is
> > 404ing as it does not have any places near there.
>
> >http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b26...
>
> > Abraham
> > -
> > Abraham Williams | Hacker Advocate |http://abrah.am
> > @abraham |http://projects.abrah.am|http://blog.abrah.am
> > This email is: [ ] shareable [x] ask first [ ] private.
>
> > On Fri, Jun 11, 2010 at 07:28, Bryan  wrote:
> > > Matt--
>
> > > Okay thanks for the reply. I'm building a news aggregator so the goal
> > > was to enter the location manually. Still, I'm having trouble with the
> > > geo-coding method. I'm using Abraham's php library and I do the
> > > following:
>
> > >        $location = $connection->get('geo/reverse_geocode', array('lat' =>
> > > '37.75' , 'long' => '122.68'));
> > >        echo $connection->http_code;
>
> > > Which returns 404. $location->id is empty. Any thoughts as to what I'm
> > > doing wrong?
>
> > > On Jun 11, 9:21 am, Matt Harris  wrote:
> > > > Hey Bryan,
>
> > > > Status updates only accept lat/long or place_id. There isn't a way of
> > > > providing plain text locations for these fields. If you wish to display 
> > > > a
> > > > textual representation of where someone is on your app you would need to
> > > > carry out a reverse geocode first.
>
> > > > I don't know the method you are using to obtain the location but
> > > generally
> > > > we see developers use the lat/long returned by the browser or device.
>
> > > > One thing that might be useful to know is that we perform a reverse
> > > lookup
> > > > on the lat/long when we display the tweet, converting it to some textual
> > > > description like "SoMa, San Francisco", or "from here" as appropriate.
>
> > > > Hope that answers your question,
> > > > Matt
>
> > > > On Fri, Jun 11, 2010 at 6:41 AM, Bryan  wrote:
> > > > > Hey everyone, is there a way to geo-tweet with the API without knowing
> > > > > the Lat/Long? In other words, can I say "San Francisco, CA" or search
> > > > > for valid place_id's with this name? I'm trying to make my user
> > > > > interface as user-friendly as possible, and asking for lat/long for my
> > > > > userbase won't work. I also want to rely on as few as API's as
> > > > > possible, so I'd prefer not to run my name through Google's Map API
> > > > > and then through the reverse geocode API on twitters. Thanks.
>
> > > > --
>
> > > > Matt Harris
> > > > Developer Advocate, Twitterhttp://twitter.com/themattharris

Re: [twitter-dev] oauth status update returning error 401 invalid / used nonce

[Taylor Singletary]

We have a few (difficult to pin down) edge cases where we throw a "bad
nonce" error in an otherwise legit scenario -- often while we are under
heavy amounts of load.  Is this error consistent for you no matter what
nonce you use?

Do you know if your timestamp is aligned with the time indicated in an HTTP
header of our response to your requests?

While others have found complicated nonce values cause issues, your nonce
seems relatively tame in comparison to those who ran into those issues. Just
the same, I'd recommend you try a different nonce generation scheme, perhaps
one with an eye for simplicity.

Otherwise, your request seems structurally correct. What does your POST body
for this request look like? Do you receive the same error when you replace
your "%20" space character in your POST body with plus?

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Fri, Jun 11, 2010 at 2:48 PM, Craig  wrote:

> Hello,
>
> I have an iphone app that is using xauth.  I am able to obtain the
> access token with no problem at all.  When I go to post a status
> update, I receive an invalid / used nonce error.  It can't actually be
> a used nonce since I have checked this multiple times.  Here are the
> details of the post:
>
> url:
> http://api.twitter.com/1/statuses/update.xml
>
> signature base string:
> POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> %2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_nonce
> %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
> SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken
> %26oauth_version%3D1.0%26status%3Dmy%2520tweet
>
> Authorization header:
> OAuth oauth_nonce="397vi5Ug1YHC3UAVUAoB", oauth_signature_method="HMAC-
> SHA1", oauth_timestamp="1276292596",
> oauth_consumer_key="myconsumerkey", oauth_token="mytoken",
> oauth_signature="yOh2zQPGDBlVEP5cDWhjddQWTLc%3D", oauth_version="1.0"
>
> Content-Type:
> [request setValue:@"application/x-www-form-urlencoded"
> forHTTPHeaderField:@"Content-Type"];
>
> I can see no reason why this shouldn't work.  Any help would be
> greatly appreciated!
>
> Thanks,
> Craig
>

[twitter-dev] oauth status update returning error 401 invalid / used nonce

[Craig]

Hello,

I have an iphone app that is using xauth.  I am able to obtain the
access token with no problem at all.  When I go to post a status
update, I receive an invalid / used nonce error.  It can't actually be
a used nonce since I have checked this multiple times.  Here are the
details of the post:

url:
http://api.twitter.com/1/statuses/update.xml

signature base string:
POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
%2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_nonce
%3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken
%26oauth_version%3D1.0%26status%3Dmy%2520tweet

Authorization header:
OAuth oauth_nonce="397vi5Ug1YHC3UAVUAoB", oauth_signature_method="HMAC-
SHA1", oauth_timestamp="1276292596",
oauth_consumer_key="myconsumerkey", oauth_token="mytoken",
oauth_signature="yOh2zQPGDBlVEP5cDWhjddQWTLc%3D", oauth_version="1.0"

Content-Type:
[request setValue:@"application/x-www-form-urlencoded"
forHTTPHeaderField:@"Content-Type"];

I can see no reason why this shouldn't work.  Any help would be
greatly appreciated!

Thanks,
Craig

[twitter-dev] Re: OAuth "statuses/followers"

[Rick]

Hi Matt,

Thanks for your answer. I will use the refers in my script. On the
other hand, I got no solution for the cursor problem I currently have,
is there a solution for?

- Rick

On 11 jun, 16:06, Matt Harris  wrote:
> Hi Rick,
>
> Depending on what you are trying to obtain we recommend using the
> friends/ids [1] and followers/ids [2] methods in combination with the
> user/lookup [3] if you need more information about them.
>
> Also, you want to make sure you're client is using the
> api.twitter.comdomain and not
> twitter.com.
>
> Hope that helps,
> Matt
>
> 1.http://dev.twitter.com/doc/get/friends/ids
> 2.http://dev.twitter.com/doc/get/followers/ids
> 3.http://dev.twitter.com/doc/get/users/lookup
>
>
>
> On Fri, Jun 11, 2010 at 3:46 AM, Rick  wrote:
> > I hope somebody could help me with my problem regarding the Twitter
> > OAuth
>
> > If I use $oauth->get('statuses/followers'); I get the first 100
> > followers. If I use $oauth->get('statuses/followers', array('cursor'
> > => $cursor)); I have to use this code:
>
> >  > $cursor = -1;
> > $followers = $oauth->get('statuses/followers', array('cursor' =>
> > $cursor));
> > $totaal = count($followers);
>
> > while ($totaal > 1) {
> > for($x=0; $x<$totaal; $x++)     {
> >    if(preg_match("/^".date('D M d')." 0([3-9]{1}):([0-9]{2}):([0-9]
> > {2}) \+([0-9]{4}) ".date('Y')."/",$followers[$x]->status->created_at)
> > || $followers[$x]->protected) {
> > }
> > }
>
> > $cursor++;
>
> > $followers = $oauth->get('statuses/followers', array('cursor' =>
> > $cursor));
> > $totaal = count($followers);
>
> > ?>
>
> > But that seems not to get working. And without the cursor idea, I get
> > only the first 100 followers. Is there a easy solution for this?
>
> --
>
> Matt Harris
> Developer Advocate, Twitterhttp://twitter.com/themattharris

Re: [twitter-dev] tweet source shows 'Via API' for oAuth app???

[Harshad RJ]

On Sat, Jun 12, 2010 at 12:30 AM, srikanth reddy  wrote:

> I then verified my app's settings in dev.twitter.console and surprised to
> see that 'read only' option is set. I Changed this to 'read and write' and
> after that it seemed to work correctly.
>


Possibly related to this:
http://www.mail-archive.com/twitter-development-talk@googlegroups.com/msg21543.html

-- 
Harshad RJ
http://hrj.wikidot.com

[twitter-dev] Twitter Dictionary

[Unfair]

Perhaps not entirely on topic, but this seems like the best place to
ask:

Where do the dictionary definitions on http://twitter.com/home come
from - often defining an app and what it's used for?

Examples:
Twitter·for·iPhone
n. a new official Twitter app for your iPhone.

World·Cup
n. The largest sporting event in the world.

tweetbeat·World·Cup
n. a place to follow World Cup tweets.

Re: [twitter-dev] Re: Twitter People Search 2010

[Abraham Williams]

GET /users/search returns profile search results based on names,
screen_names, bios, etc so yes.

You can use a single account to authenticate but you might run into rate
limit issues. To avoid that you can have your users authenticate using OAuth
to do the searches.

Abraham
-
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


On Fri, Jun 11, 2010 at 11:42 AM, PhilGo20 wrote:

> Should I undeerstand that what we are trying to achieve is possible
> with current methods ?
>
> On 11 juin, 14:17, Abraham Williams <4bra...@gmail.com> wrote:
> > The thread is old and from before the API method was available.
> >
> > Abraham
> > -
> > Abraham Williams | Hacker Advocate |http://abrah.am
> > @abraham |http://projects.abrah.am|http://blog.abrah.am
> > This email is: [ ] shareable [x] ask first [ ] private.
> >
> > On Fri, Jun 11, 2010 at 10:15 AM, PhilGo20  >wrote:
> >
> >
> >
> > > I've seen the same topic already, but I am just wondering if there's
> > > been any update
> >
> > >http://groups.google.com/group/twitter-development-talk/browse_thread.
> ..
> >
> > > We are looking to integrate Twitter Profile results on our People
> > > Search site and would like to know if this is currently possible. We
> > > would basically pass a name and expect to get results mathing user
> > > name or full name for users.
> >
> > > It seems supported by the user/search method :
> > >http://dev.twitter.com/doc/get/users/search
> >
> > > I am just wondering why the previous thread creator was reply that it
> > > was not supported.
> >
> > > I understand the method requires authentification and would like to
> > > know if our client could be authentified and make the query on the
> > > user behalf, so this way he would not have to authentify himself to
> > > perform a search.
>

[twitter-dev] tweet source shows 'Via API' for oAuth app???

[srikanth reddy]

One of the users of my app has complained that he can see his tweets in my
app but cannot post the tweets. The tweets are shown blank and the source as
'via API'  in the web. He confirmed that they were not posted from any Basic
Auth app (he changed his password and tried my app)and his connections
(settings->connection from web) shows my app as the only app he has
authorized and it has 'read only access ' .
 I checked this with a different account which had earlier granted 'read and
write' access to my app . i revoked the access and tried to use my oAuth
app. Surprisingly twitter oauth login page displayed my app asking for read
access  (not 'read and update'). I then verified my app's settings in
dev.twitter.console and surprised to see that 'read only' option is set. I
Changed this to 'read and write' and after that it seemed to work correctly.
I have two questions
1) why was my app's setting changed to 'read only'
2) Is it possible (by mistake) that the source parameter for an oAuth app
change to' viaAPI' ?

Thanks in advance
Srikanth

[twitter-dev] Re: Twitter People Search 2010

[PhilGo20]

Should I undeerstand that what we are trying to achieve is possible
with current methods ?

On 11 juin, 14:17, Abraham Williams <4bra...@gmail.com> wrote:
> The thread is old and from before the API method was available.
>
> Abraham
> -
> Abraham Williams | Hacker Advocate |http://abrah.am
> @abraham |http://projects.abrah.am|http://blog.abrah.am
> This email is: [ ] shareable [x] ask first [ ] private.
>
> On Fri, Jun 11, 2010 at 10:15 AM, PhilGo20 wrote:
>
>
>
> > I've seen the same topic already, but I am just wondering if there's
> > been any update
>
> >http://groups.google.com/group/twitter-development-talk/browse_thread...
>
> > We are looking to integrate Twitter Profile results on our People
> > Search site and would like to know if this is currently possible. We
> > would basically pass a name and expect to get results mathing user
> > name or full name for users.
>
> > It seems supported by the user/search method :
> >http://dev.twitter.com/doc/get/users/search
>
> > I am just wondering why the previous thread creator was reply that it
> > was not supported.
>
> > I understand the method requires authentification and would like to
> > know if our client could be authentified and make the query on the
> > user behalf, so this way he would not have to authentify himself to
> > perform a search.

[twitter-dev] Re: [HELP!!!] Autologin using PHP + Oauth API

[lu5ceh]

I'm doing an application that tracks "statuses / home_timeline" of
users who follow a particular account. The idea would be a PHP script
to access that account and get these tweets

I USING THAT LIBRARY: http://github.com/abraham/twitteroauth


On 11 jun, 13:14, Matt Harris  wrote:
> > We don't provide a way to log a user into twitter.com through the  
> > API but you can, through OAuth, request permission to interact with  
> > a users account or perform actions on their behalf.
>
> > What is it you need to log the user into Twitter for?
>
> Matt Harris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> On Jun 11, 2010, at 16:54, lu5ceh  wrote:
>
> > I'm making a PHP script that automatically logs in a given Twitter
> > account. How I can do to make using the new API

Re: [twitter-dev] Twitter People Search 2010

[Abraham Williams]

The thread is old and from before the API method was available.

Abraham
-
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


On Fri, Jun 11, 2010 at 10:15 AM, PhilGo20 wrote:

> I've seen the same topic already, but I am just wondering if there's
> been any update
>
> http://groups.google.com/group/twitter-development-talk/browse_thread/thread/1a0b346ddd1a77b9/e6fd311e04558e08?lnk=gst&q=people+search#e6fd311e04558e08
>
>
> We are looking to integrate Twitter Profile results on our People
> Search site and would like to know if this is currently possible. We
> would basically pass a name and expect to get results mathing user
> name or full name for users.
>
> It seems supported by the user/search method :
> http://dev.twitter.com/doc/get/users/search
>
> I am just wondering why the previous thread creator was reply that it
> was not supported.
>
> I understand the method requires authentification and would like to
> know if our client could be authentified and make the query on the
> user behalf, so this way he would not have to authentify himself to
> perform a search.

Re: [twitter-dev] Problems with oauth request_token

[Leonardo Luceiro Meirelles]

Yes, I will generate a new pair of keys (I was aware of it when I put it on
the email), thanks for the reminder. So far I'm the only real user.

You help is really appreciate, I did two mistakes (well pointed out - in
case someone else fall in the same problem): timestamp in millis instead of
seconds and POST body (I was really send the post data).

Thanks a lot Taylor!


On Fri, Jun 11, 2010 at 10:19 AM, Taylor Singletary <
taylorsinglet...@twitter.com> wrote:

> First Leonardo,
>
> If that's your real consumer secret, you're going to want to go and
> regenerate your API keys *ASAP*.
>
> Looking at what you've sent along, it looks like you're pretty close to
> getting this right.
>
> Your timestamp is verbose as far as the OAuth standard is concerned -- it
> should be in seconds and not in milliseconds. Also ensure that your server
> time is in sync with Twitter's: we return our current server time in a
> header on every response.
>
> I notice you have your signature base string at the end of the email: is
> this being sent as a POST body or is it just in your email? It shouldn't be
> sent, if so.
>
> Taylor Singletary
> Developer Advocate, Twitter
> http://twitter.com/episod
>
>
> On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles <
> pite...@gmail.com> wrote:
>
>> Hello gentlemans,
>>
>> I'm working on a client twitter that uses HTTP proxy in Java. I struggling
>> with the OAuth request_token that returns me HTTP 401 Unauthorized.
>>
>> Consumer key="3P1dah6urSdAo9voKDJDA"
>>
>> twitterURL=[https://api.twitter.com/oauth/request_token]
>>
>> authorizationData=[OAuth realm="api.twitter.com",
>> oauth_callback="oob", oauth_consumer_key="3P1dah6urSdAo9voKDJDA",
>> oauth_nonce="901dc12600ac1cdbc082d57d4aef7bfc", 
>> oauth_signature_method="HMAC-SHA1",
>> oaut
>> h_timestamp="1276235403668", oauth_version="1.0",
>> oauth_signature="5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D"]
>>
>> basedata=[POST&https%3A%2F%2Fapi.twitter.com
>> %2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me
>> thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0]
>>
>> And it returns the error: errorStream=[Failed to validate oauth signature
>> and token]
>>
>> In order to check what I'm sending, I create a HttpListener and redirected
>> the "api.twitter.com"  to localhost:8000 and here is the header.
>>
>> Any suggestion is very welcome.
>>
>> POST /oauth/request_token HTTP/1.1
>> Authorization: OAuth realm="api.twitter.com", oauth_callback="oob",
>> oauth_consumer_key="3P1dah6urSdAo9voKDJDA",
>> oauth_nonce="2c449ca3c5a8637a8a9152d896c6d8bd",
>> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276236145594",
>> oauth_version="1.0",
>> oauth_signature="y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D"
>> User-Agent: Java/1.6.0_20
>> Host: localhost:8000
>> Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
>> Connection: keep-alive
>> Content-type: application/x-www-form-urlencoded
>> Content-Length: 266
>>
>>
>> POST&http%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau
>> th_version%3D1.0.
>>
>> Best regards,
>> Leo Meirelles
>>
>
>


-- 
Do you know the difference between look something amazing and touch it?
Think about Jennifer Aniston... (K.V.)

[twitter-dev] Twitter People Search 2010

[PhilGo20]

I've seen the same topic already, but I am just wondering if there's
been any update
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/1a0b346ddd1a77b9/e6fd311e04558e08?lnk=gst&q=people+search#e6fd311e04558e08


We are looking to integrate Twitter Profile results on our People
Search site and would like to know if this is currently possible. We
would basically pass a name and expect to get results mathing user
name or full name for users.

It seems supported by the user/search method : 
http://dev.twitter.com/doc/get/users/search

I am just wondering why the previous thread creator was reply that it
was not supported.

I understand the method requires authentification and would like to
know if our client could be authentified and make the query on the
user behalf, so this way he would not have to authentify himself to
perform a search.

Re: [twitter-dev] OAuth Base String generation

[Malayil George]

Thanks for the clarification Taylor


George


On Fri, Jun 11, 2010 at 10:14 AM, Taylor Singletary <
taylorsinglet...@twitter.com> wrote:

> It kind of depends on how you tilt your head and look at it sometimes.
>
> One way of looking at it is that POST body elements already are URL-encoded
> (at least when we're talking about "application/x-www-form-urlencoded" type
> bodies). When you send a POST request, you already must URL encode the body.
>
> This algorithm begins from the assumption that you've already prepared your
> POST body. I'll try to make that distinction clearer.
>
> Taylor
>
> On Thu, Jun 10, 2010 at 7:31 PM, Malayil George wrote:
>
>> Hi,
>>I've been trying to work through the OAuth steps presented at
>> http://dev.twitter.com/pages/auth#signing-requests . The psuedo-code for
>> base-string generation is given as
>>
>> httpMethod + "&" +
>>  url_encode(  base_uri ) + "&" +
>>  sorted_query_params.each  { | k, v |
>>  url_encode ( k ) + "%3D" +
>>  url_encode ( v )
>>  }.join("%26")
>>
>>  But, this doesn't seem to work with the params on the example. The
>> example has baseString = POST&https%3A%2F%2Fapi.twitter.com
>> %2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0
>>
>> With the above algorithm, wouldn't the baseString end up as
>> "...&oauth_callback%3Dhttp%3A%2F%2Flocalhost...%26oauth_consumer_key%3D..."?
>> The %3A seems to be getting encoded somehow to %253A in the example. I have
>> been able to get my result to match the example result by modifying the
>> algorithm to be
>>
>> httpMethod + "&" +
>>  url_encode(  base_uri ) + "&" +
>>  url_encode(sorted_query_params.each  { | k, v |
>>  url_encode ( k ) + "=" +
>>  url_encode ( v )
>>  }.join("&"))
>>
>>   Reading the comments at
>> http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/,
>>  it seems we should be doing a double url-encode? Is that right or am I
>> missing something (and this workaround is just working in this example)?
>>
>>
>> Regards
>> George
>>
>>
>>
>>
>>
>>
>

[twitter-dev] Re: Geo-caching Without Lat/Long

[Bryan]

Done. Any suggestions for the UTF encoding?

On Jun 11, 11:57 am, Abraham Williams <4bra...@gmail.com> wrote:
> Interestingly max_resuls=2 
> works:http://hurl.it/hurls/6521ca0d04a03b5c340682f275d8d013834b8518/8020ff7...
>
> Might as well file a bug 
> report:http://code.google.com/p/twitter-api/issues/list
>
> Abraham
> -
> Abraham Williams | Hacker Advocate |http://abrah.am
> @abraham |http://projects.abrah.am|http://blog.abrah.am
> This email is: [ ] shareable [x] ask first [ ] private.
>
>
>
> On Fri, Jun 11, 2010 at 09:48, Bryan  wrote:
> > Hey Abraham. The above example is dated. My point is appending
> > max_result=1 onto any verified result results in a 404:
>
> >http://hurl.it/hurls/08a6b684b494cab6138754d7b7470d9895968d59/88bbdc8...
>
> > is okay, but with max_results=1:
>
> >http://hurl.it/hurls/df8773b96e453cfd5426123c3ba4354fc2d96769/6d952ea...
>
> > returns a 404
>
> > Thanks for the link; that's a very useful tool!
>
> > On Jun 11, 11:40 am, Abraham Williams <4bra...@gmail.com> wrote:
> > > The lat/long you are passing to the API are in the Yellow Sea so Twitter
> > is
> > > 404ing as it does not have any places near there.
>
> > >http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b26...
>
> > > Abraham
> > > -
> > > Abraham Williams | Hacker Advocate |http://abrah.am
> > > @abraham |http://projects.abrah.am|http://blog.abrah.am
> > > This email is: [ ] shareable [x] ask first [ ] private.
>
> > > On Fri, Jun 11, 2010 at 07:28, Bryan  wrote:
> > > > Matt--
>
> > > > Okay thanks for the reply. I'm building a news aggregator so the goal
> > > > was to enter the location manually. Still, I'm having trouble with the
> > > > geo-coding method. I'm using Abraham's php library and I do the
> > > > following:
>
> > > >        $location = $connection->get('geo/reverse_geocode', array('lat'
> > =>
> > > > '37.75' , 'long' => '122.68'));
> > > >        echo $connection->http_code;
>
> > > > Which returns 404. $location->id is empty. Any thoughts as to what I'm
> > > > doing wrong?
>
> > > > On Jun 11, 9:21 am, Matt Harris  wrote:
> > > > > Hey Bryan,
>
> > > > > Status updates only accept lat/long or place_id. There isn't a way of
> > > > > providing plain text locations for these fields. If you wish to
> > display a
> > > > > textual representation of where someone is on your app you would need
> > to
> > > > > carry out a reverse geocode first.
>
> > > > > I don't know the method you are using to obtain the location but
> > > > generally
> > > > > we see developers use the lat/long returned by the browser or device.
>
> > > > > One thing that might be useful to know is that we perform a reverse
> > > > lookup
> > > > > on the lat/long when we display the tweet, converting it to some
> > textual
> > > > > description like "SoMa, San Francisco", or "from here" as
> > appropriate.
>
> > > > > Hope that answers your question,
> > > > > Matt
>
> > > > > On Fri, Jun 11, 2010 at 6:41 AM, Bryan  wrote:
> > > > > > Hey everyone, is there a way to geo-tweet with the API without
> > knowing
> > > > > > the Lat/Long? In other words, can I say "San Francisco, CA" or
> > search
> > > > > > for valid place_id's with this name? I'm trying to make my user
> > > > > > interface as user-friendly as possible, and asking for lat/long for
> > my
> > > > > > userbase won't work. I also want to rely on as few as API's as
> > > > > > possible, so I'd prefer not to run my name through Google's Map API
> > > > > > and then through the reverse geocode API on twitters. Thanks.
>
> > > > > --
>
> > > > > Matt Harris
> > > > > Developer Advocate, Twitterhttp://twitter.com/themattharris

Re: [twitter-dev] Re: Geo-caching Without Lat/Long

[Abraham Williams]

Interestingly max_resuls=2 works:
http://hurl.it/hurls/6521ca0d04a03b5c340682f275d8d013834b8518/8020ff7c547eab6c510b5f368375e8b01c1684b7

Might as well file a bug report:
http://code.google.com/p/twitter-api/issues/list

Abraham
-
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


On Fri, Jun 11, 2010 at 09:48, Bryan  wrote:

> Hey Abraham. The above example is dated. My point is appending
> max_result=1 onto any verified result results in a 404:
>
>
> http://hurl.it/hurls/08a6b684b494cab6138754d7b7470d9895968d59/88bbdc8743d17b7f3feb78094aba93098c592240
>
> is okay, but with max_results=1:
>
>
> http://hurl.it/hurls/df8773b96e453cfd5426123c3ba4354fc2d96769/6d952eaf331c0ecac3d8ec7d7fc9dc76d18e62d6
>
> returns a 404
>
> Thanks for the link; that's a very useful tool!
>
> On Jun 11, 11:40 am, Abraham Williams <4bra...@gmail.com> wrote:
> > The lat/long you are passing to the API are in the Yellow Sea so Twitter
> is
> > 404ing as it does not have any places near there.
> >
> > http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b26...
> >
> > Abraham
> > -
> > Abraham Williams | Hacker Advocate |http://abrah.am
> > @abraham |http://projects.abrah.am|http://blog.abrah.am
> > This email is: [ ] shareable [x] ask first [ ] private.
> >
> >
> >
> > On Fri, Jun 11, 2010 at 07:28, Bryan  wrote:
> > > Matt--
> >
> > > Okay thanks for the reply. I'm building a news aggregator so the goal
> > > was to enter the location manually. Still, I'm having trouble with the
> > > geo-coding method. I'm using Abraham's php library and I do the
> > > following:
> >
> > >$location = $connection->get('geo/reverse_geocode', array('lat'
> =>
> > > '37.75' , 'long' => '122.68'));
> > >echo $connection->http_code;
> >
> > > Which returns 404. $location->id is empty. Any thoughts as to what I'm
> > > doing wrong?
> >
> > > On Jun 11, 9:21 am, Matt Harris  wrote:
> > > > Hey Bryan,
> >
> > > > Status updates only accept lat/long or place_id. There isn't a way of
> > > > providing plain text locations for these fields. If you wish to
> display a
> > > > textual representation of where someone is on your app you would need
> to
> > > > carry out a reverse geocode first.
> >
> > > > I don't know the method you are using to obtain the location but
> > > generally
> > > > we see developers use the lat/long returned by the browser or device.
> >
> > > > One thing that might be useful to know is that we perform a reverse
> > > lookup
> > > > on the lat/long when we display the tweet, converting it to some
> textual
> > > > description like "SoMa, San Francisco", or "from here" as
> appropriate.
> >
> > > > Hope that answers your question,
> > > > Matt
> >
> > > > On Fri, Jun 11, 2010 at 6:41 AM, Bryan  wrote:
> > > > > Hey everyone, is there a way to geo-tweet with the API without
> knowing
> > > > > the Lat/Long? In other words, can I say "San Francisco, CA" or
> search
> > > > > for valid place_id's with this name? I'm trying to make my user
> > > > > interface as user-friendly as possible, and asking for lat/long for
> my
> > > > > userbase won't work. I also want to rely on as few as API's as
> > > > > possible, so I'd prefer not to run my name through Google's Map API
> > > > > and then through the reverse geocode API on twitters. Thanks.
> >
> > > > --
> >
> > > > Matt Harris
> > > > Developer Advocate, Twitterhttp://twitter.com/themattharris
>

[twitter-dev] What happens on July 1?

[Jose Castillo]

I have two apps on the App Store that had been implemented using Basic
Auth, and I'm naturally updating them to make use of OAuth. I've
submitted an update for one, but it's still waiting for review; the
other I hope to submit in the next few days.

Here's the question: If those updates don't get approved before the
OAuth deadline, what happens? Do the Basic Auth versions completely
stop working for the users that currently have them installed? Will
calls authenticated with Basic Auth throw a certain error code? Will
there be some sort of "grace period?"

Especially with the iPhone 4 launch later this month, I'm worried that
queue times for approval may be an issue, and I haven't seen any solid
word on what happens when Basic Auth becomes unsupported.

Thanks!

[twitter-dev] Re: Geo-caching Without Lat/Long

[Bryan]

Hey Abraham. The above example is dated. My point is appending
max_result=1 onto any verified result results in a 404:

http://hurl.it/hurls/08a6b684b494cab6138754d7b7470d9895968d59/88bbdc8743d17b7f3feb78094aba93098c592240

is okay, but with max_results=1:

http://hurl.it/hurls/df8773b96e453cfd5426123c3ba4354fc2d96769/6d952eaf331c0ecac3d8ec7d7fc9dc76d18e62d6

returns a 404

Thanks for the link; that's a very useful tool!

On Jun 11, 11:40 am, Abraham Williams <4bra...@gmail.com> wrote:
> The lat/long you are passing to the API are in the Yellow Sea so Twitter is
> 404ing as it does not have any places near there.
>
> http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b26...
>
> Abraham
> -
> Abraham Williams | Hacker Advocate |http://abrah.am
> @abraham |http://projects.abrah.am|http://blog.abrah.am
> This email is: [ ] shareable [x] ask first [ ] private.
>
>
>
> On Fri, Jun 11, 2010 at 07:28, Bryan  wrote:
> > Matt--
>
> > Okay thanks for the reply. I'm building a news aggregator so the goal
> > was to enter the location manually. Still, I'm having trouble with the
> > geo-coding method. I'm using Abraham's php library and I do the
> > following:
>
> >        $location = $connection->get('geo/reverse_geocode', array('lat' =>
> > '37.75' , 'long' => '122.68'));
> >        echo $connection->http_code;
>
> > Which returns 404. $location->id is empty. Any thoughts as to what I'm
> > doing wrong?
>
> > On Jun 11, 9:21 am, Matt Harris  wrote:
> > > Hey Bryan,
>
> > > Status updates only accept lat/long or place_id. There isn't a way of
> > > providing plain text locations for these fields. If you wish to display a
> > > textual representation of where someone is on your app you would need to
> > > carry out a reverse geocode first.
>
> > > I don't know the method you are using to obtain the location but
> > generally
> > > we see developers use the lat/long returned by the browser or device.
>
> > > One thing that might be useful to know is that we perform a reverse
> > lookup
> > > on the lat/long when we display the tweet, converting it to some textual
> > > description like "SoMa, San Francisco", or "from here" as appropriate.
>
> > > Hope that answers your question,
> > > Matt
>
> > > On Fri, Jun 11, 2010 at 6:41 AM, Bryan  wrote:
> > > > Hey everyone, is there a way to geo-tweet with the API without knowing
> > > > the Lat/Long? In other words, can I say "San Francisco, CA" or search
> > > > for valid place_id's with this name? I'm trying to make my user
> > > > interface as user-friendly as possible, and asking for lat/long for my
> > > > userbase won't work. I also want to rely on as few as API's as
> > > > possible, so I'd prefer not to run my name through Google's Map API
> > > > and then through the reverse geocode API on twitters. Thanks.
>
> > > --
>
> > > Matt Harris
> > > Developer Advocate, Twitterhttp://twitter.com/themattharris

Re: [twitter-dev] Re: Geo-caching Without Lat/Long

[Abraham Williams]

The lat/long you are passing to the API are in the Yellow Sea so Twitter is
404ing as it does not have any places near there.

http://hurl.it/hurls/db27e3e9bce56f7f9a8209b935af6a25d5fa5677/2775b260053e31ce25c46a87d56ced51f8583b43

Abraham
-
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


On Fri, Jun 11, 2010 at 07:28, Bryan  wrote:

> Matt--
>
> Okay thanks for the reply. I'm building a news aggregator so the goal
> was to enter the location manually. Still, I'm having trouble with the
> geo-coding method. I'm using Abraham's php library and I do the
> following:
>
>$location = $connection->get('geo/reverse_geocode', array('lat' =>
> '37.75' , 'long' => '122.68'));
>echo $connection->http_code;
>
> Which returns 404. $location->id is empty. Any thoughts as to what I'm
> doing wrong?
>
> On Jun 11, 9:21 am, Matt Harris  wrote:
> > Hey Bryan,
> >
> > Status updates only accept lat/long or place_id. There isn't a way of
> > providing plain text locations for these fields. If you wish to display a
> > textual representation of where someone is on your app you would need to
> > carry out a reverse geocode first.
> >
> > I don't know the method you are using to obtain the location but
> generally
> > we see developers use the lat/long returned by the browser or device.
> >
> > One thing that might be useful to know is that we perform a reverse
> lookup
> > on the lat/long when we display the tweet, converting it to some textual
> > description like "SoMa, San Francisco", or "from here" as appropriate.
> >
> > Hope that answers your question,
> > Matt
> >
> > On Fri, Jun 11, 2010 at 6:41 AM, Bryan  wrote:
> > > Hey everyone, is there a way to geo-tweet with the API without knowing
> > > the Lat/Long? In other words, can I say "San Francisco, CA" or search
> > > for valid place_id's with this name? I'm trying to make my user
> > > interface as user-friendly as possible, and asking for lat/long for my
> > > userbase won't work. I also want to rely on as few as API's as
> > > possible, so I'd prefer not to run my name through Google's Map API
> > > and then through the reverse geocode API on twitters. Thanks.
> >
> > --
> >
> > Matt Harris
> > Developer Advocate, Twitterhttp://twitter.com/themattharris
>

[twitter-dev] oAuth and Direct Message

[ds]

I am having trouble sending a direct message with:
http://api.twitter.com/1/direct_messages/new.xml

I have been able to successfully post status updates with my code
using oAuth.
I have a java based custom application that is working fine for these
updates.

When trying to post a direct message I get 402 errors with "incorrect
signature".

Basically I am using the same signature generation as update except I
replace
status with text and add user at the bottom of signature generation.
Just like
the oAuth example page on twitter.

Then I pass the two parameters in the request body.

I also tried moving everything to url parameters but got the same
error.

Is there anything special about parameters for direct message when
using
oAuth?

Does it sound like I am doing this correctly with my post/body method?

Thanks,
...Dave

[twitter-dev] Re: What tools do you use?

[nischalshetty]

I created http://JustUnfollow.com

It's built on Java and hosted on the Google App Engine.

Twitter4j is the twitter API for java that I make use of ( http://twitter4j.org
)

-Nischal

On Jun 11, 1:06 am, "@IDisposable"  wrote:
> Using:
>  ASP.Net 3.5 with MVC 2.0  http://asp.net/mvc
>  C#
>  Microsoft SQL Server 2008
>
> Twitter
>  LinqToTwitterhttp://linqtotwitter.codeplex.com(thanks @JoeMayo)
>  dotNetOAuth for oAuthhttp://code.google.com/p/dotnetoauth/(thanks
> @AArnott)
>  Newtonsoft JSON.Net for 
> JSONhttp://james.newtonking.com/projects/json-net.aspx
> (
>
> Framework
>  xUnit unit-text platformhttp://xunit.codeplex.com/(thanks
> @bradwilson)
>  nInject dependency injectionhttp://ninject.org(thanks @nhokari)
>  Log4Net for logginghttp://logging.apache.org/log4net/
>  MOQ for mockinghttp://code.google.com/p/moq/(thanks @kzu)
>  Automapper for DTO to VM mappinghttp://automapper.codeplex.com/
> (thanks @ehexter)
>
> UI
>  jQuery for WebUI magichttp://jquery.com/
>
> Link Scraping / MetaData
>  HTML Agility Pack for metadatahttp://htmlagilitypack.codeplex.com/'
>  Flickr REST API for photohttp://www.flickr.com/services/api/
>  OEmbed REST API for embeddinghttp://oembed.com/
>  TweetPhoto REST API for photohttp://tweetphotoapi.com/
>  TwitPic REST API for photohttp://twitpic.com/api.do
>  YFrog REST API for photo/videohttp://code.google.com/p/imageshackapi/
>  Vimeo REST API for videohttp://www.vimeo.com/api
>  Google DATA API for YouTube metadatahttp://code.google.com/apis/gdata/
>  (inhouse tons of special logic for frame-busting, etc)
>
> Link Canonicalization
>  Bit.Ly REST APIhttp://code.google.com/p/bitly-api/wiki/ApiDocumentation
>  Digg REST APIhttp://apidoc.digg.com/
>  IS.GD REST APIhttp://is.gd/api_info.php
>  Owl.Ly REST APIhttp://ow.ly/url/shorten-url(apply at bottom)
>  Snurl/SnipUrl REST APIhttp://snipurl.com/site/help?go=api
>  Twurl .NL/.CC Tweetburner REST APIhttp://tweetburner.com/api
>  StumbleUpon SU.PR REST [good luck, sorry]
>  Untiny.Me REST API for [all others]http://untiny.me/api/(thanks
> @alzaid @untiny)
>
> Marc Brooks
> Hack Prime 
> @Infuzhttp://infuz.comhttp://stltweets.comhttp://buzzradius.comhttp://musingmarc.blogspot.com

[twitter-dev] Re: Geo-caching Without Lat/Long

[Bryan]

Ahh I see. Thank you. I hope you don't mind the barrage of questions
but I have 2 more. For starters, max_results=1 doesn't appear to work.
When I append it to any valid url, I get a 404 status return. Second,
I'm having no luck with UTF encoding. I wish to encode my string to
take advantage of the ellipsis (...) as a single character to save my
precious 140.

Now, when I use php's built in utf8_encode function as such:
utf8_encode("$title...$url");, only the url gets tweeted. I know I
wrote ... here, but I used the ellipsis character in my php source.

Also, the old documentation says that utf encoded tweets are escaped
with two additional characters <> that DO take away from the 140
limit. The new documentation hints at the opposite. What's the
verdict?

Thanks Matt!

On Jun 11, 10:56 am, Matt Harris  wrote:
> Hi Bryan
>
> The geo/reverse_geocode method only supports json so make sure you are  
> using that and not XML.
>
> Also, the method doesn't require authorisation so there is no need to  
> send the oauth tokens.
>
> Hope that helps,
>
> Matt Harris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> On Jun 11, 2010, at 15:28, Bryan  wrote:
>
>
>
> > Matt--
>
> > Okay thanks for the reply. I'm building a news aggregator so the goal
> > was to enter the location manually. Still, I'm having trouble with the
> > geo-coding method. I'm using Abraham's php library and I do the
> > following:
>
> >    $location = $connection->get('geo/reverse_geocode', array('lat' =>
> > '37.75' , 'long' => '122.68'));
> >    echo $connection->http_code;
>
> > Which returns 404. $location->id is empty. Any thoughts as to what I'm
> > doing wrong?
>
> > On Jun 11, 9:21 am, Matt Harris  wrote:
> >> Hey Bryan,
>
> >> Status updates only accept lat/long or place_id. There isn't a way of
> >> providing plain text locations for these fields. If you wish to  
> >> display a
> >> textual representation of where someone is on your app you would  
> >> need to
> >> carry out a reverse geocode first.
>
> >> I don't know the method you are using to obtain the location but  
> >> generally
> >> we see developers use the lat/long returned by the browser or device.
>
> >> One thing that might be useful to know is that we perform a reverse  
> >> lookup
> >> on the lat/long when we display the tweet, converting it to some  
> >> textual
> >> description like "SoMa, San Francisco", or "from here" as  
> >> appropriate.
>
> >> Hope that answers your question,
> >> Matt
>
> >> On Fri, Jun 11, 2010 at 6:41 AM, Bryan  wrote:
> >>> Hey everyone, is there a way to geo-tweet with the API without  
> >>> knowing
> >>> the Lat/Long? In other words, can I say "San Francisco, CA" or  
> >>> search
> >>> for valid place_id's with this name? I'm trying to make my user
> >>> interface as user-friendly as possible, and asking for lat/long  
> >>> for my
> >>> userbase won't work. I also want to rely on as few as API's as
> >>> possible, so I'd prefer not to run my name through Google's Map API
> >>> and then through the reverse geocode API on twitters. Thanks.
>
> >> --
>
> >> Matt Harris
> >> Developer Advocate, Twitterhttp://twitter.com/themattharris

Re: [twitter-dev] [HELP!!!] Autologin using PHP + Oauth API

[Matt Harris]

We don't provide a way to log a user into twitter.com through the  
API but you can, through OAuth, request permission to interact with  
a users account or perform actions on their behalf.


What is it you need to log the user into Twitter for?


Matt Harris
Developer Advocate, Twitter
http://twitter.com/themattharris

On Jun 11, 2010, at 16:54, lu5ceh  wrote:


I'm making a PHP script that automatically logs in a given Twitter
account. How I can do to make using the new API

[twitter-dev] Re: tco crawler details

[Dewald Pretorius]

My guess is that Twitter uses the Google SafeBrowsing API, in addition
to other blacklist APIs.

http://code.google.com/apis/safebrowsing/

Google SafeBrowsing is basically two databases, which you can host
locally, and are constantly updated by Google. One database consists
of potential phishing addresses and the other one contains potential
malware addresses.

You do lookups against these databases. You don't visit the actual
destination site. The same applies to other blacklist databases.

That's why there is no need to check for a tco user agent or IP
address. Tco never visits or crawls your site. It simply redirects the
user's browser to your site.

Re: [twitter-dev] Re: Geo-caching Without Lat/Long

[Matt Harris]

Hi Bryan

The geo/reverse_geocode method only supports json so make sure you are  
using that and not XML.


Also, the method doesn't require authorisation so there is no need to  
send the oauth tokens.


Hope that helps,

Matt Harris
Developer Advocate, Twitter
http://twitter.com/themattharris

On Jun 11, 2010, at 15:28, Bryan  wrote:


Matt--

Okay thanks for the reply. I'm building a news aggregator so the goal
was to enter the location manually. Still, I'm having trouble with the
geo-coding method. I'm using Abraham's php library and I do the
following:

   $location = $connection->get('geo/reverse_geocode', array('lat' =>
'37.75' , 'long' => '122.68'));
   echo $connection->http_code;

Which returns 404. $location->id is empty. Any thoughts as to what I'm
doing wrong?

On Jun 11, 9:21 am, Matt Harris  wrote:

Hey Bryan,

Status updates only accept lat/long or place_id. There isn't a way of
providing plain text locations for these fields. If you wish to  
display a
textual representation of where someone is on your app you would  
need to

carry out a reverse geocode first.

I don't know the method you are using to obtain the location but  
generally

we see developers use the lat/long returned by the browser or device.

One thing that might be useful to know is that we perform a reverse  
lookup
on the lat/long when we display the tweet, converting it to some  
textual
description like "SoMa, San Francisco", or "from here" as  
appropriate.


Hope that answers your question,
Matt

On Fri, Jun 11, 2010 at 6:41 AM, Bryan  wrote:
Hey everyone, is there a way to geo-tweet with the API without  
knowing
the Lat/Long? In other words, can I say "San Francisco, CA" or  
search

for valid place_id's with this name? I'm trying to make my user
interface as user-friendly as possible, and asking for lat/long  
for my

userbase won't work. I also want to rely on as few as API's as
possible, so I'd prefer not to run my name through Google's Map API
and then through the reverse geocode API on twitters. Thanks.


--

Matt Harris
Developer Advocate, Twitterhttp://twitter.com/themattharris

[twitter-dev] [HELP!!!] Autologin using PHP + Oauth API

[lu5ceh]

I'm making a PHP script that automatically logs in a given Twitter
account. How I can do to make using the new API

[twitter-dev] Re: Geo-caching Without Lat/Long

[Bryan]

Matt--

Okay thanks for the reply. I'm building a news aggregator so the goal
was to enter the location manually. Still, I'm having trouble with the
geo-coding method. I'm using Abraham's php library and I do the
following:

$location = $connection->get('geo/reverse_geocode', array('lat' =>
'37.75' , 'long' => '122.68'));
echo $connection->http_code;

Which returns 404. $location->id is empty. Any thoughts as to what I'm
doing wrong?

On Jun 11, 9:21 am, Matt Harris  wrote:
> Hey Bryan,
>
> Status updates only accept lat/long or place_id. There isn't a way of
> providing plain text locations for these fields. If you wish to display a
> textual representation of where someone is on your app you would need to
> carry out a reverse geocode first.
>
> I don't know the method you are using to obtain the location but generally
> we see developers use the lat/long returned by the browser or device.
>
> One thing that might be useful to know is that we perform a reverse lookup
> on the lat/long when we display the tweet, converting it to some textual
> description like "SoMa, San Francisco", or "from here" as appropriate.
>
> Hope that answers your question,
> Matt
>
> On Fri, Jun 11, 2010 at 6:41 AM, Bryan  wrote:
> > Hey everyone, is there a way to geo-tweet with the API without knowing
> > the Lat/Long? In other words, can I say "San Francisco, CA" or search
> > for valid place_id's with this name? I'm trying to make my user
> > interface as user-friendly as possible, and asking for lat/long for my
> > userbase won't work. I also want to rely on as few as API's as
> > possible, so I'd prefer not to run my name through Google's Map API
> > and then through the reverse geocode API on twitters. Thanks.
>
> --
>
> Matt Harris
> Developer Advocate, Twitterhttp://twitter.com/themattharris

[twitter-dev] Re: List of users who have authorized my application with OAuth

[Rahul]

Definitely, i can do that, but good to have this feature added to the
library so that i don't have to make calls and stuff if creating some
plugins for firefox etc.

Thanks,
Rahul

On Jun 11, 10:27 am, Taylor Singletary 
wrote:
> No there is not a way at to do at this time. If you're interested in those
> kind of pieces of information, you can track them yourself after consuming
> access tokens.
>
> Taylor Singletary
> Developer Advocate, Twitterhttp://twitter.com/episod
>
>
>
> On Fri, Jun 11, 2010 at 7:20 AM, Rahul  wrote:
> > I have a question about OAuth on twitter api. Suppose i have made an
> > pplication in twitter and i used OAuth to authorize users. User
> > Authorize their twitter accounts and give permissions to my app. Is
> > there any way i can get the list of user who have authorize my
> > application.
>
> > Any pointers are appreciated.
>
> > Thanks,
> > Rahul

Re: [twitter-dev] List of users who have authorized my application with OAuth

[Bernd Stramm]

On Fri, 11 Jun 2010 07:20:12 -0700 (PDT)
Rahul  wrote:

> I have a question about OAuth on twitter api. Suppose i have made an
> pplication in twitter and i used OAuth to authorize users. User
> Authorize their twitter accounts and give permissions to my app. Is
> there any way i can get the list of user who have authorize my
> application.

Along the same lines: for my case, I don't particularly care about the
identity of users, but it could be interesting to just know the number
of users.

-- 
Bernd Stramm

Re: [twitter-dev] List of users who have authorized my application with OAuth

[Taylor Singletary]

No there is not a way at to do at this time. If you're interested in those
kind of pieces of information, you can track them yourself after consuming
access tokens.

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Fri, Jun 11, 2010 at 7:20 AM, Rahul  wrote:

> I have a question about OAuth on twitter api. Suppose i have made an
> pplication in twitter and i used OAuth to authorize users. User
> Authorize their twitter accounts and give permissions to my app. Is
> there any way i can get the list of user who have authorize my
> application.
>
> Any pointers are appreciated.
>
> Thanks,
> Rahul
>

Re: [twitter-dev] Geo-caching Without Lat/Long

[Matt Harris]

Hey Bryan,

Status updates only accept lat/long or place_id. There isn't a way of
providing plain text locations for these fields. If you wish to display a
textual representation of where someone is on your app you would need to
carry out a reverse geocode first.

I don't know the method you are using to obtain the location but generally
we see developers use the lat/long returned by the browser or device.

One thing that might be useful to know is that we perform a reverse lookup
on the lat/long when we display the tweet, converting it to some textual
description like "SoMa, San Francisco", or "from here" as appropriate.

Hope that answers your question,
Matt

On Fri, Jun 11, 2010 at 6:41 AM, Bryan  wrote:

> Hey everyone, is there a way to geo-tweet with the API without knowing
> the Lat/Long? In other words, can I say "San Francisco, CA" or search
> for valid place_id's with this name? I'm trying to make my user
> interface as user-friendly as possible, and asking for lat/long for my
> userbase won't work. I also want to rely on as few as API's as
> possible, so I'd prefer not to run my name through Google's Map API
> and then through the reverse geocode API on twitters. Thanks.
>



-- 


Matt Harris
Developer Advocate, Twitter
http://twitter.com/themattharris

[twitter-dev] List of users who have authorized my application with OAuth

[Rahul]

I have a question about OAuth on twitter api. Suppose i have made an
pplication in twitter and i used OAuth to authorize users. User
Authorize their twitter accounts and give permissions to my app. Is
there any way i can get the list of user who have authorize my
application.

Any pointers are appreciated.

Thanks,
Rahul

Re: [twitter-dev] Problems with oauth request_token

[Taylor Singletary]

First Leonardo,

If that's your real consumer secret, you're going to want to go and
regenerate your API keys *ASAP*.

Looking at what you've sent along, it looks like you're pretty close to
getting this right.

Your timestamp is verbose as far as the OAuth standard is concerned -- it
should be in seconds and not in milliseconds. Also ensure that your server
time is in sync with Twitter's: we return our current server time in a
header on every response.

I notice you have your signature base string at the end of the email: is
this being sent as a POST body or is it just in your email? It shouldn't be
sent, if so.

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Thu, Jun 10, 2010 at 11:04 PM, Leonardo Luceiro Meirelles <
pite...@gmail.com> wrote:

> Hello gentlemans,
>
> I'm working on a client twitter that uses HTTP proxy in Java. I struggling
> with the OAuth request_token that returns me HTTP 401 Unauthorized.
>
> Consumer key="3P1dah6urSdAo9voKDJDA"
>
> twitterURL=[https://api.twitter.com/oauth/request_token]
>
> authorizationData=[OAuth realm="api.twitter.com",
> oauth_callback="oob", oauth_consumer_key="3P1dah6urSdAo9voKDJDA",
> oauth_nonce="901dc12600ac1cdbc082d57d4aef7bfc", 
> oauth_signature_method="HMAC-SHA1",
> oaut
> h_timestamp="1276235403668", oauth_version="1.0",
> oauth_signature="5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D"]
>
> basedata=[POST&https%3A%2F%2Fapi.twitter.com
> %2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me
> thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0]
>
> And it returns the error: errorStream=[Failed to validate oauth signature
> and token]
>
> In order to check what I'm sending, I create a HttpListener and redirected
> the "api.twitter.com"  to localhost:8000 and here is the header.
>
> Any suggestion is very welcome.
>
> POST /oauth/request_token HTTP/1.1
> Authorization: OAuth realm="api.twitter.com", oauth_callback="oob",
> oauth_consumer_key="3P1dah6urSdAo9voKDJDA",
> oauth_nonce="2c449ca3c5a8637a8a9152d896c6d8bd",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276236145594",
> oauth_version="1.0",
> oauth_signature="y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D"
> User-Agent: Java/1.6.0_20
> Host: localhost:8000
> Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
> Connection: keep-alive
> Content-type: application/x-www-form-urlencoded
> Content-Length: 266
>
>
> POST&http%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau
> th_version%3D1.0.
>
> Best regards,
> Leo Meirelles
>

Re: [twitter-dev] OAuth Base String generation

[Taylor Singletary]

It kind of depends on how you tilt your head and look at it sometimes.

One way of looking at it is that POST body elements already are URL-encoded
(at least when we're talking about "application/x-www-form-urlencoded" type
bodies). When you send a POST request, you already must URL encode the body.

This algorithm begins from the assumption that you've already prepared your
POST body. I'll try to make that distinction clearer.

Taylor

On Thu, Jun 10, 2010 at 7:31 PM, Malayil George  wrote:

> Hi,
>I've been trying to work through the OAuth steps presented at
> http://dev.twitter.com/pages/auth#signing-requests . The psuedo-code for
> base-string generation is given as
>
> httpMethod + "&" +
>  url_encode(  base_uri ) + "&" +
>  sorted_query_params.each  { | k, v |
>  url_encode ( k ) + "%3D" +
>  url_encode ( v )
>  }.join("%26")
>
>  But, this doesn't seem to work with the params on the example. The example
> has baseString = POST&https%3A%2F%2Fapi.twitter.com
> %2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0
>
> With the above algorithm, wouldn't the baseString end up as
> "...&oauth_callback%3Dhttp%3A%2F%2Flocalhost...%26oauth_consumer_key%3D..."?
> The %3A seems to be getting encoded somehow to %253A in the example. I have
> been able to get my result to match the example result by modifying the
> algorithm to be
>
> httpMethod + "&" +
>  url_encode(  base_uri ) + "&" +
>  url_encode(sorted_query_params.each  { | k, v |
>  url_encode ( k ) + "=" +
>  url_encode ( v )
>  }.join("&"))
>
>   Reading the comments at
> http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/,
>  it seems we should be doing a double url-encode? Is that right or am I
> missing something (and this workaround is just working in this example)?
>
>
> Regards
> George
>
>
>
>
>
>

Re: [twitter-dev] OAuth "statuses/followers"

[Matt Harris]

Hi Rick,

Depending on what you are trying to obtain we recommend using the
friends/ids [1] and followers/ids [2] methods in combination with the
user/lookup [3] if you need more information about them.

Also, you want to make sure you're client is using the
api.twitter.comdomain and not
twitter.com.

Hope that helps,
Matt

1. http://dev.twitter.com/doc/get/friends/ids
2. http://dev.twitter.com/doc/get/followers/ids
3. http://dev.twitter.com/doc/get/users/lookup


On Fri, Jun 11, 2010 at 3:46 AM, Rick  wrote:

> I hope somebody could help me with my problem regarding the Twitter
> OAuth
>
> If I use $oauth->get('statuses/followers'); I get the first 100
> followers. If I use $oauth->get('statuses/followers', array('cursor'
> => $cursor)); I have to use this code:
>
>  $cursor = -1;
> $followers = $oauth->get('statuses/followers', array('cursor' =>
> $cursor));
> $totaal = count($followers);
>
> while ($totaal > 1) {
> for($x=0; $x<$totaal; $x++) {
>if(preg_match("/^".date('D M d')." 0([3-9]{1}):([0-9]{2}):([0-9]
> {2}) \+([0-9]{4}) ".date('Y')."/",$followers[$x]->status->created_at)
> || $followers[$x]->protected) {
> }
> }
>
> $cursor++;
>
> $followers = $oauth->get('statuses/followers', array('cursor' =>
> $cursor));
> $totaal = count($followers);
>
> ?>
>
> But that seems not to get working. And without the cursor idea, I get
> only the first 100 followers. Is there a easy solution for this?
>



-- 


Matt Harris
Developer Advocate, Twitter
http://twitter.com/themattharris

[twitter-dev] Geo-caching Without Lat/Long

[Bryan]

Hey everyone, is there a way to geo-tweet with the API without knowing
the Lat/Long? In other words, can I say "San Francisco, CA" or search
for valid place_id's with this name? I'm trying to make my user
interface as user-friendly as possible, and asking for lat/long for my
userbase won't work. I also want to rely on as few as API's as
possible, so I'd prefer not to run my name through Google's Map API
and then through the reverse geocode API on twitters. Thanks.

[twitter-dev] Problems with oauth request_token

[Leonardo Luceiro Meirelles]

Hello gentlemans,

I'm working on a client twitter that uses HTTP proxy in Java. I struggling with 
the OAuth request_token that returns me HTTP 401 Unauthorized.

Consumer key="3P1dah6urSdAo9voKDJDA"
Consumer secret="kMYprvWb0UQ0L8oAin2dQJArUQfMcjuVSjOjyHzTv8E&" <-- I already 
added the "&" in the end of it

twitterURL=[https://api.twitter.com/oauth/request_token]

authorizationData=[OAuth realm="api.twitter.com", oauth_callback="oob", 
oauth_consumer_key="3P1dah6urSdAo9voKDJDA", 
oauth_nonce="901dc12600ac1cdbc082d57d4aef7bfc", 
oauth_signature_method="HMAC-SHA1", oaut
h_timestamp="1276235403668", oauth_version="1.0", 
oauth_signature="5t6Fw%2BSs1JgkaaHjfOtGFpotWMw%3D"]

basedata=[POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D901dc12600ac1cdbc082d57d4aef7bfc%26oauth_signature_me
thod%3DHMAC-SHA1%26oauth_timestamp%3D1276235403668%26oauth_version%3D1.0]

And it returns the error: errorStream=[Failed to validate oauth signature and 
token]

In order to check what I'm sending, I create a HttpListener and redirected the 
"api.twitter.com"  to localhost:8000 and here is the header.

Any suggestion is very welcome.

POST /oauth/request_token HTTP/1.1
Authorization: OAuth realm="api.twitter.com", oauth_callback="oob", 
oauth_consumer_key="3P1dah6urSdAo9voKDJDA", 
oauth_nonce="2c449ca3c5a8637a8a9152d896c6d8bd", 
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276236145594", 
oauth_version="1.0", 
oauth_signature="y%2BstT1OQgJBRKLZ%2BR4K15TM4fGw%3D"
User-Agent: Java/1.6.0_20
Host: localhost:8000
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-type: application/x-www-form-urlencoded
Content-Length: 266

POST&http%3A%2F%2Flocalhost%3A8000%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D3P1dah6urSdAo9voKDJDA%26oauth_nonce%3D2c449ca3c5a8637a8a9152d896c6d8bd%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276236145594%26oau
th_version%3D1.0.

Best regards,
Leo Meirelles

[twitter-dev] OAuth "statuses/followers"

[Rick]

I hope somebody could help me with my problem regarding the Twitter
OAuth

If I use $oauth->get('statuses/followers'); I get the first 100
followers. If I use $oauth->get('statuses/followers', array('cursor'
=> $cursor)); I have to use this code:

get('statuses/followers', array('cursor' =>
$cursor));
$totaal = count($followers);

while ($totaal > 1) {
for($x=0; $x<$totaal; $x++) {
if(preg_match("/^".date('D M d')." 0([3-9]{1}):([0-9]{2}):([0-9]
{2}) \+([0-9]{4}) ".date('Y')."/",$followers[$x]->status->created_at)
|| $followers[$x]->protected) {
}
}

$cursor++;

$followers = $oauth->get('statuses/followers', array('cursor' =>
$cursor));
$totaal = count($followers);

?>

But that seems not to get working. And without the cursor idea, I get
only the first 100 followers. Is there a easy solution for this?

[twitter-dev] OAuth Base String generation

[Malayil George]

Hi,
   I've been trying to work through the OAuth steps presented at
http://dev.twitter.com/pages/auth#signing-requests . The psuedo-code for
base-string generation is given as

httpMethod + "&" +
 url_encode(  base_uri ) + "&" +
 sorted_query_params.each  { | k, v |
 url_encode ( k ) + "%3D" +
 url_encode ( v )
 }.join("%26")

 But, this doesn't seem to work with the params on the example. The example
has baseString = POST&https%3A%2F%2Fapi.twitter.com
%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0

With the above algorithm, wouldn't the baseString end up as
"...&oauth_callback%3Dhttp%3A%2F%2Flocalhost...%26oauth_consumer_key%3D..."?
The %3A seems to be getting encoded somehow to %253A in the example. I have
been able to get my result to match the example result by modifying the
algorithm to be

httpMethod + "&" +
 url_encode(  base_uri ) + "&" +
 url_encode(sorted_query_params.each  { | k, v |
 url_encode ( k ) + "=" +
 url_encode ( v )
 }.join("&"))

  Reading the comments at
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/,
it seems we should be doing a double url-encode? Is that right or am I
missing something (and this workaround is just working in this example)?


Regards
George

Re: [twitter-dev] tco crawler details

[John Kalucki]

We've already been checking for bad links now for at least a year, if
not 18 months. It's been so long, I can't remember when it went into
production. Link checking seems to work very well.

-John Kalucki
http://twitter.com/jkalucki
Infrastructure, Twitter Inc.



On Fri, Jun 11, 2010 at 6:21 AM, Dean Collins  wrote:
> Of course it is.
>
>
>
> Twitter were asked what “defines” a “bad” site on the second day but I
> haven’t seen a reply apart from more questions about who is making the
> choice, eg will pornography be classed as “bad”, will religious free speech
> be classed as “bad”.
>
>
>
> I don’t think the Twitheads thought through what it means to now offer an
> “aol” version of the web and the long term responsibilities that this
> entails through implicit guarantees to their users.
>
>
>
> Of course Ken you don’t expect them to publish their ip address list do
> you….otherwise some smartass would route this ip address to a “clean” site
> and everyone else to the “bad” content.
>
>
>
>
>
> Regards,
>
> Dean Collins
> Cognation Inc
> d...@cognation.net
> +1-212-203-4357   New York
> +61-2-9016-5642   (Sydney in-dial).
> +44-20-3129-6001 (London in-dial).
>
> 
>
> From: twitter-development-talk@googlegroups.com
> [mailto:twitter-development-t...@googlegroups.com] On Behalf Of John Adams
> Sent: Friday, 11 June 2010 6:00 AM
> To: twitter-development-talk@googlegroups.com
> Subject: Re: [twitter-dev] tco crawler details
>
>
>
> t.co is not a crawler; Are you referring to the URL unpacking process or
> something else?
>
>
>
> -john
>
>
>
> On Thu, Jun 10, 2010 at 11:46 PM, Ken  wrote:
>
> If tco is to be the new three-letter agency and gatekeeper, we would
> like to treat it nice and whitelist its crawler. If tco is
> inadvertantly blocked, what happens?
>
> I do not know if we have already been checked by tco as I have not
> sent or received a dm with one of our own URLs.
>
> What are the user-agent and IP addresses used by this crawler? Does it
> check robots.txt?
>
> And since, for some, a tco thumbsdown could be a problem, is there a
> (speedy) appeals process?
>
>

[twitter-dev] Re: tco crawler details

[Ken]

Dean - I meant the IP of the crawler - we have lots of DENY ACLs in
place to curb rogue bots.

On Jun 11, 3:21 pm, "Dean Collins"  wrote:
> Of course it is.
>
> Twitter were asked what "defines" a "bad" site on the second day but I
> haven't seen a reply apart from more questions about who is making the
> choice, eg will pornography be classed as "bad", will religious free
> speech be classed as "bad".
>
> I don't think the Twitheads thought through what it means to now offer
> an "aol" version of the web and the long term responsibilities that this
> entails through implicit guarantees to their users.
>
> Of course Ken you don't expect them to publish their ip address list do
> youotherwise some smartass would route this ip address to a "clean"
> site and everyone else to the "bad" content.
>
> Regards,
>
> Dean Collins
> Cognation Inc
> d...@cognation.net
>  +1-212-203-4357   New York
> +61-2-9016-5642   (Sydney in-dial).
> +44-20-3129-6001 (London in-dial).
>
> 
>
> From: twitter-development-talk@googlegroups.com
> [mailto:twitter-development-t...@googlegroups.com] On Behalf Of John
> Adams
> Sent: Friday, 11 June 2010 6:00 AM
> To: twitter-development-talk@googlegroups.com
> Subject: Re: [twitter-dev] tco crawler details
>
> t.co is not a crawler; Are you referring to the URL unpacking process or
> something else?
>
> -john
>
> On Thu, Jun 10, 2010 at 11:46 PM, Ken  wrote:
>
> If tco is to be the new three-letter agency and gatekeeper, we would
> like to treat it nice and whitelist its crawler. If tco is
> inadvertantly blocked, what happens?
>
> I do not know if we have already been checked by tco as I have not
> sent or received a dm with one of our own URLs.
>
> What are the user-agent and IP addresses used by this crawler? Does it
> check robots.txt?
>
> And since, for some, a tco thumbsdown could be a problem, is there a
> (speedy) appeals process?

RE: [twitter-dev] tco crawler details

[Dean Collins]

Of course it is.

 

Twitter were asked what "defines" a "bad" site on the second day but I
haven't seen a reply apart from more questions about who is making the
choice, eg will pornography be classed as "bad", will religious free
speech be classed as "bad".

 

I don't think the Twitheads thought through what it means to now offer
an "aol" version of the web and the long term responsibilities that this
entails through implicit guarantees to their users.

 

Of course Ken you don't expect them to publish their ip address list do
youotherwise some smartass would route this ip address to a "clean"
site and everyone else to the "bad" content.

 

 

Regards,

Dean Collins
Cognation Inc
d...@cognation.net
 +1-212-203-4357   New York
+61-2-9016-5642   (Sydney in-dial).
+44-20-3129-6001 (London in-dial).



From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of John
Adams
Sent: Friday, 11 June 2010 6:00 AM
To: twitter-development-talk@googlegroups.com
Subject: Re: [twitter-dev] tco crawler details

 

t.co is not a crawler; Are you referring to the URL unpacking process or
something else?

 

-john

 

On Thu, Jun 10, 2010 at 11:46 PM, Ken  wrote:

If tco is to be the new three-letter agency and gatekeeper, we would
like to treat it nice and whitelist its crawler. If tco is
inadvertantly blocked, what happens?

I do not know if we have already been checked by tco as I have not
sent or received a dm with one of our own URLs.

What are the user-agent and IP addresses used by this crawler? Does it
check robots.txt?

And since, for some, a tco thumbsdown could be a problem, is there a
(speedy) appeals process?

 

[twitter-dev] Re: Pagination limits lowered on home timeline?

[Raymond Yee]

I'm experiencing a similar problem.  I'm trying to download all my own
statuses (for rdhyee) via the API but have only been able to get 728.
For example

http://api.twitter.com/1/statuses/user_timeline.json?screen_name=rdhyee&count=200&page=5
(http://bit.ly/b0s8gE) is the last page of 200 statuses I can get but
http://api.twitter.com/1/statuses/user_timeline.json?screen_name=rdhyee&count=200&page=6
(http://bit.ly/aU4TYT) returns no tweets.

I have over 2000 tweets, so the latter call should still return
statuses.

Has the 3200 limit changed?  Or is that  an upper limit -- that is,
you're guaranteed that you will never get more than 3200 but you might
get fewer?

-Raymond

On Jun 2, 5:26 am, Andrej  wrote:
> Hello,
>
> based on API doc there is a limit of3,200statuses for home timeline:
>
> 'Clients may access up to3,200statuses via the page and count
> parameters for timeline REST API methods'
>
> I noticed today that I can only fetch last 800 statuses only.
> Anyone else experiencing same issue?
>
> Thanks

[twitter-dev] Re: tco crawler details

[Ken]

Presumably, in order to check that a URL is not malicious, it would
have to be accessed and analysed by tco.

In his post Raffi said, "Twitter will redirect them to the original
URL after first confirming with our database that that URL is not
malicious." So it's not by domain, but by URL.

One of our Twitter apps is built in to our CMS workflow and tweets new
content that an editor has selected. Now, I guess - unless domains can
be whitelisted - Twitter will have to crawl and approve the newly
minted content page... before publishing the Tweet ??

On Jun 11, 12:00 pm, John Adams  wrote:
> t.co is not a crawler; Are you referring to the URL unpacking process or
> something else?
>
> -john
>
> On Thu, Jun 10, 2010 at 11:46 PM, Ken  wrote:
> > If tco is to be the new three-letter agency and gatekeeper, we would
> > like to treat it nice and whitelist its crawler. If tco is
> > inadvertantly blocked, what happens?
>
> > I do not know if we have already been checked by tco as I have not
> > sent or received a dm with one of our own URLs.
>
> > What are the user-agent and IP addresses used by this crawler? Does it
> > check robots.txt?
>
> > And since, for some, a tco thumbsdown could be a problem, is there a
> > (speedy) appeals process?

Re: [twitter-dev] tco crawler details

[John Adams]

t.co is not a crawler; Are you referring to the URL unpacking process or
something else?

-john


On Thu, Jun 10, 2010 at 11:46 PM, Ken  wrote:

> If tco is to be the new three-letter agency and gatekeeper, we would
> like to treat it nice and whitelist its crawler. If tco is
> inadvertantly blocked, what happens?
>
> I do not know if we have already been checked by tco as I have not
> sent or received a dm with one of our own URLs.
>
> What are the user-agent and IP addresses used by this crawler? Does it
> check robots.txt?
>
> And since, for some, a tco thumbsdown could be a problem, is there a
> (speedy) appeals process?
>

Re: [twitter-dev] share on twitter button

[Abraham Williams]

You can use the @Anywhere TweetBox:
http://dev.twitter.com/anywhere/begin#tweetbox

Or send them to https://twitter.com/?status=text+goes+here

Abraham
-
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


On Thu, Jun 10, 2010 at 16:18, mcmmike  wrote:

> how do i go about creating a button that would allow a user on MY
> website to post a custom message like: "this is a amazing website
> http://blah.com"; on their twitter feed?
>
> I have seen tools like ShareThis or whatever but we want a bare bones
> type of link.  Do we have to interface with the API and on first time
> use do the authentication process with twitter?  or is there a way to
> fill in the message box without that.  WE are not looking to actually
> "post" the message - just take the user to their twitter page and
> display the message in the box.
>
> thanks in advance,
>