Re: [twitter-dev] What can be done with twitter data?
Am 15.06.2010 21:36, schrieb ckell...@gmail.com: What can be done with the twitter api? What can be done with data? What kind of output is useful to the general public? So far I have found twitter to be a public version of text messages. I have ideas for twitter such as twitter dating and twitter chatrooms is this something that the twitter api could be used for to develop such a program? -Chris ckel...@aol.com Sent on the Sprint® Now Network from my BlackBerry® dating... i dont know. i also dont know if i want my dating approaches to be visible for anyone and indexed by google, etc. chat... maybe? if you setup one account per chatchannel / room, people can DM that account, and a bot would DM anyone who is registered for that room. it is possible, i suppose. if its not via DM chatting people would spam other peoples timelines, at least i would see it that way.
Re: [twitter-dev] Rate limits, bad gateway, etc.
Hi Bhushan, You can find specific information about rate limiting on our dev site [1]. The main reason for seeing a rate-limit is that you, or your IP, have made too many requests over the measured time. One of many reasons for this happening is if you are using shared hosting. It could be that somebody else with your IP is also making requests from Twitter. One way of approaching this is to use authenticated calls. This way your application is identifiable over any other request on the same IP. Hope that helps explain what could be happening. Matt 1. http://dev.twitter.com/pages/rate-limiting On Wed, Jun 16, 2010 at 12:23 AM, Bhushan Garud garud.bhus...@gmail.comwrote: Hi Taylor, I am using [Tweetr APIs] for my application. I want to get user's public feeds. However, i am facing a GET request rate limit problem. I am wondering even if i make one or two request, it is giving me 400 error [rate-limit reached]. If you can explain me the reason or any workaround for this problem, it will be great Thanks regards, Bhushan On Wed, Jun 9, 2010 at 12:41 AM, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Ed, I think you're doing the best that you can do to be fault tolerant in this case. We generally recommend exponential back-off in the face of continued error.. perhaps waiting 5 seconds before retrying after the first failed request, then widening to a longer duration, and so on with each subsequent error. It is recommended that you implement this kind of behavior, as in times of high error rates, those applications that are ignoring error codes and retrying the same requests most aggressively are candidates for temporary blacklisting (to relieve the unproductive stress on the system as it recovers from error states). Your normal operation behavior also seems to be the correct one to utilize. Though if you want to implement additional waiting time, that's up to you. Dynamically handling rate limiting is a good idea, as one shouldn't really expect the rate limiting to a constant function/rate (though they generally are today). Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Jun 8, 2010 at 11:36 AM, M. Edward (Ed) Borasky zn...@borasky-research.net wrote: I have a Perl script that downloads historical tweets using the user_timeline REST API call. I'm running into 503 - Bad Gateway - Twitter / Over capacity errors when I run it. Questions: 1. When I run into an error, I'm waiting 45 seconds before retrying. Should I wait longer? Is there a shorter recommended wait time after an Over capacity error? Do I need to wait at all? 2. In normal operation, I'm using the returned rate limit header information to pace the request rate so that I never run out of calls. This can generate a call as soon as I've completed processing of the previous data. Should I insert a non-zero wait time here? I've tested explicit wait times as high as 20 seconds here and they don't seem to be reducing the incidence of Over capacity errors. -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
[twitter-dev] Who retweeted?
Maybe not a dev question, but I keep wanting to click on retweeted by you and one other to know who that was!
[twitter-dev] Re: Who retweeted?
To clarify, I know how to find out, I just expect that text to be clickable.
Re: [twitter-dev] Trouble generating OAuth signature
Hi Felipe, Taking a quick look at your code you've got a few things which will be causing you problems. With your signature generation you're correct in using hash_hmac but you've missed out the base64 encoding. It also looks like you won't be getting the raw signature from your hash_hmac function. Looking at the docs for that function you need to append 'true' to the end. You also want to make sure your parameters are lexicographically ordered before and after you generate the signature. In your case the sign part is in order, but your authorization header is not. You may have done this already but if not, take a look at the Authenticating Requests page of dev.twitter.com [1] for an overview of the steps you need to follow. There are also a couple of libraries which do the heavy lifting for you when generating the signatures so they act as good references if you want to create your own. We have a list of those on the dev site too [2] 1. http://dev.twitter.com/pages/auth#signing-requests 2. http://dev.twitter.com/pages/oauth_libraries#php Hope that helps, you know where we are if you still have trouble getting it all to work, Matt On Tue, Jun 15, 2010 at 5:58 PM, Felipe Sodré Silva fso...@gmail.comwrote: Hello all. I'm trying to write a simple application that sends an update Hello World on behalf of my own twitter account. Therefore, I got my access token and secret in my dev.twitter webpage and hardcoded it into the code (which I hided for making it public): http://pastebin.com/n6Ba5nrW However, I keep getting the following response: {request:/1/statuses/update.json,error:Incorrect signature} I'm doing the whole process by reading this guide: http://dev.twitter.com/pages/auth But I just cannot get it to work. What am I doing wrong during the signature assembly ? Thanks in advance! Felipe -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
[twitter-dev] Re: Repeat Tweets
Thanks for letting us know about these Andy. As Taylor was saying the instabilities the other day are likely to have been the cause for these getting through. It shouldn't happen now but anything that did get through will still be there. Matt On Jun 15, 6:39 pm, Andy Matsubara andymatsub...@gmail.com wrote: Taylor, There's a sample of six consecutive tweets.http://twitter.com/AppleWalker/status/16204554355http://twitter.com/AppleWalker/status/16204551280http://twitter.com/AppleWalker/status/16204548302http://twitter.com/AppleWalker/status/16204545368http://twitter.com/AppleWalker/status/16204542279http://twitter.com/AppleWalker/status/16204539134 Andy Matsubara On Wed, Jun 16, 2010 at 4:21 AM, methnen meth...@gmail.com wrote: Can you provide some links to the repeated tweets? While things were at their worse last night, it was very easy for duplicate updates to get processed but that shouldn't be the case now. We manually deleted them and it now appears to have stopped. Are you sure that the client you were using isn't trying to re-post tweets on your behalf, thinking they haven't been posted yet? At first I thought it might be on our end. As we use the API to make tweets via a custom script in our CMS. However, the script records successful posts and then stops posting and the repeating tweet was recorded as a successful post and our system never sent it to Twitter again. Anyway it appears to have stopped so I guess all is good. :)
[twitter-dev] Re: Links stripped from tweets
I should probably clarify that the urls aren't stripped, just the anchor tags surrounding them. Anyone else have this problem? On Jun 16, 10:24 am, Rudiger bpa...@rocketmail.com wrote: Hi there, I'm fetching the latest tweet from a list of users through /users/lookup in the REST API. I've noticed that all links (commonly tweet pics etc) are stripped from the xpath //users/user/ status/text. Why does twitter strip links and is there a way to reinstate them. Thanks.
[twitter-dev] [Twitter Profile Image Update]What am I gonna do? anybody knows?
I'm trying to make a APP about changing Twitter Avatar Image. I have tried about this problem for 2week. but I could found any solution. I tried this method using Curl. and this method works well. [Curl Method] curl -u user:password -H 'Expect:' -F image=@'test2.png;type=image/ png' http://api.twitter.com/1/account/update_profile_image.xml but iPhone is not working. Did I forgot or missed something? Anybody~ Somebody~ help me. My codes is like below and The debbuger show like this error messages -(void)request:(NSURL *)url{ if (isPost) { UIImage *myImage = [UIImage imageNamed:@1.jpg]; NSData *imageData = [[NSData alloc] initWithData:UIImageJPEGRepresentation(myImage, 90)]; requestBody = [NSString stringWithFormat:@image=%@,[[[NSString alloc] initWithData:imageData encoding:NSUTF8StringEncoding]autorelease]]; theRequest = [[NSMutableURLRequest alloc] initWithURL:url]; [theRequest setHTTPMethod:@POST]; NSString *stringBoundary = [NSString stringWithString:@0xKhTmLbOuNdArY]; NSString *contentType = [NSString stringWithFormat:@multipart/form- data; boundary=%@, stringBoundary]; [theRequest addValue:contentType forHTTPHeaderField:@Content- Type]; NSMutableData *postBody = [NSMutableData data]; [postBody appendData:[[NSString stringWithFormat:@\r\n\r\n...@\r \n, stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithString:@Content- Disposition: form-data; name=\source\\r\n\r\n] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithString:@canary] dataUsingEncoding:NSUTF8StringEncoding]]; NSString *mimeType = mimeType = @image/jpeg; [postBody appendData:[[NSString stringWithFormat:@\r\n...@\r \n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithFormat:@Content- Disposition: form-data; name=\image\; filename=\%...@\\r\n, @1.jpg] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithFormat:@Content-Type: %...@\r \n, mimeType] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithString:@Content-Transfer- Encoding: binary\r\n\r\n] dataUsingEncoding:NSUTF8StringEncoding]]; //[postBody appendData:image]; [postBody appendData:imageData]; [postBody appendData:[[NSString stringWithFormat:@\r\n...@\r \n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]]; [theRequest setHTTPBody:postBody]; NSLog(@ispost); theConnection = [[NSURLConnection alloc] initWithRequest:theRequest delegate:self]; } if (theConnection) { // Create the NSMutableData that will hold // the received data // reveivedData is declared as a method instance elsewhere receivedData = [[NSMutableData data] retain]; }else { // inform the user that the download could not be made } } [Error Messages] Attaching to process 45645. 2010-06-16 13:57:51.025 tw[45645:207] ispost 2010-06-16 13:57:52.193 tw[45645:207] Status: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/htmlStatus: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/html (gdb) clear
RE: [twitter-dev] What can be done with twitter data?
I think it can be used for much more than just that. it all depends how deep you think you wannna go Sent from my Nokia phone -Original Message- From: kuhkatz Sent: 16/06/2010 1:42:02 pm Subject: Re: [twitter-dev] What can be done with twitter data? Am 15.06.2010 21:36, schrieb ckell...@gmail.com: What can be done with the twitter api? What can be done with data? What kind of output is useful to the general public? So far I have found twitter to be a public version of text messages. I have ideas for twitter such as twitter dating and twitter chatrooms is this something that the twitter api could be used for to develop such a program? -Chris ckel...@aol.com Sent on the Sprint® Now Network from my BlackBerry® dating... i dont know. i also dont know if i want my dating approaches to be visible for anyone and indexed by google, etc. chat... maybe? if you setup one account per chatchannel / room, people can DM that account, and a bot would DM anyone who is registered for that room. it is possible, i suppose. if its not via DM chatting people would spam other peoples timelines, at least i would see it that way.
[twitter-dev] Re: TwitPic oAuth Echo Help! - PHP
Taylor, This is great! Thanks for helping me out - nice to see Twitter employees helping the developers! Great work. - Greg On Jun 15, 10:39 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Greg, Went over your code a bit more and got it to work with TwitPic -- here's the new version:http://pastie.org/1005387 Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Jun 15, 2010 at 6:31 AM, Taylor Singletary taylorsinglet...@twitter.com wrote: One thing to watch out for with OAuth Echo is that you don't actually execute the verify_credentials call yourself when you're building the authorization header for the request -- by doing so, you will have marked the oauth_nonce you used as already processed. Looking at your code, I don't think that's your issue. Your code shows you tacking on the oauth_token to the authorization header, but it needs to be part of your entire signed request. You should be using your oauth_token while building your signature base string, and then use your oauth_token_secret as part of the composite signing key you use to sign the request -- then generate your HTTP header and attach it to the OAuth Echo request to twitpic. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Jun 15, 2010 at 4:30 AM, Greg gregory.av...@gmail.com wrote: Hello all, I've trying to get this to work for the past couple of days - but every request to TwitPic returns a 401. I'm signing the requests with my ConsumerKey and consumerSecret to Twitter using the verify_account API call. Then I'm adding in the Oauth Realm and the OAuth Token as part of the header. Can anyone point out what I am doing wrong? Code Here:http://pastie.org/1005179 Thanks again, Greg
Re: [twitter-dev] anywhere link overriding
Ok. Using jquery: $(a.twitter-anywhere-user).each(function () { $(this).attr('target', '_blank');}); fixes it. On Wed, Jun 16, 2010 at 1:50 AM, Todd Kloots klo...@twitter.com wrote: At the moment, no. You'll need to do that yourself. Not too difficult though, since @Anywhere stamps each link with a class of twitter-anywhere-user. So, you could iterate over all anchor elements, and if they have that class add the target attribute with a value of _blank. - Todd On Tue, Jun 15, 2010 at 2:44 PM, Furkan Kuru furkank...@gmail.com wrote: Is there any possibility to change the anywhere links to include target=_blank attribute and value in order to open in a new window? -- Furkan Kuru -- Furkan Kuru
Re: [twitter-dev] Re: Links stripped from tweets
On Tue, 15 Jun 2010 23:26:41 -0700 (PDT) Rudiger bpa...@rocketmail.com wrote: I should probably clarify that the urls aren't stripped, just the anchor tags surrounding them. Anyone else have this problem? Are you sure the anchor tags were there in the first place? Many posts simply have text that says http://this.that.com;. -- Bernd Stramm bernd.str...@gmail.com
Re: [twitter-dev] Tracking Unfavoriting
User Streams have favorites and unfavorites for the logged in user and that user's followings. This feature is in preview and isn't yet available for service integrations, but we hope to fix that soon. Otherwise, favorites are a bit of a second-class object within Twitter, although we do want to make them on par with tweets and retweets and such, it's not easy. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. On Wed, Jun 16, 2010 at 1:30 AM, jhughes96 thewelshjoelhug...@gmail.com wrote: Hi, I have in mind an application which will need accurate access to favorites and, as well, tweets which have been unfavorited. In the ideal world there would be a streamed list of these events (e.g. USER XXX FAVORITED TWEET TTT, USER YYY UNFAVORITED TWEET etc). Is this the only method available? http://apiwiki.twitter.com/Twitter-REST-API-Method:-favorites ...can't see how that's going to help with whether something have been UNfavorited. Thanks for any thoughts. @Joel_Hughes
[twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21
Hi Developers, A little late notice, but just wanted to make sure you've all seen what was posted on the Twitter status blog a bit earlier: MAINTENANCE ACTION: — We’ll be working with our network provider to perform some tests and maintenance. During this time you can expect a high rate of errors (whales) DATE/TIME WINDOW: — June 16th @ 6-7:30 AM PDT AFFECTED RESOURCES: ——— Twitter.com and* Api.twitter.com* * * *Might be a bit bumpy this morning, but intentionally so.* * * Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21
A planned maintenance from 9-10:30A EDT and during one of the World Cup games? Wow. I hope it's really important. Taylor Singletary wrote: Hi Developers, A little late notice, but just wanted to make sure you've all seen what was posted on the Twitter status blog a bit earlier: MAINTENANCE ACTION: — We’ll be working with our network provider to perform some tests and maintenance. During this time you can expect a high rate of errors (whales) DATE/TIME WINDOW: — June 16th @ 6-7:30 AM PDT AFFECTED RESOURCES: ——— Twitter.com and* Api.twitter.com http://Api.twitter.com* * * *Might be a bit bumpy this morning, but intentionally so.* * *Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
Re: [twitter-dev] [Twitter Profile Image Update]What am I gonna do? anybody knows?
Hi Jusung, Our image upload facilities are in need of some refactoring -- they frequently respond with a 500, sometimes having processed the image and sometimes not. Have you checked after uploading to see if the image was accepted? I'm not familiar enough with Objective-C to really help you in that area, but I wanted to make sure you know that basic authentication is going away later this month, and if you're working on any kind of new project, you should be using OAuth: http://dev.twitter.com/pages/auth_overview Taylor On Tue, Jun 15, 2010 at 11:43 PM, jusung Kye kyejus...@gmail.com wrote: I'm trying to make a APP about changing Twitter Avatar Image. I have tried about this problem for 2week. but I could found any solution. I tried this method using Curl. and this method works well. [Curl Method] curl -u user:password -H 'Expect:' -F image=@'test2.png;type=image/ png' http://api.twitter.com/1/account/update_profile_image.xml but iPhone is not working. Did I forgot or missed something? Anybody~ Somebody~ help me. My codes is like below and The debbuger show like this error messages -(void)request:(NSURL *)url{ if (isPost) { UIImage *myImage = [UIImage imageNamed:@1.jpg]; NSData *imageData = [[NSData alloc] initWithData:UIImageJPEGRepresentation(myImage, 90)]; requestBody = [NSString stringWithFormat:@ image=%@,[[[NSString alloc] initWithData:imageData encoding:NSUTF8StringEncoding]autorelease]]; theRequest = [[NSMutableURLRequest alloc] initWithURL:url]; [theRequest setHTTPMethod:@POST]; NSString *stringBoundary = [NSString stringWithString:@0xKhTmLbOuNdArY]; NSString *contentType = [NSString stringWithFormat:@ multipart/form- data; boundary=%@, stringBoundary]; [theRequest addValue:contentType forHTTPHeaderField:@ Content- Type]; NSMutableData *postBody = [NSMutableData data]; [postBody appendData:[[NSString stringWithFormat:@ \r\n\r\n...@\r \n, stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithString:@Content- Disposition: form-data; name=\source\\r\n\r\n] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithString:@canary] dataUsingEncoding:NSUTF8StringEncoding]]; NSString *mimeType = mimeType = @image/jpeg; [postBody appendData:[[NSString stringWithFormat:@\r\n--%@ \r \n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithFormat:@Content- Disposition: form-data; name=\image\; filename=\%...@\\r\n, @1.jpg] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithFormat:@Content-Type: %...@\r \n, mimeType] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithString:@ Content-Transfer- Encoding: binary\r\n\r\n] dataUsingEncoding:NSUTF8StringEncoding]]; //[postBody appendData:image]; [postBody appendData:imageData]; [postBody appendData:[[NSString stringWithFormat:@\r\n--%@ \r \n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]]; [theRequest setHTTPBody:postBody]; NSLog(@ispost); theConnection = [[NSURLConnection alloc] initWithRequest:theRequest delegate:self]; } if (theConnection) { // Create the NSMutableData that will hold // the received data // reveivedData is declared as a method instance elsewhere receivedData = [[NSMutableData data] retain]; }else { // inform the user that the download could not be made } } [Error Messages] Attaching to process 45645. 2010-06-16 13:57:51.025 tw[45645:207] ispost 2010-06-16 13:57:52.193 tw[45645:207] Status: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/htmlStatus: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/html (gdb) clear
RE: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21
Guess the twitter technical team aren't soccer fans and follow baseball? Cheers, Dean Collins http://www.LiveWorldCUpChat.com -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development- t...@googlegroups.com] On Behalf Of BJ Weschke Sent: Wednesday, 16 June 2010 9:45 AM To: twitter-development-talk@googlegroups.com Cc: twitter-api-announce Subject: Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21 A planned maintenance from 9-10:30A EDT and during one of the World Cup games? Wow. I hope it's really important. Taylor Singletary wrote: Hi Developers, A little late notice, but just wanted to make sure you've all seen what was posted on the Twitter status blog a bit earlier: MAINTENANCE ACTION: - We'll be working with our network provider to perform some tests and maintenance. During this time you can expect a high rate of errors (whales) DATE/TIME WINDOW: - June 16th @ 6-7:30 AM PDT AFFECTED RESOURCES: --- Twitter.com and* Api.twitter.com http://Api.twitter.com* * * *Might be a bit bumpy this morning, but intentionally so.* * *Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21
The wording wasn't accurate and has since been changed. They're going to be poking around with network and monitoring traffic, and there's always a very small chance that something will go wrong, a link will drop, and it'll take a few seconds for the network topology to re-converge. Usually we hardly take note of, or can even detect, a partition, due to the low convergency latency. However, when we're running the backlinks so hot, anything could happen. They're just trying to communicate the somewhat elevated risk of this measurement that is only useful during a peak event and is necessary to add appropriate capacity and balance load. On Wed, Jun 16, 2010 at 6:44 AM, BJ Weschke bwesc...@btwtech.com wrote: A planned maintenance from 9-10:30A EDT and during one of the World Cup games? Wow. I hope it's really important. Taylor Singletary wrote: Hi Developers, A little late notice, but just wanted to make sure you've all seen what was posted on the Twitter status blog a bit earlier: MAINTENANCE ACTION: — We’ll be working with our network provider to perform some tests and maintenance. During this time you can expect a high rate of errors (whales) DATE/TIME WINDOW: — June 16th @ 6-7:30 AM PDT AFFECTED RESOURCES: ——— Twitter.com and* Api.twitter.com http://Api.twitter.com* * * *Might be a bit bumpy this morning, but intentionally so.* * *Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21
I know you are just joking, but here's what's we're doing: We all have every world cup game in our corporate calendars and for many of us, our entire day, sleep included, is paced around the three world cup games. Deploys, maintenance, and everything else has been shifted around. And the games are obvious in the graphs, and we do a lot of graph-looking-at-and-talking-about-and-such. -John On Wed, Jun 16, 2010 at 6:47 AM, Dean Collins d...@cognation.net wrote: Guess the twitter technical team aren't soccer fans and follow baseball? Cheers, Dean Collins http://www.LiveWorldCUpChat.com -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development- t...@googlegroups.com] On Behalf Of BJ Weschke Sent: Wednesday, 16 June 2010 9:45 AM To: twitter-development-talk@googlegroups.com Cc: twitter-api-announce Subject: Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21 A planned maintenance from 9-10:30A EDT and during one of the World Cup games? Wow. I hope it's really important. Taylor Singletary wrote: Hi Developers, A little late notice, but just wanted to make sure you've all seen what was posted on the Twitter status blog a bit earlier: MAINTENANCE ACTION: - We'll be working with our network provider to perform some tests and maintenance. During this time you can expect a high rate of errors (whales) DATE/TIME WINDOW: - June 16th @ 6-7:30 AM PDT AFFECTED RESOURCES: --- Twitter.com and* Api.twitter.com http://Api.twitter.com* * * *Might be a bit bumpy this morning, but intentionally so.* * *Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21
Thanks John. That makes more sense. John Kalucki wrote: The wording wasn't accurate and has since been changed. They're going to be poking around with network and monitoring traffic, and there's always a very small chance that something will go wrong, a link will drop, and it'll take a few seconds for the network topology to re-converge. Usually we hardly take note of, or can even detect, a partition, due to the low convergency latency. However, when we're running the backlinks so hot, anything could happen. They're just trying to communicate the somewhat elevated risk of this measurement that is only useful during a peak event and is necessary to add appropriate capacity and balance load. On Wed, Jun 16, 2010 at 6:44 AM, BJ Weschke bwesc...@btwtech.com wrote: A planned maintenance from 9-10:30A EDT and during one of the World Cup games? Wow. I hope it's really important. Taylor Singletary wrote: Hi Developers, A little late notice, but just wanted to make sure you've all seen what was posted on the Twitter status blog a bit earlier: MAINTENANCE ACTION: — We’ll be working with our network provider to perform some tests and maintenance. During this time you can expect a high rate of errors (whales) DATE/TIME WINDOW: — June 16th @ 6-7:30 AM PDT AFFECTED RESOURCES: ——— Twitter.com and* Api.twitter.com http://Api.twitter.com* * * *Might be a bit bumpy this morning, but intentionally so.* * *Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21
Convergency isn't a word. I meant convergence. On Wed, Jun 16, 2010 at 6:58 AM, John Kalucki j...@twitter.com wrote: The wording wasn't accurate and has since been changed. They're going to be poking around with network and monitoring traffic, and there's always a very small chance that something will go wrong, a link will drop, and it'll take a few seconds for the network topology to re-converge. Usually we hardly take note of, or can even detect, a partition, due to the low convergency latency. However, when we're running the backlinks so hot, anything could happen. They're just trying to communicate the somewhat elevated risk of this measurement that is only useful during a peak event and is necessary to add appropriate capacity and balance load. On Wed, Jun 16, 2010 at 6:44 AM, BJ Weschke bwesc...@btwtech.com wrote: A planned maintenance from 9-10:30A EDT and during one of the World Cup games? Wow. I hope it's really important. Taylor Singletary wrote: Hi Developers, A little late notice, but just wanted to make sure you've all seen what was posted on the Twitter status blog a bit earlier: MAINTENANCE ACTION: — We’ll be working with our network provider to perform some tests and maintenance. During this time you can expect a high rate of errors (whales) DATE/TIME WINDOW: — June 16th @ 6-7:30 AM PDT AFFECTED RESOURCES: ——— Twitter.com and* Api.twitter.com http://Api.twitter.com* * * *Might be a bit bumpy this morning, but intentionally so.* * *Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
[twitter-dev] Re: Dev Portal Login
Login to developer.twitter.com kicks back developer.twitter.com uses an invalid security certificate. Are things falling apart in the Twitter world? On Jun 15, 4:55 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Sorry for all the issues around this login -- I really want to get this login functioning correctly but we've had some system-wide changes recently that have made some elements of fixing this for reals though difficult. It's an incredibly basic issue that's overcomplicated by the particularities of our production environment, the interaction of SSL, and subdomains. I hope to have it fixed by the end of the week. For now -- login to twitter.com, then go to the portal. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Jun 15, 2010 at 12:41 PM, Brian Wigginton brianwiggin...@gmail.comwrote: Is anyone else having problems logging into the dev portal? I keep getting directed tohttps://twitter.com/sessionswith the message Sorry, that page doesn’t exist! -Brian Wigginton
[twitter-dev] Granularity for geo/search is strange/unknown
Hey everyone, I am trying to search for locations using the new geo/search API call, but the granularity of the locations returned is nearby cities at best even though the granularity is set to neighborhood. I would like to pass in simply a lat/long, but even when I pass in a search query as well, I either get extremely broad results or no results at all. Heres an example that I've been trying which is returning cities as far away as Virginia although the lat/long is really in Charleston, SC. http://api.twitter.com/1/geo/search.json?query=java+javaaccuracy=761.9884176autocomplete=falselong=-80.1489lat=32.6058granularity=neighborhood The autocomplete param is undocumented, although switching it from false to true doesn't seem to have an effect anyways. Is there something I'm missing here? Thanks in advance for the help!
[twitter-dev] oAuth for server-side applications
Okay, I'm totally confused with Twitter's move to drop HTTP BASIC authorization. My problem is with a set of Twitter accounts that are primarily accessed PROGRAMATICALLY by server-side processes; there is no client per se, or rather, the server process IS the client. For example, an automated process that periodically sends status tweets. The programming currently uses the API with BASIC authentication (via HTTPS). I am a loss as to how OAuth is applied in this situation. A clearly expressed example would be greatly appreciated.
Re: [twitter-dev] [Twitter Profile Image Update]What am I gonna do? anybody knows?
Jusung - I'm using Objective-c as well and I've gotten more than an handful of 500 errors, even the the post was successful and the avatar was updated. The users/show API also is slow to update and show the new avatar. Is your Twitter avatar update reflected on twitter.com ? +Clint On Wed, Jun 16, 2010 at 8:56 AM, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jusung, Our image upload facilities are in need of some refactoring -- they frequently respond with a 500, sometimes having processed the image and sometimes not. Have you checked after uploading to see if the image was accepted? I'm not familiar enough with Objective-C to really help you in that area, but I wanted to make sure you know that basic authentication is going away later this month, and if you're working on any kind of new project, you should be using OAuth: http://dev.twitter.com/pages/auth_overview Taylor On Tue, Jun 15, 2010 at 11:43 PM, jusung Kye kyejus...@gmail.com wrote: I'm trying to make a APP about changing Twitter Avatar Image. I have tried about this problem for 2week. but I could found any solution. I tried this method using Curl. and this method works well. [Curl Method] curl -u user:password -H 'Expect:' -F image=@'test2.png;type=image/ png' http://api.twitter.com/1/account/update_profile_image.xml but iPhone is not working. Did I forgot or missed something? Anybody~ Somebody~ help me. My codes is like below and The debbuger show like this error messages -(void)request:(NSURL *)url{ if (isPost) { UIImage *myImage = [UIImage imageNamed:@1.jpg]; NSData *imageData = [[NSData alloc] initWithData:UIImageJPEGRepresentation(myImage, 90)]; requestBody = [NSString stringWithFormat:@ image=%@,[[[NSString alloc] initWithData:imageData encoding:NSUTF8StringEncoding]autorelease]]; theRequest = [[NSMutableURLRequest alloc] initWithURL:url]; [theRequest setHTTPMethod:@POST]; NSString *stringBoundary = [NSString stringWithString:@0xKhTmLbOuNdArY]; NSString *contentType = [NSString stringWithFormat:@ multipart/form- data; boundary=%@, stringBoundary]; [theRequest addValue:contentType forHTTPHeaderField:@ Content- Type]; NSMutableData *postBody = [NSMutableData data]; [postBody appendData:[[NSString stringWithFormat:@ \r\n\r\n...@\r \n, stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithString:@ Content- Disposition: form-data; name=\source\\r\n\r\n] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithString:@ canary] dataUsingEncoding:NSUTF8StringEncoding]]; NSString *mimeType = mimeType = @image/jpeg; [postBody appendData:[[NSString stringWithFormat:@ \r\n...@\r \n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithFormat:@ Content- Disposition: form-data; name=\image\; filename=\%...@\\r\n, @1.jpg] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithFormat:@Content-Type: %...@\r \n, mimeType] dataUsingEncoding:NSUTF8StringEncoding]]; [postBody appendData:[[NSString stringWithString:@ Content-Transfer- Encoding: binary\r\n\r\n] dataUsingEncoding:NSUTF8StringEncoding]]; //[postBody appendData:image]; [postBody appendData:imageData]; [postBody appendData:[[NSString stringWithFormat:@ \r\n...@\r \n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]]; [theRequest setHTTPBody:postBody]; NSLog(@ispost); theConnection = [[NSURLConnection alloc] initWithRequest:theRequest delegate:self]; } if (theConnection) { // Create the NSMutableData that will hold // the received data // reveivedData is declared as a method instance elsewhere receivedData = [[NSMutableData data] retain]; }else { // inform the user that the download could not be made } } [Error Messages] Attaching to process 45645. 2010-06-16 13:57:51.025 tw[45645:207] ispost 2010-06-16 13:57:52.193 tw[45645:207] Status: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/htmlStatus: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/html (gdb) clear
Re: [twitter-dev] oAuth for server-side applications
You're likely best served by taking the approach of implementing only the parts of OAuth you need to complete your single-user use case. (Highly recommend using a library). We provide a feature that makes it easy for you to get your own access token from dev.twitter.com, which you can hard code into your application and essentially you'll be changing from a state of: (current) Always passing a login and password with every request to Always passing an OAuth authorization header containing your access token on every request Find out more about the single token solution here: http://dev.twitter.com/pages/oauth_single_token -- you'll be able to get your access tokens, in addition to your API keys, after registering an application there. If you have the need for multiple users, you have a few approaches you can take, http://dev.twitter.com/pages/auth_overview goes over a number of them. Once you've acquired an access token, you can persist it for as long as you want to make calls with it (or until the user manually revokes the authorization) Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Wed, Jun 16, 2010 at 7:25 AM, Rob robert-h...@comcast.net wrote: Okay, I'm totally confused with Twitter's move to drop HTTP BASIC authorization. My problem is with a set of Twitter accounts that are primarily accessed PROGRAMATICALLY by server-side processes; there is no client per se, or rather, the server process IS the client. For example, an automated process that periodically sends status tweets. The programming currently uses the API with BASIC authentication (via HTTPS). I am a loss as to how OAuth is applied in this situation. A clearly expressed example would be greatly appreciated.
[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce
Hi Matt, Thanks for responding. My authorization header is still the same as it was in my first message above. Here it is for another request I just tried: OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276701304, oauth_consumer_key=x, oauth_token=- x, oauth_signature=xxx %3D, oauth_version=1.0 The post body is simply: status=my%20tweet When I create the request in objective c, it looks like this: (where authHeader is the authorization header noted above and postBody is the post body noted above): NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@Authorization]; [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; [request setValue:postBodyLength forHTTPHeaderField:@Content- Length]; [request setHTTPBody:[postBody dataUsingEncoding:NSUTF8StringEncoding]]; This type of formatting works just fine for my xAuth authentication. On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote: Hey Craig, Could you let us see what the authorization header you are sending looks like (obfuscating your oauth keys and secrets)? What you're aiming for is a header similar to this: POST /1/statuses/update.xml HTTP/1.1 Accept: */* Connection: close User-Agent: OAuth gem v0.4.0 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_consumer_key=\\, oauth_nonce=\\, oauth_signature=\\, oauth_signature_method=\HMAC-SHA1\, oauth_timestamp=\1276634179\, oauth_token=\xx\, oauth_version=\1.0\ Content-Length: 27 Host: api.twitter.com With your post body being the status you are sending. Similar to: status=something%20to%20say Matt On Jun 13, 8:32 pm, Craig chanson9...@gmail.com wrote: Ok, so I believe my signature is correct because if I take out the oauth_token parameter from the signature base I get an incorrect signature error instead of the invalid/used nonce error. I am definitely posting to the correct url: https://api.twitter.com/1/ statuses/update.xml because if I change it I get an invalid url response. The nonce I'm generating is unique for every request I'm sending. The timestamp is accurate to the number of seconds that have passed since unix epoch. Obviously the invalid/used nonce error is garbage. Here's the formatting of my URL request in obj c: // Create the request NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@Authorization]; [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; [request setValue:postBodyLength forHTTPHeaderField:@Content- Length]; [request setHTTPBody:[postBody dataUsingEncoding:NSUTF8StringEncoding]]; Any other ideas? I'm at a total loss as to why this might be happening. Thanks, Craig On Jun 13, 3:42 pm, Craig chanson9...@gmail.com wrote: No dice. I just tried creating a new app and using the new keys/token to tweet. I'll go over my steps once more and see if I can track down an issue somewhere... On Jun 11, 8:53 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: xAuth in this case, I think, is unrelated to the issue. If you can use a different key and use the my token feature to get your access token, then try to tweet using that token, it will sufficiently express the problem I think. Taylor On Jun 11, 2010, at 2:48 PM, Craig chanson9...@gmail.com wrote: Hello, I have an iphone app that is using xauth. I am able to obtain the access token with no problem at all. When I go to post a status update, I receive an invalid / used nonce error. It can't actually be a used nonce since I have checked this multiple times. Here are the details of the post: url: http://api.twitter.com/1/statuses/update.xml signature base string: POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
Re: [twitter-dev] Re: oauth status update returning error 401 invalid / used nonce
Hi Craig, Do you know if the status update, status=my%20tweet is being encoded correctly in your signature base string (which is the string used to create your signature). For the signature base string, the key/value pair would look like: status%3Dmy%2520tweet Have you tried your xAuth authentication with spaces and other possible odd characters yet in fields like the password? Taylor On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote: Hi Matt, Thanks for responding. My authorization header is still the same as it was in my first message above. Here it is for another request I just tried: OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276701304, oauth_consumer_key=x, oauth_token=- x, oauth_signature=xxx %3D, oauth_version=1.0 The post body is simply: status=my%20tweet When I create the request in objective c, it looks like this: (where authHeader is the authorization header noted above and postBody is the post body noted above): NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@Authorization]; [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; [request setValue:postBodyLength forHTTPHeaderField:@Content- Length]; [request setHTTPBody:[postBody dataUsingEncoding:NSUTF8StringEncoding]]; This type of formatting works just fine for my xAuth authentication. On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote: Hey Craig, Could you let us see what the authorization header you are sending looks like (obfuscating your oauth keys and secrets)? What you're aiming for is a header similar to this: POST /1/statuses/update.xml HTTP/1.1 Accept: */* Connection: close User-Agent: OAuth gem v0.4.0 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_consumer_key=\\, oauth_nonce=\\, oauth_signature=\\, oauth_signature_method=\HMAC-SHA1\, oauth_timestamp=\1276634179\, oauth_token=\xx\, oauth_version=\1.0\ Content-Length: 27 Host: api.twitter.com With your post body being the status you are sending. Similar to: status=something%20to%20say Matt On Jun 13, 8:32 pm, Craig chanson9...@gmail.com wrote: Ok, so I believe my signature is correct because if I take out the oauth_token parameter from the signature base I get an incorrect signature error instead of the invalid/used nonce error. I am definitely posting to the correct url: https://api.twitter.com/1/ statuses/update.xml because if I change it I get an invalid url response. The nonce I'm generating is unique for every request I'm sending. The timestamp is accurate to the number of seconds that have passed since unix epoch. Obviously the invalid/used nonce error is garbage. Here's the formatting of my URL request in obj c: // Create the request NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@Authorization]; [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; [request setValue:postBodyLength forHTTPHeaderField:@Content- Length]; [request setHTTPBody:[postBody dataUsingEncoding:NSUTF8StringEncoding]]; Any other ideas? I'm at a total loss as to why this might be happening. Thanks, Craig On Jun 13, 3:42 pm, Craig chanson9...@gmail.com wrote: No dice. I just tried creating a new app and using the new keys/token to tweet. I'll go over my steps once more and see if I can track down an issue somewhere... On Jun 11, 8:53 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: xAuth in this case, I think, is unrelated to the issue. If you can use a different key and use the my token feature to get your access token, then try to tweet using that token, it will sufficiently express the problem I think. Taylor On Jun 11, 2010, at 2:48 PM, Craig chanson9...@gmail.com wrote: Hello, I have an iphone app that is using xauth. I am able to
Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21
Quoting John Kalucki j...@twitter.com: I know you are just joking, but here's what's we're doing: We all have every world cup game in our corporate calendars and for many of us, our entire day, sleep included, is paced around the three world cup games. Deploys, maintenance, and everything else has been shifted around. And the games are obvious in the graphs, and we do a lot of graph-looking-at-and-talking-about-and-such. -John I hope you guys submitted a paper to the Computer Measurement Group (CMG) about this - if not, for their quarterly journal or for next year for sure! http://cmg.org/ On Wed, Jun 16, 2010 at 6:47 AM, Dean Collins d...@cognation.net wrote: Guess the twitter technical team aren't soccer fans and follow baseball? Cheers, Dean Collins http://www.LiveWorldCUpChat.com -Original Message- From: twitter-development-talk@googlegroups.com [mailto:twitter-development- t...@googlegroups.com] On Behalf Of BJ Weschke Sent: Wednesday, 16 June 2010 9:45 AM To: twitter-development-talk@googlegroups.com Cc: twitter-api-announce Subject: Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21 A planned maintenance from 9-10:30A EDT and during one of the World Cup games? Wow. I hope it's really important. Taylor Singletary wrote: Hi Developers, A little late notice, but just wanted to make sure you've all seen what was posted on the Twitter status blog a bit earlier: MAINTENANCE ACTION: - We'll be working with our network provider to perform some tests and maintenance. During this time you can expect a high rate of errors (whales) DATE/TIME WINDOW: - June 16th @ 6-7:30 AM PDT AFFECTED RESOURCES: --- Twitter.com and* Api.twitter.com http://Api.twitter.com* * * *Might be a bit bumpy this morning, but intentionally so.* * *Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce
My signature base string status pair looks like: status%3Dmy%2520tweet When I tried xAuth authentication with a * character in the password, it didn't work at first. But once I double url encoded it, I was able to authenticate no problem. So that definitely helps. I am now double url encoding the username and password values. However, the tweet still didn't work. I am double url encoding the status message in the signature base string and single url encoding it in the post body. Thanks, Craig On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Craig, Do you know if the status update, status=my%20tweet is being encoded correctly in your signature base string (which is the string used to create your signature). For the signature base string, the key/value pair would look like: status%3Dmy%2520tweet Have you tried your xAuth authentication with spaces and other possible odd characters yet in fields like the password? Taylor On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote: Hi Matt, Thanks for responding. My authorization header is still the same as it was in my first message above. Here it is for another request I just tried: OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276701304, oauth_consumer_key=x, oauth_token=- x, oauth_signature=xxx %3D, oauth_version=1.0 The post body is simply: status=my%20tweet When I create the request in objective c, it looks like this: (where authHeader is the authorization header noted above and postBody is the post body noted above): NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@Authorization]; [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; [request setValue:postBodyLength forHTTPHeaderField:@Content- Length]; [request setHTTPBody:[postBody dataUsingEncoding:NSUTF8StringEncoding]]; This type of formatting works just fine for my xAuth authentication. On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote: Hey Craig, Could you let us see what the authorization header you are sending looks like (obfuscating your oauth keys and secrets)? What you're aiming for is a header similar to this: POST /1/statuses/update.xml HTTP/1.1 Accept: */* Connection: close User-Agent: OAuth gem v0.4.0 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_consumer_key=\\, oauth_nonce=\\, oauth_signature=\\, oauth_signature_method=\HMAC-SHA1\, oauth_timestamp=\1276634179\, oauth_token=\xx\, oauth_version=\1.0\ Content-Length: 27 Host: api.twitter.com With your post body being the status you are sending. Similar to: status=something%20to%20say Matt On Jun 13, 8:32 pm, Craig chanson9...@gmail.com wrote: Ok, so I believe my signature is correct because if I take out the oauth_token parameter from the signature base I get an incorrect signature error instead of the invalid/used nonce error. I am definitely posting to the correct url: https://api.twitter.com/1/ statuses/update.xml because if I change it I get an invalid url response. The nonce I'm generating is unique for every request I'm sending. The timestamp is accurate to the number of seconds that have passed since unix epoch. Obviously the invalid/used nonce error is garbage. Here's the formatting of my URL request in obj c: // Create the request NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@Authorization]; [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; [request setValue:postBodyLength forHTTPHeaderField:@Content- Length]; [request setHTTPBody:[postBody dataUsingEncoding:NSUTF8StringEncoding]]; Any other ideas? I'm at a total loss as to why this might be happening. Thanks, Craig On Jun 13, 3:42 pm, Craig chanson9...@gmail.com wrote: No dice. I
[twitter-dev] xAuth - favorites/create - bug - 401 error
The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
[twitter-dev] Re: oAuth for server-side applications
Taylor, Thanks for the bootstrap info. Now, is there a soup-to-nuts CODING example somewhere?.
Re: [twitter-dev] Re: oAuth for server-side applications
Working with OAuth is really platform/language-dependent. While there are some similarities to approach and object model between OAuth libraries in various languages, each has their own quirks. And each HTTP interface library has its own quirks. That said, I have been working on a guide specifically with the conversion from basic auth in mind. The core of it all is still wrapped There's also some detailed examples of working with OAuth and Twitter here http://dev.twitter.com/pages/auth -- we also have compiled a good list of various OAuth libraries here: http://dev.twitter.com/pages/oauth_libraries What programming language are you using? Taylor On Wed, Jun 16, 2010 at 12:07 PM, Rob robert-h...@comcast.net wrote: Taylor, Thanks for the bootstrap info. Now, is there a soup-to-nuts CODING example somewhere?.
[twitter-dev] Basic auth removal is a disaster for web applications without xAuth
xAuth is not permitted for web clients - WHY? I have a very small user base, but at least 50% of those people use my web app because they can not access twitter.com Without xAuth they will be unable to access slandr.net, dabr.co.uk, hootsuite etc. These are people in countries where Twitter is blocked and people who have it blocked by their local network. Will they be able to use most desktop applications which connect direct to twitter.com? I doubt it. Does anybody have any idea how many people are going to be cut off from twitter after 30 June?
[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce
By the way, even when I try to tweet with just one word like: tweet, it doesn't work. Just simple ascii characters. Is there any way you can just intercept one of my test tweets and look at what, if anything might be going wrong on the server side? -Craig On Jun 16, 3:05 pm, Craig chanson9...@gmail.com wrote: My signature base string status pair looks like: status%3Dmy%2520tweet When I tried xAuth authentication with a * character in the password, it didn't work at first. But once I double url encoded it, I was able to authenticate no problem. So that definitely helps. I am now double url encoding the username and password values. However, the tweet still didn't work. I am double url encoding the status message in the signature base string and single url encoding it in the post body. Thanks, Craig On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Craig, Do you know if the status update, status=my%20tweet is being encoded correctly in your signature base string (which is the string used to create your signature). For the signature base string, the key/value pair would look like: status%3Dmy%2520tweet Have you tried your xAuth authentication with spaces and other possible odd characters yet in fields like the password? Taylor On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote: Hi Matt, Thanks for responding. My authorization header is still the same as it was in my first message above. Here it is for another request I just tried: OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276701304, oauth_consumer_key=x, oauth_token=- x, oauth_signature=xxx %3D, oauth_version=1.0 The post body is simply: status=my%20tweet When I create the request in objective c, it looks like this: (where authHeader is the authorization header noted above and postBody is the post body noted above): NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@Authorization]; [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; [request setValue:postBodyLength forHTTPHeaderField:@Content- Length]; [request setHTTPBody:[postBody dataUsingEncoding:NSUTF8StringEncoding]]; This type of formatting works just fine for my xAuth authentication. On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote: Hey Craig, Could you let us see what the authorization header you are sending looks like (obfuscating your oauth keys and secrets)? What you're aiming for is a header similar to this: POST /1/statuses/update.xml HTTP/1.1 Accept: */* Connection: close User-Agent: OAuth gem v0.4.0 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_consumer_key=\\, oauth_nonce=\\, oauth_signature=\\, oauth_signature_method=\HMAC-SHA1\, oauth_timestamp=\1276634179\, oauth_token=\xx\, oauth_version=\1.0\ Content-Length: 27 Host: api.twitter.com With your post body being the status you are sending. Similar to: status=something%20to%20say Matt On Jun 13, 8:32 pm, Craig chanson9...@gmail.com wrote: Ok, so I believe my signature is correct because if I take out the oauth_token parameter from the signature base I get an incorrect signature error instead of the invalid/used nonce error. I am definitely posting to the correct url: https://api.twitter.com/1/ statuses/update.xml because if I change it I get an invalid url response. The nonce I'm generating is unique for every request I'm sending. The timestamp is accurate to the number of seconds that have passed since unix epoch. Obviously the invalid/used nonce error is garbage. Here's the formatting of my URL request in obj c: // Create the request NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@Authorization]; [request
[twitter-dev] Re: xAuth - favorites/create - bug - 401 error
Hi Taylor, Thanks for the prompt reply consumer key = vfM8qYNAEBfZsofKDNX65Q consumer secret = fwBTEa4GRCPkszO26ma5mFLi1aInV82JTxJWbuL26g token key = 13073932-seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyA token secret = Y0cXVWuoymSiVRRhFMpCoHqQuJ2BxNSjRqotpRZx0 thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.comwrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error
Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error
favorites/create should be a POST. Try: $response = $connection-post( 'favorites/create', array ('id' = $status_id ) ); Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Wed, Jun 16, 2010 at 12:57, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
[twitter-dev] Re: 413 Request Entity Too Large for Direct Message
Bump - any idea on this? I'm trying to switch my app to OAuth before the big switch at the end of June. Thanks, Greg On Jun 13, 10:32 pm, El Greg greglaval...@gmail.com wrote: Hi there - I'm trying to get set up with the new OAuth API for a little app that I'm hosting on site5. When make a signed POST request from the app on my home machine, it works just fine. When I have the application do it on my host, the response to my curl request is a 413 Requet Entity Too large and looks like this (hope it comes out): !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title413 Request Entity Too Large/title /headbody h1Request Entity Too Large/h1 The requested resourcebr //direct_messages/new.jsonbr / does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit. pAdditionally, a 413 Request Entity Too Large error was encountered while trying to use an ErrorDocument to handle the request./p /body/html I'm not sure if I want to post the entire signed request and its parameters for security reasons. I can't understand why it would work locally and not up on the server... Is it possible that my web host is attaching some junk to the request that twitter is rejecting?
[twitter-dev] Re: oAuth for server-side applications
I'm working (more or less) in Java. I'm planning to start picking through the Scribe library to see the flow. The flow (http://dev.twitter.com/images/dev/oauth_diagram.png) makes sense. What I'm having difficulty with is mapping the pieces of that diagram to the single token solution. What steps from the diagram (and in what sequence) apply to the STS? Also, in the case of server-side accesses, what is the mapping of Twitter application registrations to Twitter IDs? One app's registration can access multiple Twitter IDs (concurrently) or is it one app/reg per TwID?
Re: [twitter-dev] Re: oAuth for server-side applications
Scribe is an excellent choice. The author is very responsive to issues as well. So, the one access token flow is essentially starting OAuth from the point of having completed the Exchange Request Token for an Access Token flow -- now you have an oauth_token and oauth_token_secret that comprise your access token and with it, you can make all the authenticated REST API calls you know and love, signing the request with these credentials. With a single access token use case, you don't implement any of the request_token, authorize, or get access_token steps. As for multiple accounts -- that's really all up to you. To associate more accounts with the same application, you'll need to build out more of the OAuth flow -- the my access token feature we offer will only give you an access token for the user who owns the application. If you want to support more accounts, simply push them through the request_token - authorize - access_token flow, and you'll end up with more access tokens, which you'll store and associate with the specific user, shifting contexts as needed (or authorized) in your application. Hope this helps. Taylor On Wed, Jun 16, 2010 at 1:11 PM, Rob robert-h...@comcast.net wrote: I'm working (more or less) in Java. I'm planning to start picking through the Scribe library to see the flow. The flow (http://dev.twitter.com/images/dev/oauth_diagram.png) makes sense. What I'm having difficulty with is mapping the pieces of that diagram to the single token solution. What steps from the diagram (and in what sequence) apply to the STS? Also, in the case of server-side accesses, what is the mapping of Twitter application registrations to Twitter IDs? One app's registration can access multiple Twitter IDs (concurrently) or is it one app/reg per TwID?
Re: [twitter-dev] Re: 413 Request Entity Too Large for Direct Message
Hi Greg, Do you have any kind of HTTP proxy active in your other location? It's definitely possible that they are messing with HTTP headers or proxying the request in some way. Though unrelated, you'll want to make sure that the time on your server is within a reasonable amount of drift from our server time (which is included in a HTTP header of every request). Is just this particular POST request failing in your site5 server, or all POST requests? Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Wed, Jun 16, 2010 at 1:08 PM, El Greg greglaval...@gmail.com wrote: Bump - any idea on this? I'm trying to switch my app to OAuth before the big switch at the end of June. Thanks, Greg On Jun 13, 10:32 pm, El Greg greglaval...@gmail.com wrote: Hi there - I'm trying to get set up with the new OAuth API for a little app that I'm hosting on site5. When make a signed POST request from the app on my home machine, it works just fine. When I have the application do it on my host, the response to my curl request is a 413 Requet Entity Too large and looks like this (hope it comes out): !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title413 Request Entity Too Large/title /headbody h1Request Entity Too Large/h1 The requested resourcebr //direct_messages/new.jsonbr / does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit. pAdditionally, a 413 Request Entity Too Large error was encountered while trying to use an ErrorDocument to handle the request./p /body/html I'm not sure if I want to post the entire signed request and its parameters for security reasons. I can't understand why it would work locally and not up on the server... Is it possible that my web host is attaching some junk to the request that twitter is rejecting?
[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce
I am in read/write mode. I tried posting to two different twitter accounts without luck...my dev account, where I know what the access secret and token is supposed to be and another one I just created. I know my access token and secret are being stored correctly and I believe they are being used correctly in the auth header and the signature base string. Other thoughts? It would be nice to get an error returned that was a little more indicative of what the problem might be. Invalid/used nonce isn't really cutting it right now. Thanks, Craig On Jun 16, 3:52 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Our setup is such that I can't easily trace a single request. Connecting some dots: if you have time, can you try to use a different access token with your keys and see if it has the ability to tweet? Can you go to your application settings and verify that your application is in read/write mode on dev.twitter.com? Finally, this might be a case of something funky with your client application -- which might be resolved by creating a new one. But let's rule out some other possibilities first. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 12:39 PM, Craig chanson9...@gmail.com wrote: By the way, even when I try to tweet with just one word like: tweet, it doesn't work. Just simple ascii characters. Is there any way you can just intercept one of my test tweets and look at what, if anything might be going wrong on the server side? -Craig On Jun 16, 3:05 pm, Craig chanson9...@gmail.com wrote: My signature base string status pair looks like: status%3Dmy%2520tweet When I tried xAuth authentication with a * character in the password, it didn't work at first. But once I double url encoded it, I was able to authenticate no problem. So that definitely helps. I am now double url encoding the username and password values. However, the tweet still didn't work. I am double url encoding the status message in the signature base string and single url encoding it in the post body. Thanks, Craig On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Craig, Do you know if the status update, status=my%20tweet is being encoded correctly in your signature base string (which is the string used to create your signature). For the signature base string, the key/value pair would look like: status%3Dmy%2520tweet Have you tried your xAuth authentication with spaces and other possible odd characters yet in fields like the password? Taylor On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote: Hi Matt, Thanks for responding. My authorization header is still the same as it was in my first message above. Here it is for another request I just tried: OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276701304, oauth_consumer_key=x, oauth_token=- x, oauth_signature=xxx %3D, oauth_version=1.0 The post body is simply: status=my%20tweet When I create the request in objective c, it looks like this: (where authHeader is the authorization header noted above and postBody is the post body noted above): NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@Authorization]; [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; [request setValue:postBodyLength forHTTPHeaderField:@Content- Length]; [request setHTTPBody:[postBody dataUsingEncoding:NSUTF8StringEncoding]]; This type of formatting works just fine for my xAuth authentication. On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote: Hey Craig, Could you let us see what the authorization header you are sending looks like (obfuscating your oauth keys and secrets)? What you're aiming for is a header similar to this: POST /1/statuses/update.xml HTTP/1.1 Accept: */* Connection: close User-Agent: OAuth gem v0.4.0 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_consumer_key=\\, oauth_nonce=\\, oauth_signature=\\, oauth_signature_method=\HMAC-SHA1\, oauth_timestamp=\1276634179\,
Re: [twitter-dev] Re: oauth status update returning error 401 invalid / used nonce
I agree that it's the wrong error. We have a new, better implementation of OAuth waiting in the wings that's going to be much more helpful in this regard. I'm still trying to rule out some possibilities. Can you try and create a new application, then grab the access token from the my access token feature, and try to post? It'll just help rule something out. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Wed, Jun 16, 2010 at 1:55 PM, Craig chanson9...@gmail.com wrote: I am in read/write mode. I tried posting to two different twitter accounts without luck...my dev account, where I know what the access secret and token is supposed to be and another one I just created. I know my access token and secret are being stored correctly and I believe they are being used correctly in the auth header and the signature base string. Other thoughts? It would be nice to get an error returned that was a little more indicative of what the problem might be. Invalid/used nonce isn't really cutting it right now. Thanks, Craig On Jun 16, 3:52 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Our setup is such that I can't easily trace a single request. Connecting some dots: if you have time, can you try to use a different access token with your keys and see if it has the ability to tweet? Can you go to your application settings and verify that your application is in read/write mode on dev.twitter.com? Finally, this might be a case of something funky with your client application -- which might be resolved by creating a new one. But let's rule out some other possibilities first. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 12:39 PM, Craig chanson9...@gmail.com wrote: By the way, even when I try to tweet with just one word like: tweet, it doesn't work. Just simple ascii characters. Is there any way you can just intercept one of my test tweets and look at what, if anything might be going wrong on the server side? -Craig On Jun 16, 3:05 pm, Craig chanson9...@gmail.com wrote: My signature base string status pair looks like: status%3Dmy%2520tweet When I tried xAuth authentication with a * character in the password, it didn't work at first. But once I double url encoded it, I was able to authenticate no problem. So that definitely helps. I am now double url encoding the username and password values. However, the tweet still didn't work. I am double url encoding the status message in the signature base string and single url encoding it in the post body. Thanks, Craig On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Craig, Do you know if the status update, status=my%20tweet is being encoded correctly in your signature base string (which is the string used to create your signature). For the signature base string, the key/value pair would look like: status%3Dmy%2520tweet Have you tried your xAuth authentication with spaces and other possible odd characters yet in fields like the password? Taylor On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote: Hi Matt, Thanks for responding. My authorization header is still the same as it was in my first message above. Here it is for another request I just tried: OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276701304, oauth_consumer_key=x, oauth_token=- x, oauth_signature=xxx %3D, oauth_version=1.0 The post body is simply: status=my%20tweet When I create the request in objective c, it looks like this: (where authHeader is the authorization header noted above and postBody is the post body noted above): NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@ Authorization]; [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; [request setValue:postBodyLength forHTTPHeaderField:@Content- Length]; [request setHTTPBody:[postBody dataUsingEncoding:NSUTF8StringEncoding]]; This type of formatting works just fine for my xAuth authentication. On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote: Hey Craig, Could you let us
[twitter-dev] Re: xAuth - favorites/create - bug - 401 error
If I do a HTTP POST - i got error message saying that This method requires a GET. On Jun 16, 1:00 pm, Abraham Williams 4bra...@gmail.com wrote: favorites/create should be a POST. Try: $response = $connection-post( 'favorites/create', array ('id' = $status_id ) ); Abraham - Abraham Williams | Hacker Advocate |http://abrah.am @abraham |http://projects.abrah.am|http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Wed, Jun 16, 2010 at 12:57, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
[twitter-dev] Re: xAuth - favorites/create - bug - 401 error
The signature base string is the following zZyk1NxKlpXZEapSszao6PCIAQM= $signature = $this-build_signature($signature_method, $consumer, $token); thanks -chiu On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
[twitter-dev] Re: xAuth - favorites/create - bug - 401 error
Request = /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=6c2b0e1a7af3dd0b60680c8860e63454oauth_signature=zZyk1NxKlpXZEapSszao6PCIAQM %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276724507oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 signature base string = zZyk1NxKlpXZEapSszao6PCIAQM= $signature = $this-build_signature($signature_method, $consumer, $token); thanks -chiu On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error
Let us continue this on the issue tracker so we don't spam the list as much: http://github.com/abraham/twitteroauth/issues#issue/33 Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Wed, Jun 16, 2010 at 14:42, chiu ming luk lukchium...@gmail.com wrote: The signature base string is the following zZyk1NxKlpXZEapSszao6PCIAQM= $signature = $this-build_signature($signature_method, $consumer, $token); thanks -chiu On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.com wrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added
[twitter-dev] Changing Application Ownership
About 6 months ago I built an application via the Twitter API for my company using my personal twitter account. I am now leaving the company, and would like to transfer ownership of the application to a co-worker that is staying. How do I do this?
Re: [twitter-dev] Granularity for geo/search is strange/unknown
That query will search for java java places of type neighborhood or higher granularity (including city, admin, and country). If you want POI (or higher), set granularity to poi. We do return results that are far away. This may be controllable in the future. The autocomplete parameter is flag that's a hint that search is being used for autocompletion. It will favor results with matching prefixes. An admin place is an administrative area, such as a state or province. David Twitter Geo Team On Wed, Jun 16, 2010 at 7:54 AM, MeltingIce meltingice8...@gmail.com wrote: Hey everyone, I am trying to search for locations using the new geo/search API call, but the granularity of the locations returned is nearby cities at best even though the granularity is set to neighborhood. I would like to pass in simply a lat/long, but even when I pass in a search query as well, I either get extremely broad results or no results at all. Heres an example that I've been trying which is returning cities as far away as Virginia although the lat/long is really in Charleston, SC. http://api.twitter.com/1/geo/search.json?query=java+javaaccuracy=761.9884176autocomplete=falselong=-80.1489lat=32.6058granularity=neighborhood The autocomplete param is undocumented, although switching it from false to true doesn't seem to have an effect anyways. Is there something I'm missing here? Thanks in advance for the help!
Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error
The URL to create a favorite using the API is a POST to: /1/favorites/create/id.format So in your case it would be: /1/favorites/create/16170711730.json Give that a try and let us know how it goes. I know the docs on dev.twitter.com are incorrect for this so i'll be updating them soon. On Wed, Jun 16, 2010 at 2:46 PM, chiu ming luk lukchium...@gmail.comwrote: Request = /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=6c2b0e1a7af3dd0b60680c8860e63454oauth_signature=zZyk1NxKlpXZEapSszao6PCIAQM %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276724507oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 signature base string = zZyk1NxKlpXZEapSszao6PCIAQM= $signature = $this-build_signature($signature_method, $consumer, $token); thanks -chiu On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.com wrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
Re: [twitter-dev] Changing Application Ownership
Hi, Just send an email to a...@twitter.com from the email address associated with the account that currently owns the application, and include the target account and email address owning the account that you want to take ownership of the account. It'll get taken care of from there. Your company may want a Twitter account of its own to associate directly with the application so that ownership doesn't have to be transferred again. Thanks, Taylor On Wed, Jun 16, 2010 at 2:45 PM, adambbraly adambbr...@gmail.com wrote: About 6 months ago I built an application via the Twitter API for my company using my personal twitter account. I am now leaving the company, and would like to transfer ownership of the application to a co-worker that is staying. How do I do this?
[twitter-dev] Re: xAuth - favorites/create - bug - 401 error
Yes, you are right, abraham mention that the following will fix the problem $response = $connection-post('favorites/create/' . $status_id); -chiu On Jun 16, 2:51 pm, Matt Harris thematthar...@twitter.com wrote: The URL to create a favorite using the API is a POST to: /1/favorites/create/id.format So in your case it would be: /1/favorites/create/16170711730.json Give that a try and let us know how it goes. I know the docs on dev.twitter.com are incorrect for this so i'll be updating them soon. On Wed, Jun 16, 2010 at 2:46 PM, chiu ming luk lukchium...@gmail.comwrote: Request = /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=6c2b0e1a7af3dd0b60680c8860e63454oauth_signature=zZyk1NxKlpXZEapSszao6PCIAQM %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276724507oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 signature base string = zZyk1NxKlpXZEapSszao6PCIAQM= $signature = $this-build_signature($signature_method, $consumer, $token); thanks -chiu On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Chiu, You're going to want to reset your keys on your application settings on dev.twitter.com -- we will really recommend not posting your consumer secrets to the group -- but easy to rectify if you go and change your keys. Your signature base string is actually a bit different than your keys. In many OAuth libraries, they are difficult to access while other libraries will make it easy. If you trace your code execution path through the OAuth library you are using, you will find the step where your signature base string is created -- that particular string holds most of the things that can go wrong in an OAuth request. Taylor On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.com wrote: Hi Taylor, Thanks for the prompt reply thanks -chiu On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Can you share your signature base string that was used to create this request? I also highly recommending using HTTP Header-based OAuth instead of query-string based OAuth. It separates concerns and makes debugging much simpler. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com wrote: The xAuth - favorites/create - is broken I make calls to - favorites/create with an ID parameter using xAuth $response = $connection-get ( 'favorites/create', array ('id' = $status_id ) ); but I always getting 401 Not authorized Error === /1/favorites/create.json? id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1276713005oauth_token=13073932- seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0 === On the other hand, The exact same request using Basic Authentication, It will work fine. I either getting - You have already favorited this status. - Favorites added -- Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris
[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce
Just tried it. Same error. So at least that rules something out... -Craig On Jun 16, 5:19 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: I agree that it's the wrong error. We have a new, better implementation of OAuth waiting in the wings that's going to be much more helpful in this regard. I'm still trying to rule out some possibilities. Can you try and create a new application, then grab the access token from the my access token feature, and try to post? It'll just help rule something out. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 1:55 PM, Craig chanson9...@gmail.com wrote: I am in read/write mode. I tried posting to two different twitter accounts without luck...my dev account, where I know what the access secret and token is supposed to be and another one I just created. I know my access token and secret are being stored correctly and I believe they are being used correctly in the auth header and the signature base string. Other thoughts? It would be nice to get an error returned that was a little more indicative of what the problem might be. Invalid/used nonce isn't really cutting it right now. Thanks, Craig On Jun 16, 3:52 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Our setup is such that I can't easily trace a single request. Connecting some dots: if you have time, can you try to use a different access token with your keys and see if it has the ability to tweet? Can you go to your application settings and verify that your application is in read/write mode on dev.twitter.com? Finally, this might be a case of something funky with your client application -- which might be resolved by creating a new one. But let's rule out some other possibilities first. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 12:39 PM, Craig chanson9...@gmail.com wrote: By the way, even when I try to tweet with just one word like: tweet, it doesn't work. Just simple ascii characters. Is there any way you can just intercept one of my test tweets and look at what, if anything might be going wrong on the server side? -Craig On Jun 16, 3:05 pm, Craig chanson9...@gmail.com wrote: My signature base string status pair looks like: status%3Dmy%2520tweet When I tried xAuth authentication with a * character in the password, it didn't work at first. But once I double url encoded it, I was able to authenticate no problem. So that definitely helps. I am now double url encoding the username and password values. However, the tweet still didn't work. I am double url encoding the status message in the signature base string and single url encoding it in the post body. Thanks, Craig On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Craig, Do you know if the status update, status=my%20tweet is being encoded correctly in your signature base string (which is the string used to create your signature). For the signature base string, the key/value pair would look like: status%3Dmy%2520tweet Have you tried your xAuth authentication with spaces and other possible odd characters yet in fields like the password? Taylor On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote: Hi Matt, Thanks for responding. My authorization header is still the same as it was in my first message above. Here it is for another request I just tried: OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276701304, oauth_consumer_key=x, oauth_token=- x, oauth_signature=xxx %3D, oauth_version=1.0 The post body is simply: status=my%20tweet When I create the request in objective c, it looks like this: (where authHeader is the authorization header noted above and postBody is the post body noted above): NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString] cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:30.0]; [request setHTTPMethod:@POST]; [request addValue:authHeader forHTTPHeaderField:@ Authorization]; [request setValue:@application/x-www-form-urlencoded forHTTPHeaderField:@Content-Type]; [request setValue:postBodyLength forHTTPHeaderField:@Content- Length]; [request setHTTPBody:[postBody
Re: [twitter-dev] Re: oauth status update returning error 401 invalid / used nonce
Can you follow up with me off the list and I'll help you out tomorrow? We'll need to compare signatures and work with me knowing your application secrets. There's something subtle going on. Taylor On Wed, Jun 16, 2010 at 3:22 PM, Craig chanson9...@gmail.com wrote: Just tried it. Same error. So at least that rules something out... -Craig On Jun 16, 5:19 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: I agree that it's the wrong error. We have a new, better implementation of OAuth waiting in the wings that's going to be much more helpful in this regard. I'm still trying to rule out some possibilities. Can you try and create a new application, then grab the access token from the my access token feature, and try to post? It'll just help rule something out. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 1:55 PM, Craig chanson9...@gmail.com wrote: I am in read/write mode. I tried posting to two different twitter accounts without luck...my dev account, where I know what the access secret and token is supposed to be and another one I just created. I know my access token and secret are being stored correctly and I believe they are being used correctly in the auth header and the signature base string. Other thoughts? It would be nice to get an error returned that was a little more indicative of what the problem might be. Invalid/used nonce isn't really cutting it right now. Thanks, Craig On Jun 16, 3:52 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Our setup is such that I can't easily trace a single request. Connecting some dots: if you have time, can you try to use a different access token with your keys and see if it has the ability to tweet? Can you go to your application settings and verify that your application is in read/write mode on dev.twitter.com? Finally, this might be a case of something funky with your client application -- which might be resolved by creating a new one. But let's rule out some other possibilities first. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Wed, Jun 16, 2010 at 12:39 PM, Craig chanson9...@gmail.com wrote: By the way, even when I try to tweet with just one word like: tweet, it doesn't work. Just simple ascii characters. Is there any way you can just intercept one of my test tweets and look at what, if anything might be going wrong on the server side? -Craig On Jun 16, 3:05 pm, Craig chanson9...@gmail.com wrote: My signature base string status pair looks like: status%3Dmy%2520tweet When I tried xAuth authentication with a * character in the password, it didn't work at first. But once I double url encoded it, I was able to authenticate no problem. So that definitely helps. I am now double url encoding the username and password values. However, the tweet still didn't work. I am double url encoding the status message in the signature base string and single url encoding it in the post body. Thanks, Craig On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Craig, Do you know if the status update, status=my%20tweet is being encoded correctly in your signature base string (which is the string used to create your signature). For the signature base string, the key/value pair would look like: status%3Dmy%2520tweet Have you tried your xAuth authentication with spaces and other possible odd characters yet in fields like the password? Taylor On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote: Hi Matt, Thanks for responding. My authorization header is still the same as it was in my first message above. Here it is for another request I just tried: OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC- SHA1, oauth_timestamp=1276701304, oauth_consumer_key=x, oauth_token=- x, oauth_signature=xxx %3D, oauth_version=1.0 The post body is simply: status=my%20tweet When I create the request in objective c, it looks like this: (where authHeader is the authorization header noted above and postBody is the post body noted above): NSString* requestString= [NSString stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL]; NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:requestString]
[twitter-dev] Places database - how to get listed?
Suppose a merchant - let's say a coffee shop - is listed in Google and Yahoo's database. Are they *automatically* in Twitter's place database? If not, how do they get listed? Does it cost anything? As an aside, I know of a restaurant in Portland that's in the Google database with the correct address, but they showed up in Google Maps a couple of weeks ago a mile or so east of where they actually are. ;-)
Re: [twitter-dev] jQuery get getting empty value
On Wed, Jun 16, 2010 at 7:02 PM, Peter Denton petermden...@gmail.com wrote: Hello, Please accept this question as a sanity check for myself. Im using jQuery - (google cache of latest version). getting empty/null for the following, when I should be getting json back. Thanks // gets empty response $.ajax({ type: GET, url: http://api.twitter.com/1/statuses/followers/aplusk.json;, cache: false, success: function(data) { alert(data); } }); // gets null response $.getJSON('http://api.twitter.com/1/statuses/followers/aplusk.json', function(data) { alert(data); }); If you just do a GET/wget/curl (pick your favorite) to http://api.twitter.com/1/statuses/followers/aplusk.json from the machine you are running that code in a browser from (or even hit the API from the browser) do you get a response back? Could it be returning an 4xx or 5xx error and you aren't seeing that since there is no error: callback? I just did a GET from one of my workstations and got a JSON response. -steve
Re: [twitter-dev] jQuery get getting empty value
if I do a curl, I get the response as expected. Its only from jQuery that I get null. On Wed, Jun 16, 2010 at 4:21 PM, Steve Brunton brun...@dudeman.com wrote: On Wed, Jun 16, 2010 at 7:02 PM, Peter Denton petermden...@gmail.com wrote: Hello, Please accept this question as a sanity check for myself. Im using jQuery - (google cache of latest version). getting empty/null for the following, when I should be getting json back. Thanks // gets empty response $.ajax({ type: GET, url: http://api.twitter.com/1/statuses/followers/aplusk.json;, cache: false, success: function(data) { alert(data); } }); // gets null response $.getJSON('http://api.twitter.com/1/statuses/followers/aplusk.json', function(data) { alert(data); }); If you just do a GET/wget/curl (pick your favorite) to http://api.twitter.com/1/statuses/followers/aplusk.json from the machine you are running that code in a browser from (or even hit the API from the browser) do you get a response back? Could it be returning an 4xx or 5xx error and you aren't seeing that since there is no error: callback? I just did a GET from one of my workstations and got a JSON response. -steve -- Peter Denton Co-Founder, Product Marketing www.mombo.com cell: (206) 427-3866 twitter @Mombo_movies twitter - personal: @petermdenton
Re: [twitter-dev] Places database - how to get listed?
On Wed, 16 Jun 2010 16:11:34 -0700 M. Edward (Ed) Borasky zn...@borasky-research.net wrote: Suppose a merchant - let's say a coffee shop - is listed in Google and Yahoo's database. Are they *automatically* in Twitter's place database? If not, how do they get listed? Does it cost anything? As an aside, I know of a restaurant in Portland that's in the Google database with the correct address, but they showed up in Google Maps a couple of weeks ago a mile or so east of where they actually are. ;-) I know of a restaurant that is listed in Google Maps, has been in the same location for more than 5 years. The satellite image, with a copyright of 2010, still doesn't show the building. -- Bernd Stramm bernd.str...@gmail.com
[twitter-dev] Twitter4J Bounding Boxes?
Hey guys, I've started a streamer via Twitter4J and I'm consuming tweets with certain keywords currently. I'd like to only get tweets within a certain location e.g within a certain country. I understand bounding boxes will do this? But I don't know how I'd implement them within twitter4J. Does anyone know? Thanks!
Re: [twitter-dev] Places database - how to get listed?
Quoting Bernd Stramm bernd.str...@gmail.com: On Wed, 16 Jun 2010 16:11:34 -0700 M. Edward (Ed) Borasky zn...@borasky-research.net wrote: Suppose a merchant - let's say a coffee shop - is listed in Google and Yahoo's database. Are they *automatically* in Twitter's place database? If not, how do they get listed? Does it cost anything? As an aside, I know of a restaurant in Portland that's in the Google database with the correct address, but they showed up in Google Maps a couple of weeks ago a mile or so east of where they actually are. ;-) I know of a restaurant that is listed in Google Maps, has been in the same location for more than 5 years. The satellite image, with a copyright of 2010, still doesn't show the building. Yes - I've eaten there - a lot of NSA folks from Fort Meade have lunch there. ;-)
[twitter-dev] track with CJK (non-English) Does it work?
I am trying to track several Korean words that I put in a file called tracking and it does not work. It works with English. But, not Korean words. Is track working with cjk (foreign langauge)? curl -d @tracking http://stream.twitter.com/1/statuses/filter.json
[twitter-dev] Re: Using OAuth with a one-user application
You can build a single oauth token and secret for that single account and store it. It won't expire unless the @nice_group_of_people twitter account removes access to your app (which I doubt you would do). So essentially, generate the oauth token/secret, store it in a DB and using whatever authentication method you have in front of it to prevent unauthorized access by anyone that shouldn't use it, you should be good to go. On Jun 14, 10:09 pm, Felipe Sodré Silva fso...@gmail.com wrote: Hi everyone. I'm brand new to OAuth and have read some documents on how it works, but there's something that is still not clear to me. Let's say I want to build an application in which I want to allow a group of people to send updates through a unique twitter account (@nice_group_of_people, for example). If I use OAuth for this, do I need to get a new Access Token for every update my application sends on behalf of @nice_group_of_people, or can I just do it once and store the Access Token forever? Does the Access Token expires somehow? Best Regards, Felipe
[twitter-dev] Is oauth_callback param disabled?
I'm having trouble getting a request_token while using oauth_callback param. Without it the request_token is send , but when I include it the HTTP request i get the classical Failed to validate oauth signature and token error. I've tried both the POST( Header - Authorization: OAuth ... ) and the GET( simple query) approaches whitout success. Reading this http://dev.twitter.com/pages/auth tutorial I observed that the callback url ,from the signature base , is two times URL encoded ( is this normal?) Proof: POSThttps%3A%2F%2Fapi.twitter.com%2Foauth %2Frequest_tokenoauth_callback%3Dhttp%253A%252F%252Flocalhost %253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id %253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce %3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0 URL decoded becomes this: POSThttps://api.twitter.com/oauth/request_tokenoauth_callback=http%3A %2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback %3Fservice_provider_id %3D11oauth_consumer_key=GDdmIQH6jhtmLUypg82goauth_nonce=QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqkoauth_signature_method=HMAC- SHA1oauth_timestamp=1272323042oauth_version=1.0
[twitter-dev] Need help with PayPal security requirements
I'm trying to get approval from PayPal to use their Preapproval API, and to do so my application must meet several requirements. I won't post the entire list here, because it isn't applicable to Twitter, however since users log in to my application via Twitter OAuth several of them are applicable: A1. User passwords must conform to industry best practices for content Generally, the length should be at least 6 characters, and contain at least one alpha and one numeric. Candidate passwords which meet the static syntactical requirements should also be passed across a dictionary of common passwords, and rules – no passwords of “blink182”, or passwords which are the same as the user-ID, for example. A6. A control must be implemented that prevents the brute force attack of login credentials. A common attack against web sites is to attempt to login in with a variety of different commonly used passwords for a given login id. There must be some method used to ensure that one is unable to perform this sort of attack. A common solution is to lock login attempts on an account for some period of time. In order to ensure that these mechanisms do not generate a means of denial of service attacks against accounts, these lockouts should cancel after a period of time (a few hours is typical). A7. A control must be implemented that prevents brute force guessing of passwords, especially if the attack is originating from a botnet. Typically, this will require collecting metadata about logons, logging them into a central log store, and then performing real-time analytics against that data. If a brute force attack is detected, a strong CAPTCHA (resistant against machine/scripted attacks) would be switched on. There are other implementation techniques, but this is the least invasive from a user experience perspective. Note – this is conceptually and functionally different from A6. B1. Login credentials must only be collected on pages that implement https with Extended Validation (EV) certificates. In order to allow customers to verify that they are truly connected to the partner site and to encourage general good practices, login credentials must be collected on pages that are https enabled, and using Extended Validation (EV) certificates. So, my questions are: 1. Would you guys be willing to add to your API to allow enforcing tighter password requirements as needed? 2. Will you upgrade your SSL certificate on api.twitter.com to one with Extended Validation? It seems like this would be relatively easy and inexpensive to do, and beneficial to all. 3. How does https://api.twitter.com/oauth/authenticate respond to brute-force attacks on login credentials? Thanks! Jonathon Hill @compwright @rainmakerapp