Re: [twitter-dev] What can be done with twitter data?

[kuhkatz]

Am 15.06.2010 21:36, schrieb ckell...@gmail.com:

What can be done with the twitter api? What can be done with data? What kind of 
output is useful to the general public? So far I have found twitter to be a 
public version of text messages. I have ideas for twitter such as twitter 
dating and twitter chatrooms is this something that the twitter api could be 
used for to develop such a program?

-Chris
ckel...@aol.com
Sent on the Sprint® Now Network from my BlackBerry®


dating... i dont know.
i also dont know if i want my dating approaches to be visible for anyone 
and indexed by google, etc.


chat... maybe?
if you setup one account per chatchannel / room, people can DM that 
account, and a bot would DM anyone who is registered for that room.

it is possible, i suppose.

if its not via DM chatting people would spam other peoples timelines, 
at least i would see it that way.

Re: [twitter-dev] Rate limits, bad gateway, etc.

[Matt Harris]

Hi Bhushan,

You can find specific information about rate limiting on our dev site [1].
The main reason for seeing a rate-limit is that you, or your IP, have made
too many requests over the measured time.

One of many reasons for this happening is if you are using shared hosting.
It could be that somebody else with your IP is also making requests from
Twitter.

One way of approaching this is to use authenticated calls. This way your
application is identifiable over any other request on the same IP.

Hope that helps explain what could be happening.

Matt

1. http://dev.twitter.com/pages/rate-limiting

On Wed, Jun 16, 2010 at 12:23 AM, Bhushan Garud garud.bhus...@gmail.comwrote:

 Hi Taylor,

 I am using [Tweetr APIs] for my application. I want to get user's public
 feeds. However, i am facing a GET request rate limit problem. I am wondering
 even if i make one or two request, it is giving me 400 error [rate-limit
 reached]. If you can explain me the reason or any workaround for this
 problem, it will be great

 Thanks  regards,
 Bhushan

 On Wed, Jun 9, 2010 at 12:41 AM, Taylor Singletary 
 taylorsinglet...@twitter.com wrote:

 Hi Ed,

 I think you're doing the best that you can do to be fault tolerant in this
 case. We generally recommend exponential back-off in the face of continued
 error.. perhaps waiting 5 seconds before retrying after the first failed
 request, then widening to a longer duration, and so on with each subsequent
 error. It is recommended that you implement this kind of behavior, as in
 times of high error rates, those applications that are ignoring error codes
 and retrying the same requests most aggressively are candidates for
 temporary blacklisting (to relieve the unproductive stress on the system as
 it recovers from error states).

 Your normal operation behavior also seems to be the correct one to
 utilize. Though if you want to implement additional waiting time, that's up
 to you. Dynamically handling rate limiting is a good idea, as one shouldn't
 really expect the rate limiting to a constant function/rate (though they
 generally are today).

 Taylor Singletary
 Developer Advocate, Twitter
 http://twitter.com/episod



 On Tue, Jun 8, 2010 at 11:36 AM, M. Edward (Ed) Borasky 
 zn...@borasky-research.net wrote:

 I have a Perl script that downloads historical tweets using the
 user_timeline REST API call. I'm running into 503 - Bad Gateway -
 Twitter / Over capacity errors when I run it. Questions:

 1. When I run into an error, I'm waiting 45 seconds before retrying.
 Should I wait longer? Is there a shorter recommended wait time after an
 Over capacity error? Do I need to wait at all?

 2. In normal operation, I'm using the returned rate limit header
 information to pace the request rate so that I never run out of calls. This
 can generate a call as soon as I've completed processing of the previous
 data. Should I insert a non-zero wait time here? I've tested explicit wait
 times as high as 20 seconds here and they don't seem to be reducing the
 incidence of Over capacity errors.






-- 


Matt Harris
Developer Advocate, Twitter
http://twitter.com/themattharris

[twitter-dev] Who retweeted?

[Ken]

Maybe not a dev question, but I keep wanting to click on retweeted by
you and one other to know who that was!

[twitter-dev] Re: Who retweeted?

[Ken]

To clarify, I know how to find out, I just expect that text to be
clickable.

Re: [twitter-dev] Trouble generating OAuth signature

[Matt Harris]

Hi Felipe,

Taking a quick look at your code you've got a few things which will be
causing you problems.

With your signature generation you're correct in using hash_hmac but you've
missed out the base64 encoding. It also looks like you won't be getting the
raw signature from your hash_hmac function. Looking at the docs for that
function you need to append 'true' to the end.

You also want to make sure your parameters are lexicographically ordered
before and after you generate the signature. In your case the sign part is
in order, but your authorization header is not.

You may have done this already but if not, take a look at the Authenticating
Requests page of dev.twitter.com [1] for an overview of the steps you need
to follow. There are also a couple of libraries which do the heavy lifting
for you when generating the signatures so they act as good references if you
want to create your own. We have a list of those on the dev site too [2]

1. http://dev.twitter.com/pages/auth#signing-requests
2. http://dev.twitter.com/pages/oauth_libraries#php

Hope that helps, you know where we are if you still have trouble getting it
all to work,
Matt

On Tue, Jun 15, 2010 at 5:58 PM, Felipe Sodré Silva fso...@gmail.comwrote:

 Hello all.

 I'm trying to write a simple application that sends an update Hello World
 on behalf of my own twitter account. Therefore, I got my access token and
 secret in my dev.twitter webpage and hardcoded it into the code (which I
 hided for making it public): http://pastebin.com/n6Ba5nrW

 However, I keep getting the following response:

 {request:/1/statuses/update.json,error:Incorrect signature}

 I'm doing the whole process by reading this guide:
 http://dev.twitter.com/pages/auth
 But I just cannot get it to work. What am I doing wrong during the
 signature assembly ?

 Thanks in advance!

 Felipe




-- 


Matt Harris
Developer Advocate, Twitter
http://twitter.com/themattharris

[twitter-dev] Re: Repeat Tweets

[themattharris]

Thanks for letting us know about these Andy. As Taylor was saying the
instabilities the other day are likely to have been the cause for
these getting through. It shouldn't happen now but anything that did
get through will still be there.

Matt

On Jun 15, 6:39 pm, Andy Matsubara andymatsub...@gmail.com wrote:
 Taylor,

 There's a sample of six consecutive 
 tweets.http://twitter.com/AppleWalker/status/16204554355http://twitter.com/AppleWalker/status/16204551280http://twitter.com/AppleWalker/status/16204548302http://twitter.com/AppleWalker/status/16204545368http://twitter.com/AppleWalker/status/16204542279http://twitter.com/AppleWalker/status/16204539134

 Andy Matsubara



 On Wed, Jun 16, 2010 at 4:21 AM, methnen meth...@gmail.com wrote:
  Can you provide some links to the repeated tweets? While things were at
  their worse last night, it was very easy for duplicate updates to get
  processed but that shouldn't be the case now.

  We manually deleted them and it now appears to have stopped.

  Are you sure that the client you were using isn't trying to re-post tweets
  on your behalf, thinking they haven't been posted yet?

  At first I thought it might be on our end.  As we use the API to make
  tweets via a custom script in our CMS.  However, the script records
  successful posts and then stops posting and the repeating tweet was
  recorded as a successful post and our system never sent it to Twitter
  again.

  Anyway it appears to have stopped so I guess all is good.  :)

[twitter-dev] Re: Links stripped from tweets

[Rudiger]

I should probably clarify that the urls aren't stripped, just the
anchor tags surrounding them. Anyone else have this problem?

On Jun 16, 10:24 am, Rudiger bpa...@rocketmail.com wrote:
 Hi there,
               I'm fetching the latest tweet from a list of users
 through /users/lookup in the REST API. I've noticed that all links
 (commonly tweet pics etc) are stripped from the xpath //users/user/
 status/text. Why does twitter strip links and is there a way to
 reinstate them.

 Thanks.

[twitter-dev] [Twitter Profile Image Update]What am I gonna do? anybody knows?

[jusung Kye]

I'm trying to make a APP about changing Twitter Avatar Image.
I have tried about this problem for 2week. but I could found any
solution.

I tried this method using Curl. and this method works well.

[Curl Method]
curl -u user:password -H 'Expect:' -F image=@'test2.png;type=image/
png' http://api.twitter.com/1/account/update_profile_image.xml

but iPhone is not working.


Did I forgot or missed something?
Anybody~ Somebody~ help me.

My codes is like below and The debbuger show like this error messages


-(void)request:(NSURL *)url{
if (isPost) {

UIImage *myImage = [UIImage imageNamed:@1.jpg];
NSData *imageData = [[NSData alloc]
initWithData:UIImageJPEGRepresentation(myImage, 90)];
requestBody = [NSString stringWithFormat:@image=%@,[[[NSString
alloc] initWithData:imageData
encoding:NSUTF8StringEncoding]autorelease]];

theRequest = [[NSMutableURLRequest alloc] initWithURL:url];
[theRequest setHTTPMethod:@POST];
NSString *stringBoundary = [NSString
stringWithString:@0xKhTmLbOuNdArY];
NSString *contentType = [NSString 
stringWithFormat:@multipart/form-
data; boundary=%@, stringBoundary];
[theRequest addValue:contentType forHTTPHeaderField:@Content-
Type];

NSMutableData *postBody = [NSMutableData data];
[postBody appendData:[[NSString 
stringWithFormat:@\r\n\r\n...@\r
\n, stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithString:@Content-
Disposition: form-data; name=\source\\r\n\r\n]
dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithString:@canary]
dataUsingEncoding:NSUTF8StringEncoding]];

NSString *mimeType = mimeType = @image/jpeg;

[postBody appendData:[[NSString stringWithFormat:@\r\n...@\r
\n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithFormat:@Content-
Disposition: form-data; name=\image\; filename=\%...@\\r\n,
@1.jpg] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString 
stringWithFormat:@Content-Type: %...@\r
\n, mimeType] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString 
stringWithString:@Content-Transfer-
Encoding: binary\r\n\r\n] dataUsingEncoding:NSUTF8StringEncoding]];
//[postBody appendData:image];
[postBody appendData:imageData];
[postBody appendData:[[NSString stringWithFormat:@\r\n...@\r
\n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]];

[theRequest setHTTPBody:postBody];

NSLog(@ispost);
theConnection = [[NSURLConnection alloc] initWithRequest:theRequest
delegate:self];

}

if (theConnection) {
// Create the NSMutableData that will hold
// the received data
// reveivedData is declared as a method instance elsewhere
receivedData = [[NSMutableData data] retain];
}else {
// inform the user that the download could not be made
}
}


[Error Messages]

Attaching to process 45645.
2010-06-16 13:57:51.025 tw[45645:207] ispost
2010-06-16 13:57:52.193 tw[45645:207] Status: 500 Internal Server
Error
Content-Type: text/html

htmlbodyh1500 Internal Server Error/h1/body/htmlStatus:
500 Internal Server Error
Content-Type: text/html

htmlbodyh1500 Internal Server Error/h1/body/html
(gdb) clear

RE: [twitter-dev] What can be done with twitter data?

[vivekshe...@gmail.com]

I think it can be used for much more than just that.  it all depends how deep 
you think you wannna go 
Sent from my Nokia phone
-Original Message-
From: kuhkatz
Sent:  16/06/2010 1:42:02 pm
Subject:  Re: [twitter-dev] What can be done with twitter data?

Am 15.06.2010 21:36, schrieb ckell...@gmail.com:
 What can be done with the twitter api? What can be done with data? What kind 
 of output is useful to the general public? So far I have found twitter to be 
 a public version of text messages. I have ideas for twitter such as twitter 
 dating and twitter chatrooms is this something that the twitter api could be 
 used for to develop such a program?

 -Chris
 ckel...@aol.com
 Sent on the Sprint® Now Network from my BlackBerry®

dating... i dont know.
i also dont know if i want my dating approaches to be visible for anyone 
and indexed by google, etc.

chat... maybe?
if you setup one account per chatchannel / room, people can DM that 
account, and a bot would DM anyone who is registered for that room.
it is possible, i suppose.

if its not via DM chatting people would spam other peoples timelines, 
at least i would see it that way.

[twitter-dev] Re: TwitPic oAuth Echo Help! - PHP

[Greg]

Taylor,

This is great! Thanks for helping me out - nice to see Twitter
employees helping the developers! Great work.

- Greg

On Jun 15, 10:39 am, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Hi Greg,

 Went over your code a bit more and got it to work with TwitPic -- here's the
 new version:http://pastie.org/1005387

 Taylor Singletary
 Developer Advocate, Twitterhttp://twitter.com/episod

 On Tue, Jun 15, 2010 at 6:31 AM, Taylor Singletary 

 taylorsinglet...@twitter.com wrote:
  One thing to watch out for with OAuth Echo is that you don't actually
  execute the verify_credentials call yourself when you're building the
  authorization header for the request -- by doing so, you will have marked
  the oauth_nonce you used as already processed. Looking at your code, I don't
  think that's your issue.

  Your code shows you tacking on the oauth_token to the authorization header,
  but it needs to be part of your entire signed request. You should be using
  your oauth_token while building your signature base string, and then use
  your oauth_token_secret as part of the composite signing key you use to sign
  the request -- then generate your HTTP header and attach it to the OAuth
  Echo request to twitpic.

  Taylor Singletary
  Developer Advocate, Twitter
 http://twitter.com/episod

  On Tue, Jun 15, 2010 at 4:30 AM, Greg gregory.av...@gmail.com wrote:

  Hello all,

  I've trying to get this to work for the past couple of days - but
  every request to TwitPic returns a 401. I'm signing the requests with
  my ConsumerKey and consumerSecret to Twitter using the verify_account
  API call. Then I'm adding in the Oauth Realm and the OAuth Token as
  part of the header. Can anyone point out what I am doing wrong?

  Code Here:http://pastie.org/1005179

  Thanks again,
  Greg

Re: [twitter-dev] anywhere link overriding

[Furkan Kuru]

Ok.

Using jquery:

$(a.twitter-anywhere-user).each(function () { $(this).attr('target',
'_blank');});

fixes it.



On Wed, Jun 16, 2010 at 1:50 AM, Todd Kloots klo...@twitter.com wrote:

 At the moment, no.  You'll need to do that yourself.  Not too
 difficult though, since @Anywhere stamps each link with a class of
 twitter-anywhere-user.  So, you could iterate over all anchor
 elements, and if they have that class add the target attribute with
 a value of _blank.

 - Todd

 On Tue, Jun 15, 2010 at 2:44 PM, Furkan Kuru furkank...@gmail.com wrote:
 
  Is there any possibility to change the anywhere links to include
  target=_blank attribute and value in order to open in a new window?
 
 
 
  --
  Furkan Kuru
 




-- 
Furkan Kuru

Re: [twitter-dev] Re: Links stripped from tweets

[Bernd Stramm]

On Tue, 15 Jun 2010 23:26:41 -0700 (PDT)
Rudiger bpa...@rocketmail.com wrote:

 I should probably clarify that the urls aren't stripped, just the
 anchor tags surrounding them. Anyone else have this problem?
 

Are you sure the anchor tags were there in the first place?
Many posts simply have text that says http://this.that.com;.

-- 
Bernd Stramm
bernd.str...@gmail.com

Re: [twitter-dev] Tracking Unfavoriting

[John Kalucki]

User Streams have favorites and unfavorites for the logged in user and
that user's followings. This feature is in preview and isn't yet
available for service integrations, but we hope to fix that soon.
Otherwise, favorites are a bit of a second-class object within
Twitter, although we do want to make them on par with tweets and
retweets and such, it's not easy.

-John Kalucki
http://twitter.com/jkalucki
Infrastructure, Twitter Inc.


On Wed, Jun 16, 2010 at 1:30 AM, jhughes96 thewelshjoelhug...@gmail.com wrote:
 Hi,
 I have in mind an application which will need accurate access to
 favorites and, as well, tweets which have been unfavorited.

 In the ideal world there would be a streamed list of these events
 (e.g. USER XXX FAVORITED TWEET TTT, USER YYY UNFAVORITED TWEET
  etc).

 Is this the only method available?
 http://apiwiki.twitter.com/Twitter-REST-API-Method:-favorites

 ...can't see how that's going to help with whether something have been
 UNfavorited.

 Thanks for any thoughts.

 @Joel_Hughes

[twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21

[Taylor Singletary]

Hi Developers,

A little late notice, but just wanted to make sure you've all seen what was
posted on the Twitter status blog a bit earlier:

MAINTENANCE ACTION:

—

We’ll be working with our network provider to perform some tests and
maintenance. During this time you can expect a high rate of errors (whales)

DATE/TIME WINDOW:

—

 June 16th @ 6-7:30 AM PDT

AFFECTED RESOURCES:

———

Twitter.com and* Api.twitter.com*

*
*

*Might be a bit bumpy this morning, but intentionally so.*
*
* Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod

Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21

[BJ Weschke]

A planned maintenance from 9-10:30A EDT and during one of the World 
Cup games? Wow. I hope it's really important.


Taylor Singletary wrote:


Hi Developers,

A little late notice, but just wanted to make sure you've all seen 
what was posted on the Twitter status blog a bit earlier:


MAINTENANCE ACTION:

—

We’ll be working with our network provider to perform some tests
and maintenance. During this time you can expect a high rate of
errors (whales)

DATE/TIME WINDOW:

—

 June 16th @ 6-7:30 AM PDT

AFFECTED RESOURCES:

———

Twitter.com and* Api.twitter.com http://Api.twitter.com*

*
*

*Might be a bit bumpy this morning, but intentionally so.*
*
*Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod

Re: [twitter-dev] [Twitter Profile Image Update]What am I gonna do? anybody knows?

[Taylor Singletary]

Hi Jusung,

Our image upload facilities are in need of some refactoring -- they
frequently respond with a 500, sometimes having processed the image and
sometimes not. Have you checked after uploading to see if the image was
accepted?

I'm not familiar enough with Objective-C to really help you in that area,
but I wanted to make sure you know that basic authentication is going away
later this month, and if you're working on any kind of new project, you
should be using OAuth: http://dev.twitter.com/pages/auth_overview

Taylor

On Tue, Jun 15, 2010 at 11:43 PM, jusung Kye kyejus...@gmail.com wrote:

 I'm trying to make a APP about changing Twitter Avatar Image.
 I have tried about this problem for 2week. but I could found any
 solution.

 I tried this method using Curl. and this method works well.

 [Curl Method]
 curl -u user:password -H 'Expect:' -F image=@'test2.png;type=image/
 png' http://api.twitter.com/1/account/update_profile_image.xml

 but iPhone is not working.


 Did I forgot or missed something?
 Anybody~ Somebody~ help me.

 My codes is like below and The debbuger show like this error messages


 -(void)request:(NSURL *)url{
if (isPost) {

UIImage *myImage = [UIImage imageNamed:@1.jpg];
NSData *imageData = [[NSData alloc]
 initWithData:UIImageJPEGRepresentation(myImage, 90)];
requestBody = [NSString stringWithFormat:@
 image=%@,[[[NSString
 alloc] initWithData:imageData
 encoding:NSUTF8StringEncoding]autorelease]];

theRequest = [[NSMutableURLRequest alloc] initWithURL:url];
[theRequest setHTTPMethod:@POST];
NSString *stringBoundary = [NSString
 stringWithString:@0xKhTmLbOuNdArY];
NSString *contentType = [NSString stringWithFormat:@
 multipart/form-
 data; boundary=%@, stringBoundary];
[theRequest addValue:contentType forHTTPHeaderField:@
 Content-
 Type];

NSMutableData *postBody = [NSMutableData data];
[postBody appendData:[[NSString stringWithFormat:@
 \r\n\r\n...@\r
 \n, stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithString:@Content-
 Disposition: form-data; name=\source\\r\n\r\n]
 dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithString:@canary]
 dataUsingEncoding:NSUTF8StringEncoding]];

NSString *mimeType = mimeType = @image/jpeg;

[postBody appendData:[[NSString stringWithFormat:@\r\n--%@
 \r
 \n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithFormat:@Content-
 Disposition: form-data; name=\image\; filename=\%...@\\r\n,
 @1.jpg] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString 
 stringWithFormat:@Content-Type:
 %...@\r
 \n, mimeType] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithString:@
 Content-Transfer-
 Encoding: binary\r\n\r\n] dataUsingEncoding:NSUTF8StringEncoding]];
//[postBody appendData:image];
[postBody appendData:imageData];
[postBody appendData:[[NSString stringWithFormat:@\r\n--%@
 \r
 \n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]];

[theRequest setHTTPBody:postBody];

NSLog(@ispost);
theConnection = [[NSURLConnection alloc] initWithRequest:theRequest
 delegate:self];

}

if (theConnection) {
// Create the NSMutableData that will hold
// the received data
// reveivedData is declared as a method instance elsewhere
receivedData = [[NSMutableData data] retain];
}else {
// inform the user that the download could not be made
}
 }


 [Error Messages]

 Attaching to process 45645.
 2010-06-16 13:57:51.025 tw[45645:207] ispost
 2010-06-16 13:57:52.193 tw[45645:207] Status: 500 Internal Server
 Error
 Content-Type: text/html

 htmlbodyh1500 Internal Server Error/h1/body/htmlStatus:
 500 Internal Server Error
 Content-Type: text/html

 htmlbodyh1500 Internal Server Error/h1/body/html
 (gdb) clear

RE: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21

[Dean Collins]

Guess the twitter technical team aren't soccer fans and follow baseball?


Cheers,
Dean Collins
http://www.LiveWorldCUpChat.com



 -Original Message-
 From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-
 t...@googlegroups.com] On Behalf Of BJ Weschke
 Sent: Wednesday, 16 June 2010 9:45 AM
 To: twitter-development-talk@googlegroups.com
 Cc: twitter-api-announce
 Subject: Re: [twitter-dev] Scheduled Twitter API Network Maintenance,
June 16th @
 6-7:30 AM PDT 21
 
  A planned maintenance from 9-10:30A EDT and during one of the World
 Cup games? Wow. I hope it's really important.
 
 Taylor Singletary wrote:
 
  Hi Developers,
 
  A little late notice, but just wanted to make sure you've all seen
  what was posted on the Twitter status blog a bit earlier:
 
  MAINTENANCE ACTION:
 
  -
 
  We'll be working with our network provider to perform some tests
  and maintenance. During this time you can expect a high rate of
  errors (whales)
 
  DATE/TIME WINDOW:
 
  -
 
   June 16th @ 6-7:30 AM PDT
 
  AFFECTED RESOURCES:
 
  ---
 
  Twitter.com and* Api.twitter.com http://Api.twitter.com*
 
  *
  *
 
  *Might be a bit bumpy this morning, but intentionally so.*
  *
  *Taylor Singletary
  Developer Advocate, Twitter
  http://twitter.com/episod

Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21

[John Kalucki]

The wording wasn't accurate and has since been changed. They're going
to be poking around with network and monitoring traffic, and there's
always a very small chance that something will go wrong, a link will
drop, and it'll take a few seconds for the network topology to
re-converge. Usually we hardly take note of, or can even detect, a
partition, due to the low convergency latency. However, when we're
running the backlinks so hot, anything could happen. They're just
trying to communicate the somewhat elevated risk of this measurement
that is only useful during a peak event and is necessary to add
appropriate capacity and balance load.



On Wed, Jun 16, 2010 at 6:44 AM, BJ Weschke bwesc...@btwtech.com wrote:
 A planned maintenance from 9-10:30A EDT and during one of the World Cup
 games? Wow. I hope it's really important.

 Taylor Singletary wrote:

 Hi Developers,

 A little late notice, but just wanted to make sure you've all seen what
 was posted on the Twitter status blog a bit earlier:

    MAINTENANCE ACTION:

    —

    We’ll be working with our network provider to perform some tests
    and maintenance. During this time you can expect a high rate of
    errors (whales)

    DATE/TIME WINDOW:

    —

     June 16th @ 6-7:30 AM PDT

    AFFECTED RESOURCES:

    ———

    Twitter.com and* Api.twitter.com http://Api.twitter.com*

    *
    *

 *Might be a bit bumpy this morning, but intentionally so.*
 *
 *Taylor Singletary
 Developer Advocate, Twitter
 http://twitter.com/episod

Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21

[John Kalucki]

I know you are just joking, but here's what's we're doing:

We all have every world cup game in our corporate calendars and for
many of us, our entire day, sleep included, is paced around the three
world cup games. Deploys, maintenance, and everything else has been
shifted around. And the games are obvious in the graphs, and we do a
lot of graph-looking-at-and-talking-about-and-such.

-John


On Wed, Jun 16, 2010 at 6:47 AM, Dean Collins d...@cognation.net wrote:
 Guess the twitter technical team aren't soccer fans and follow baseball?


 Cheers,
 Dean Collins
 http://www.LiveWorldCUpChat.com



 -Original Message-
 From: twitter-development-talk@googlegroups.com
 [mailto:twitter-development-
 t...@googlegroups.com] On Behalf Of BJ Weschke
 Sent: Wednesday, 16 June 2010 9:45 AM
 To: twitter-development-talk@googlegroups.com
 Cc: twitter-api-announce
 Subject: Re: [twitter-dev] Scheduled Twitter API Network Maintenance,
 June 16th @
 6-7:30 AM PDT 21

  A planned maintenance from 9-10:30A EDT and during one of the World
 Cup games? Wow. I hope it's really important.

 Taylor Singletary wrote:
 
  Hi Developers,
 
  A little late notice, but just wanted to make sure you've all seen
  what was posted on the Twitter status blog a bit earlier:
 
      MAINTENANCE ACTION:
 
      -
 
      We'll be working with our network provider to perform some tests
      and maintenance. During this time you can expect a high rate of
      errors (whales)
 
      DATE/TIME WINDOW:
 
      -
 
       June 16th @ 6-7:30 AM PDT
 
      AFFECTED RESOURCES:
 
      ---
 
      Twitter.com and* Api.twitter.com http://Api.twitter.com*
 
      *
      *
 
  *Might be a bit bumpy this morning, but intentionally so.*
  *
  *Taylor Singletary
  Developer Advocate, Twitter
  http://twitter.com/episod

Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21

[BJ Weschke]

Thanks John. That makes more sense.

John Kalucki wrote:

The wording wasn't accurate and has since been changed. They're going
to be poking around with network and monitoring traffic, and there's
always a very small chance that something will go wrong, a link will
drop, and it'll take a few seconds for the network topology to
re-converge. Usually we hardly take note of, or can even detect, a
partition, due to the low convergency latency. However, when we're
running the backlinks so hot, anything could happen. They're just
trying to communicate the somewhat elevated risk of this measurement
that is only useful during a peak event and is necessary to add
appropriate capacity and balance load.



On Wed, Jun 16, 2010 at 6:44 AM, BJ Weschke bwesc...@btwtech.com wrote:
  

A planned maintenance from 9-10:30A EDT and during one of the World Cup
games? Wow. I hope it's really important.

Taylor Singletary wrote:


Hi Developers,

A little late notice, but just wanted to make sure you've all seen what
was posted on the Twitter status blog a bit earlier:

   MAINTENANCE ACTION:

   —

   We’ll be working with our network provider to perform some tests
   and maintenance. During this time you can expect a high rate of
   errors (whales)

   DATE/TIME WINDOW:

   —

June 16th @ 6-7:30 AM PDT

   AFFECTED RESOURCES:

   ———

   Twitter.com and* Api.twitter.com http://Api.twitter.com*

   *
   *

*Might be a bit bumpy this morning, but intentionally so.*
*
*Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod
  

Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21

[John Kalucki]

Convergency isn't a word. I meant convergence.

On Wed, Jun 16, 2010 at 6:58 AM, John Kalucki j...@twitter.com wrote:
 The wording wasn't accurate and has since been changed. They're going
 to be poking around with network and monitoring traffic, and there's
 always a very small chance that something will go wrong, a link will
 drop, and it'll take a few seconds for the network topology to
 re-converge. Usually we hardly take note of, or can even detect, a
 partition, due to the low convergency latency. However, when we're
 running the backlinks so hot, anything could happen. They're just
 trying to communicate the somewhat elevated risk of this measurement
 that is only useful during a peak event and is necessary to add
 appropriate capacity and balance load.



 On Wed, Jun 16, 2010 at 6:44 AM, BJ Weschke bwesc...@btwtech.com wrote:
 A planned maintenance from 9-10:30A EDT and during one of the World Cup
 games? Wow. I hope it's really important.

 Taylor Singletary wrote:

 Hi Developers,

 A little late notice, but just wanted to make sure you've all seen what
 was posted on the Twitter status blog a bit earlier:

    MAINTENANCE ACTION:

    —

    We’ll be working with our network provider to perform some tests
    and maintenance. During this time you can expect a high rate of
    errors (whales)

    DATE/TIME WINDOW:

    —

     June 16th @ 6-7:30 AM PDT

    AFFECTED RESOURCES:

    ———

    Twitter.com and* Api.twitter.com http://Api.twitter.com*

    *
    *

 *Might be a bit bumpy this morning, but intentionally so.*
 *
 *Taylor Singletary
 Developer Advocate, Twitter
 http://twitter.com/episod

[twitter-dev] Re: Dev Portal Login

[Dewald Pretorius]

Login to developer.twitter.com kicks back developer.twitter.com uses
an invalid security certificate.

Are things falling apart in the Twitter world?

On Jun 15, 4:55 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Sorry for all the issues around this login -- I really want to get this
 login functioning correctly but we've had some system-wide changes recently
 that have made some elements of fixing this for reals though difficult.
 It's an incredibly basic issue that's overcomplicated by the particularities
 of our production environment, the interaction of SSL, and subdomains. I
 hope to have it fixed by the end of the week.

 For now -- login to twitter.com, then go to the portal.

 Taylor Singletary
 Developer Advocate, Twitterhttp://twitter.com/episod

 On Tue, Jun 15, 2010 at 12:41 PM, Brian Wigginton
 brianwiggin...@gmail.comwrote:



  Is anyone else having problems logging into the dev portal?

  I keep getting directed tohttps://twitter.com/sessionswith the
  message Sorry, that page doesn’t exist!

  -Brian Wigginton

[twitter-dev] Granularity for geo/search is strange/unknown

[MeltingIce]

Hey everyone,

I am trying to search for locations using the new geo/search API call,
but the granularity of the locations returned is nearby cities at best
even though the granularity is set to neighborhood.  I would like to
pass in simply a lat/long, but even when I pass in a search query as
well, I either get extremely broad results or no results at all.

Heres an example that I've been trying which is returning cities as
far away as Virginia although the lat/long is really in Charleston,
SC.

http://api.twitter.com/1/geo/search.json?query=java+javaaccuracy=761.9884176autocomplete=falselong=-80.1489lat=32.6058granularity=neighborhood

The autocomplete param is undocumented, although switching it from
false to true doesn't seem to have an effect anyways.  Is there
something I'm missing here?  Thanks in advance for the help!

[twitter-dev] oAuth for server-side applications

[Rob]

Okay, I'm totally confused with Twitter's move to drop HTTP BASIC
authorization.

My problem is with a set of Twitter accounts that are primarily
accessed PROGRAMATICALLY by server-side processes; there is no
client per se, or rather, the server process IS the client.  For
example, an automated process that periodically sends status tweets.
The programming currently uses the API with BASIC authentication (via
HTTPS).  I am a loss as to how OAuth is applied in this situation.

A clearly expressed example would be greatly appreciated.

Re: [twitter-dev] [Twitter Profile Image Update]What am I gonna do? anybody knows?

[Clint Shryock]

Jusung -

I'm using Objective-c as well and I've gotten more than an handful of 500
errors, even the the post was successful and the avatar was updated.
The users/show API also is slow to update and show the new avatar.

Is your Twitter avatar update reflected on twitter.com ?

+Clint

On Wed, Jun 16, 2010 at 8:56 AM, Taylor Singletary 
taylorsinglet...@twitter.com wrote:

 Hi Jusung,

 Our image upload facilities are in need of some refactoring -- they
 frequently respond with a 500, sometimes having processed the image and
 sometimes not. Have you checked after uploading to see if the image was
 accepted?

 I'm not familiar enough with Objective-C to really help you in that area,
 but I wanted to make sure you know that basic authentication is going away
 later this month, and if you're working on any kind of new project, you
 should be using OAuth: http://dev.twitter.com/pages/auth_overview

 Taylor


 On Tue, Jun 15, 2010 at 11:43 PM, jusung Kye kyejus...@gmail.com wrote:

 I'm trying to make a APP about changing Twitter Avatar Image.
 I have tried about this problem for 2week. but I could found any
 solution.

 I tried this method using Curl. and this method works well.

 [Curl Method]
 curl -u user:password -H 'Expect:' -F image=@'test2.png;type=image/
 png' http://api.twitter.com/1/account/update_profile_image.xml

 but iPhone is not working.


 Did I forgot or missed something?
 Anybody~ Somebody~ help me.

 My codes is like below and The debbuger show like this error messages


 -(void)request:(NSURL *)url{
if (isPost) {

UIImage *myImage = [UIImage imageNamed:@1.jpg];
NSData *imageData = [[NSData alloc]
 initWithData:UIImageJPEGRepresentation(myImage, 90)];
requestBody = [NSString stringWithFormat:@
 image=%@,[[[NSString
 alloc] initWithData:imageData
 encoding:NSUTF8StringEncoding]autorelease]];

theRequest = [[NSMutableURLRequest alloc] initWithURL:url];
[theRequest setHTTPMethod:@POST];
NSString *stringBoundary = [NSString
 stringWithString:@0xKhTmLbOuNdArY];
NSString *contentType = [NSString stringWithFormat:@
 multipart/form-
 data; boundary=%@, stringBoundary];
[theRequest addValue:contentType forHTTPHeaderField:@
 Content-
 Type];

NSMutableData *postBody = [NSMutableData data];
[postBody appendData:[[NSString stringWithFormat:@
 \r\n\r\n...@\r
 \n, stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithString:@
 Content-
 Disposition: form-data; name=\source\\r\n\r\n]
 dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithString:@
 canary]
 dataUsingEncoding:NSUTF8StringEncoding]];

NSString *mimeType = mimeType = @image/jpeg;

[postBody appendData:[[NSString stringWithFormat:@
 \r\n...@\r
 \n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithFormat:@
 Content-
 Disposition: form-data; name=\image\; filename=\%...@\\r\n,
 @1.jpg] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString 
 stringWithFormat:@Content-Type:
 %...@\r
 \n, mimeType] dataUsingEncoding:NSUTF8StringEncoding]];
[postBody appendData:[[NSString stringWithString:@
 Content-Transfer-
 Encoding: binary\r\n\r\n] dataUsingEncoding:NSUTF8StringEncoding]];
//[postBody appendData:image];
[postBody appendData:imageData];
[postBody appendData:[[NSString stringWithFormat:@
 \r\n...@\r
 \n,stringBoundary] dataUsingEncoding:NSUTF8StringEncoding]];

[theRequest setHTTPBody:postBody];

NSLog(@ispost);
theConnection = [[NSURLConnection alloc] initWithRequest:theRequest
 delegate:self];

}

if (theConnection) {
// Create the NSMutableData that will hold
// the received data
// reveivedData is declared as a method instance elsewhere
receivedData = [[NSMutableData data] retain];
}else {
// inform the user that the download could not be made
}
 }


 [Error Messages]

 Attaching to process 45645.
 2010-06-16 13:57:51.025 tw[45645:207] ispost
 2010-06-16 13:57:52.193 tw[45645:207] Status: 500 Internal Server
 Error
 Content-Type: text/html

 htmlbodyh1500 Internal Server Error/h1/body/htmlStatus:
 500 Internal Server Error
 Content-Type: text/html

 htmlbodyh1500 Internal Server Error/h1/body/html
 (gdb) clear

Re: [twitter-dev] oAuth for server-side applications

[Taylor Singletary]

You're likely best served by taking the approach of implementing only the
parts of OAuth you need to complete your single-user use case. (Highly
recommend using a library). We provide a feature that makes it easy for you
to get your own access token from dev.twitter.com, which you can hard code
into your application and essentially you'll be changing from a state of:

(current) Always passing a login and password with every request

to

Always passing an OAuth authorization header containing your access token on
every request

Find out more about the single token solution here:
http://dev.twitter.com/pages/oauth_single_token -- you'll be able to get
your access tokens, in addition to your API keys, after registering an
application there.

If you have the need for multiple users, you have a few approaches you can
take, http://dev.twitter.com/pages/auth_overview goes over a number of them.
Once you've acquired an access token, you can persist it for as long as you
want to make calls with it (or until the user manually revokes the
authorization)

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Wed, Jun 16, 2010 at 7:25 AM, Rob robert-h...@comcast.net wrote:

 Okay, I'm totally confused with Twitter's move to drop HTTP BASIC
 authorization.

 My problem is with a set of Twitter accounts that are primarily
 accessed PROGRAMATICALLY by server-side processes; there is no
 client per se, or rather, the server process IS the client.  For
 example, an automated process that periodically sends status tweets.
 The programming currently uses the API with BASIC authentication (via
 HTTPS).  I am a loss as to how OAuth is applied in this situation.

 A clearly expressed example would be greatly appreciated.

[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce

[Craig]

Hi Matt,

Thanks for responding.  My authorization header is still the same as
it was in my first message above.  Here it is for another request I
just tried:

OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC-
SHA1, oauth_timestamp=1276701304,
oauth_consumer_key=x, oauth_token=-
x, oauth_signature=xxx
%3D, oauth_version=1.0

The post body is simply:
status=my%20tweet

When I create the request in objective c, it looks like this: (where
authHeader is the authorization header noted above and postBody is the
post body noted above):

NSString* requestString= [NSString
stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
initWithURL:[NSURL
URLWithString:requestString]
 
cachePolicy:NSURLRequestReloadIgnoringCacheData
timeoutInterval:30.0];
[request setHTTPMethod:@POST];
[request addValue:authHeader forHTTPHeaderField:@Authorization];
[request setValue:@application/x-www-form-urlencoded
forHTTPHeaderField:@Content-Type];
[request setValue:postBodyLength forHTTPHeaderField:@Content-
Length];
[request setHTTPBody:[postBody
dataUsingEncoding:NSUTF8StringEncoding]];

This type of formatting works just fine for my xAuth authentication.

On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote:
 Hey Craig,

 Could you let us see what the authorization header you are sending
 looks like (obfuscating your oauth keys and secrets)?

 What you're aiming for is a header similar to this:

 POST /1/statuses/update.xml HTTP/1.1
 Accept: */*
 Connection: close
 User-Agent: OAuth gem v0.4.0
 Content-Type: application/x-www-form-urlencoded
 Authorization: OAuth
   oauth_consumer_key=\\,
   oauth_nonce=\\,
   oauth_signature=\\,
   oauth_signature_method=\HMAC-SHA1\,
   oauth_timestamp=\1276634179\,
   oauth_token=\xx\,
   oauth_version=\1.0\
 Content-Length: 27
 Host: api.twitter.com

 With your post body being the status you are sending. Similar to:

 status=something%20to%20say

 Matt

 On Jun 13, 8:32 pm, Craig chanson9...@gmail.com wrote:



  Ok, so I believe my signature is correct because if I take out the
  oauth_token parameter from the signature base I get an incorrect
  signature error instead of the invalid/used nonce error.  I am
  definitely posting to the correct url: https://api.twitter.com/1/
  statuses/update.xml because if I change it I get an invalid url
  response.  The nonce I'm generating is unique for every request I'm
  sending.  The timestamp is accurate to the number of seconds that have
  passed since unix epoch.  Obviously the invalid/used nonce error is
  garbage.

  Here's the formatting of my URL request in obj c:

  // Create the request
  NSString* requestString= [NSString
  stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
  NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
                                  initWithURL:[NSURL 
  URLWithString:requestString]
                                  
  cachePolicy:NSURLRequestReloadIgnoringCacheData
                                      timeoutInterval:30.0];
  [request setHTTPMethod:@POST];
  [request addValue:authHeader forHTTPHeaderField:@Authorization];
  [request setValue:@application/x-www-form-urlencoded
  forHTTPHeaderField:@Content-Type];
  [request setValue:postBodyLength forHTTPHeaderField:@Content-
  Length];
  [request setHTTPBody:[postBody
  dataUsingEncoding:NSUTF8StringEncoding]];

  Any other ideas?  I'm at a total loss as to why this might be
  happening.

  Thanks,
  Craig

  On Jun 13, 3:42 pm, Craig chanson9...@gmail.com wrote:

   No dice.  I just tried creating a new app and using the new keys/token
   to tweet.  I'll go over my steps once more and see if I can track down
   an issue somewhere...

   On Jun 11, 8:53 pm, Taylor Singletary taylorsinglet...@twitter.com
   wrote:

xAuth in this case, I think, is unrelated to the issue. If you can use
a different key and use the my token feature to get your access
token, then try to tweet using that token, it will sufficiently
express the problem I think.

Taylor

On Jun 11, 2010, at 2:48 PM, Craig chanson9...@gmail.com wrote:

 Hello,

 I have an iphone app that is using xauth.  I am able to obtain the
 access token with no problem at all.  When I go to post a status
 update, I receive an invalid / used nonce error.  It can't actually be
 a used nonce since I have checked this multiple times.  Here are the
 details of the post:

 url:
http://api.twitter.com/1/statuses/update.xml

 signature base string:
 POSThttp%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
 %2Fupdate.xmloauth_consumer_key%3Dmyconsumerkey%26oauth_nonce
 %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC-
 

Re: [twitter-dev] Re: oauth status update returning error 401 invalid / used nonce

[Taylor Singletary]

Hi Craig,

Do you know if the status update, status=my%20tweet is being encoded
correctly in your signature base string (which is the string used to create
your signature).

For the signature base string, the key/value pair would look like:

status%3Dmy%2520tweet

Have you tried your xAuth authentication with spaces and other possible odd
characters yet in fields like the password?

Taylor

On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote:

 Hi Matt,

 Thanks for responding.  My authorization header is still the same as
 it was in my first message above.  Here it is for another request I
 just tried:

 OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC-
 SHA1, oauth_timestamp=1276701304,
 oauth_consumer_key=x, oauth_token=-
 x, oauth_signature=xxx
 %3D, oauth_version=1.0

 The post body is simply:
 status=my%20tweet

 When I create the request in objective c, it looks like this: (where
 authHeader is the authorization header noted above and postBody is the
 post body noted above):

 NSString* requestString= [NSString
 stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
 NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
initWithURL:[NSURL
 URLWithString:requestString]

 cachePolicy:NSURLRequestReloadIgnoringCacheData
timeoutInterval:30.0];
 [request setHTTPMethod:@POST];
 [request addValue:authHeader forHTTPHeaderField:@Authorization];
 [request setValue:@application/x-www-form-urlencoded
 forHTTPHeaderField:@Content-Type];
 [request setValue:postBodyLength forHTTPHeaderField:@Content-
 Length];
 [request setHTTPBody:[postBody
 dataUsingEncoding:NSUTF8StringEncoding]];

 This type of formatting works just fine for my xAuth authentication.

 On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote:
  Hey Craig,
 
  Could you let us see what the authorization header you are sending
  looks like (obfuscating your oauth keys and secrets)?
 
  What you're aiming for is a header similar to this:
 
  POST /1/statuses/update.xml HTTP/1.1
  Accept: */*
  Connection: close
  User-Agent: OAuth gem v0.4.0
  Content-Type: application/x-www-form-urlencoded
  Authorization: OAuth
oauth_consumer_key=\\,
oauth_nonce=\\,
oauth_signature=\\,
oauth_signature_method=\HMAC-SHA1\,
oauth_timestamp=\1276634179\,
oauth_token=\xx\,
oauth_version=\1.0\
  Content-Length: 27
  Host: api.twitter.com
 
  With your post body being the status you are sending. Similar to:
 
  status=something%20to%20say
 
  Matt
 
  On Jun 13, 8:32 pm, Craig chanson9...@gmail.com wrote:
 
 
 
   Ok, so I believe my signature is correct because if I take out the
   oauth_token parameter from the signature base I get an incorrect
   signature error instead of the invalid/used nonce error.  I am
   definitely posting to the correct url: https://api.twitter.com/1/
   statuses/update.xml because if I change it I get an invalid url
   response.  The nonce I'm generating is unique for every request I'm
   sending.  The timestamp is accurate to the number of seconds that have
   passed since unix epoch.  Obviously the invalid/used nonce error is
   garbage.
 
   Here's the formatting of my URL request in obj c:
 
   // Create the request
   NSString* requestString= [NSString
   stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
   NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
   initWithURL:[NSURL
 URLWithString:requestString]
  
 cachePolicy:NSURLRequestReloadIgnoringCacheData
   timeoutInterval:30.0];
   [request setHTTPMethod:@POST];
   [request addValue:authHeader forHTTPHeaderField:@Authorization];
   [request setValue:@application/x-www-form-urlencoded
   forHTTPHeaderField:@Content-Type];
   [request setValue:postBodyLength forHTTPHeaderField:@Content-
   Length];
   [request setHTTPBody:[postBody
   dataUsingEncoding:NSUTF8StringEncoding]];
 
   Any other ideas?  I'm at a total loss as to why this might be
   happening.
 
   Thanks,
   Craig
 
   On Jun 13, 3:42 pm, Craig chanson9...@gmail.com wrote:
 
No dice.  I just tried creating a new app and using the new
 keys/token
to tweet.  I'll go over my steps once more and see if I can track
 down
an issue somewhere...
 
On Jun 11, 8:53 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 
 xAuth in this case, I think, is unrelated to the issue. If you can
 use
 a different key and use the my token feature to get your access
 token, then try to tweet using that token, it will sufficiently
 express the problem I think.
 
 Taylor
 
 On Jun 11, 2010, at 2:48 PM, Craig chanson9...@gmail.com wrote:
 
  Hello,
 
  I have an iphone app that is using xauth.  I am able to 

Re: [twitter-dev] Scheduled Twitter API Network Maintenance, June 16th @ 6-7:30 AM PDT 21

[M. Edward (Ed) Borasky]

Quoting John Kalucki j...@twitter.com:


I know you are just joking, but here's what's we're doing:

We all have every world cup game in our corporate calendars and for
many of us, our entire day, sleep included, is paced around the three
world cup games. Deploys, maintenance, and everything else has been
shifted around. And the games are obvious in the graphs, and we do a
lot of graph-looking-at-and-talking-about-and-such.

-John


I hope you guys submitted a paper to the Computer Measurement Group  
(CMG) about this - if not, for their quarterly journal or for next  
year for sure!


http://cmg.org/



On Wed, Jun 16, 2010 at 6:47 AM, Dean Collins d...@cognation.net wrote:

Guess the twitter technical team aren't soccer fans and follow baseball?


Cheers,
Dean Collins
http://www.LiveWorldCUpChat.com




-Original Message-
From: twitter-development-talk@googlegroups.com

[mailto:twitter-development-

t...@googlegroups.com] On Behalf Of BJ Weschke
Sent: Wednesday, 16 June 2010 9:45 AM
To: twitter-development-talk@googlegroups.com
Cc: twitter-api-announce
Subject: Re: [twitter-dev] Scheduled Twitter API Network Maintenance,

June 16th @

6-7:30 AM PDT 21

 A planned maintenance from 9-10:30A EDT and during one of the World
Cup games? Wow. I hope it's really important.

Taylor Singletary wrote:

 Hi Developers,

 A little late notice, but just wanted to make sure you've all seen
 what was posted on the Twitter status blog a bit earlier:

     MAINTENANCE ACTION:

     -

     We'll be working with our network provider to perform some tests
     and maintenance. During this time you can expect a high rate of
     errors (whales)

     DATE/TIME WINDOW:

     -

      June 16th @ 6-7:30 AM PDT

     AFFECTED RESOURCES:

     ---

     Twitter.com and* Api.twitter.com http://Api.twitter.com*

     *
     *

 *Might be a bit bumpy this morning, but intentionally so.*
 *
 *Taylor Singletary
 Developer Advocate, Twitter
 http://twitter.com/episod

[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce

[Craig]

My signature base string status pair looks like:
status%3Dmy%2520tweet

When I tried xAuth authentication with a * character in the password,
it didn't work at first.  But once I double url encoded it, I was able
to authenticate no problem.  So that definitely helps.  I am now
double url encoding the username and password values.

However, the tweet still didn't work.  I am double url encoding the
status message in the signature base string and single url encoding it
in the post body.

Thanks,
Craig

On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Hi Craig,

 Do you know if the status update, status=my%20tweet is being encoded
 correctly in your signature base string (which is the string used to create
 your signature).

 For the signature base string, the key/value pair would look like:

 status%3Dmy%2520tweet

 Have you tried your xAuth authentication with spaces and other possible odd
 characters yet in fields like the password?

 Taylor



 On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote:
  Hi Matt,

  Thanks for responding.  My authorization header is still the same as
  it was in my first message above.  Here it is for another request I
  just tried:

  OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC-
  SHA1, oauth_timestamp=1276701304,
  oauth_consumer_key=x, oauth_token=-
  x, oauth_signature=xxx
  %3D, oauth_version=1.0

  The post body is simply:
  status=my%20tweet

  When I create the request in objective c, it looks like this: (where
  authHeader is the authorization header noted above and postBody is the
  post body noted above):

  NSString* requestString= [NSString
  stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
  NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
                                 initWithURL:[NSURL
  URLWithString:requestString]

  cachePolicy:NSURLRequestReloadIgnoringCacheData
                                     timeoutInterval:30.0];
  [request setHTTPMethod:@POST];
  [request addValue:authHeader forHTTPHeaderField:@Authorization];
  [request setValue:@application/x-www-form-urlencoded
  forHTTPHeaderField:@Content-Type];
  [request setValue:postBodyLength forHTTPHeaderField:@Content-
  Length];
  [request setHTTPBody:[postBody
  dataUsingEncoding:NSUTF8StringEncoding]];

  This type of formatting works just fine for my xAuth authentication.

  On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote:
   Hey Craig,

   Could you let us see what the authorization header you are sending
   looks like (obfuscating your oauth keys and secrets)?

   What you're aiming for is a header similar to this:

   POST /1/statuses/update.xml HTTP/1.1
   Accept: */*
   Connection: close
   User-Agent: OAuth gem v0.4.0
   Content-Type: application/x-www-form-urlencoded
   Authorization: OAuth
     oauth_consumer_key=\\,
     oauth_nonce=\\,
     oauth_signature=\\,
     oauth_signature_method=\HMAC-SHA1\,
     oauth_timestamp=\1276634179\,
     oauth_token=\xx\,
     oauth_version=\1.0\
   Content-Length: 27
   Host: api.twitter.com

   With your post body being the status you are sending. Similar to:

   status=something%20to%20say

   Matt

   On Jun 13, 8:32 pm, Craig chanson9...@gmail.com wrote:

Ok, so I believe my signature is correct because if I take out the
oauth_token parameter from the signature base I get an incorrect
signature error instead of the invalid/used nonce error.  I am
definitely posting to the correct url: https://api.twitter.com/1/
statuses/update.xml because if I change it I get an invalid url
response.  The nonce I'm generating is unique for every request I'm
sending.  The timestamp is accurate to the number of seconds that have
passed since unix epoch.  Obviously the invalid/used nonce error is
garbage.

Here's the formatting of my URL request in obj c:

// Create the request
NSString* requestString= [NSString
stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
                                initWithURL:[NSURL
  URLWithString:requestString]

  cachePolicy:NSURLRequestReloadIgnoringCacheData
                                    timeoutInterval:30.0];
[request setHTTPMethod:@POST];
[request addValue:authHeader forHTTPHeaderField:@Authorization];
[request setValue:@application/x-www-form-urlencoded
forHTTPHeaderField:@Content-Type];
[request setValue:postBodyLength forHTTPHeaderField:@Content-
Length];
[request setHTTPBody:[postBody
dataUsingEncoding:NSUTF8StringEncoding]];

Any other ideas?  I'm at a total loss as to why this might be
happening.

Thanks,
Craig

On Jun 13, 3:42 pm, Craig chanson9...@gmail.com wrote:

 No dice.  I 

[twitter-dev] xAuth - favorites/create - bug - 401 error

[chiu ming luk]

The xAuth - favorites/create - is broken

I make calls to - favorites/create with an ID parameter using xAuth

$response = $connection-get ( 'favorites/create', array ('id' =
$status_id ) );

but I always getting 401 Not authorized Error

===
/1/favorites/create.json?
id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY
%3Doauth_signature_method=HMAC-
SHA1oauth_timestamp=1276713005oauth_token=13073932-
seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0
===

On the other hand, The exact same request using Basic
Authentication, It will work fine. I either getting
- You have already favorited this status.
- Favorites added

[twitter-dev] Re: oAuth for server-side applications

[Rob]

Taylor,

Thanks for the bootstrap info.  Now, is there a soup-to-nuts CODING
example somewhere?.

Re: [twitter-dev] Re: oAuth for server-side applications

[Taylor Singletary]

Working with OAuth is really platform/language-dependent. While there are
some similarities to approach and object model between OAuth libraries in
various languages, each has their own quirks. And each HTTP interface
library has its own quirks.

That said, I have been working on a guide specifically with the conversion
from basic auth in mind. The core of it all is still wrapped
There's also some detailed examples of working with OAuth and Twitter here
http://dev.twitter.com/pages/auth -- we also have compiled a good list of
various OAuth libraries here: http://dev.twitter.com/pages/oauth_libraries

What programming language are you using?

Taylor

On Wed, Jun 16, 2010 at 12:07 PM, Rob robert-h...@comcast.net wrote:


 Taylor,

 Thanks for the bootstrap info.  Now, is there a soup-to-nuts CODING
 example somewhere?.

[twitter-dev] Basic auth removal is a disaster for web applications without xAuth

[IanQuigley]

xAuth is not permitted for web clients - WHY?

I have a very small user base, but at least 50% of those people use my
web app because they can not access twitter.com

Without xAuth they will be unable to access slandr.net, dabr.co.uk,
hootsuite etc. These are people in countries where Twitter is blocked
and people who have it blocked by their local network. Will they be
able to use most desktop applications which connect direct to
twitter.com? I doubt it.

Does anybody have any idea how many people are going to be cut off
from twitter after 30 June?

[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce

[Craig]

By the way, even when I try to tweet with just one word like: tweet,
it doesn't work.  Just simple ascii characters.  Is there any way you
can just intercept one of my test tweets and look at what, if anything
might be going wrong on the server side?

-Craig


On Jun 16, 3:05 pm, Craig chanson9...@gmail.com wrote:
 My signature base string status pair looks like:
 status%3Dmy%2520tweet

 When I tried xAuth authentication with a * character in the password,
 it didn't work at first.  But once I double url encoded it, I was able
 to authenticate no problem.  So that definitely helps.  I am now
 double url encoding the username and password values.

 However, the tweet still didn't work.  I am double url encoding the
 status message in the signature base string and single url encoding it
 in the post body.

 Thanks,
 Craig

 On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com
 wrote:



  Hi Craig,

  Do you know if the status update, status=my%20tweet is being encoded
  correctly in your signature base string (which is the string used to create
  your signature).

  For the signature base string, the key/value pair would look like:

  status%3Dmy%2520tweet

  Have you tried your xAuth authentication with spaces and other possible odd
  characters yet in fields like the password?

  Taylor

  On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote:
   Hi Matt,

   Thanks for responding.  My authorization header is still the same as
   it was in my first message above.  Here it is for another request I
   just tried:

   OAuth oauth_nonce=TEeSMm8q3m5abhmppain, oauth_signature_method=HMAC-
   SHA1, oauth_timestamp=1276701304,
   oauth_consumer_key=x, oauth_token=-
   x, oauth_signature=xxx
   %3D, oauth_version=1.0

   The post body is simply:
   status=my%20tweet

   When I create the request in objective c, it looks like this: (where
   authHeader is the authorization header noted above and postBody is the
   post body noted above):

   NSString* requestString= [NSString
   stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
   NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
                                  initWithURL:[NSURL
   URLWithString:requestString]

   cachePolicy:NSURLRequestReloadIgnoringCacheData
                                      timeoutInterval:30.0];
   [request setHTTPMethod:@POST];
   [request addValue:authHeader forHTTPHeaderField:@Authorization];
   [request setValue:@application/x-www-form-urlencoded
   forHTTPHeaderField:@Content-Type];
   [request setValue:postBodyLength forHTTPHeaderField:@Content-
   Length];
   [request setHTTPBody:[postBody
   dataUsingEncoding:NSUTF8StringEncoding]];

   This type of formatting works just fine for my xAuth authentication.

   On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote:
Hey Craig,

Could you let us see what the authorization header you are sending
looks like (obfuscating your oauth keys and secrets)?

What you're aiming for is a header similar to this:

POST /1/statuses/update.xml HTTP/1.1
Accept: */*
Connection: close
User-Agent: OAuth gem v0.4.0
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth
  oauth_consumer_key=\\,
  oauth_nonce=\\,
  oauth_signature=\\,
  oauth_signature_method=\HMAC-SHA1\,
  oauth_timestamp=\1276634179\,
  oauth_token=\xx\,
  oauth_version=\1.0\
Content-Length: 27
Host: api.twitter.com

With your post body being the status you are sending. Similar to:

status=something%20to%20say

Matt

On Jun 13, 8:32 pm, Craig chanson9...@gmail.com wrote:

 Ok, so I believe my signature is correct because if I take out the
 oauth_token parameter from the signature base I get an incorrect
 signature error instead of the invalid/used nonce error.  I am
 definitely posting to the correct url: https://api.twitter.com/1/
 statuses/update.xml because if I change it I get an invalid url
 response.  The nonce I'm generating is unique for every request I'm
 sending.  The timestamp is accurate to the number of seconds that have
 passed since unix epoch.  Obviously the invalid/used nonce error is
 garbage.

 Here's the formatting of my URL request in obj c:

 // Create the request
 NSString* requestString= [NSString
 stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
 NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
                                 initWithURL:[NSURL
   URLWithString:requestString]

   cachePolicy:NSURLRequestReloadIgnoringCacheData
                                     timeoutInterval:30.0];
 [request setHTTPMethod:@POST];
 [request addValue:authHeader forHTTPHeaderField:@Authorization];
 [request 

[twitter-dev] Re: xAuth - favorites/create - bug - 401 error

[chiu ming luk]

Hi Taylor,

Thanks for the prompt reply

consumer key = vfM8qYNAEBfZsofKDNX65Q
consumer secret = fwBTEa4GRCPkszO26ma5mFLi1aInV82JTxJWbuL26g

token key = 13073932-seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyA
token secret = Y0cXVWuoymSiVRRhFMpCoHqQuJ2BxNSjRqotpRZx0

thanks
-chiu


On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Can you share your signature base string that was used to create this
 request?

 I also highly recommending using HTTP Header-based OAuth instead of
 query-string based OAuth. It separates concerns and makes debugging much
 simpler.

 Taylor Singletary
 Developer Advocate, Twitterhttp://twitter.com/episod

 On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.comwrote:

  The xAuth - favorites/create - is broken

  I make calls to - favorites/create with an ID parameter using xAuth

  $response = $connection-get ( 'favorites/create', array ('id' =
  $status_id ) );

  but I always getting 401 Not authorized Error

  ===
  /1/favorites/create.json?

  id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY
  %3Doauth_signature_method=HMAC-
  SHA1oauth_timestamp=1276713005oauth_token=13073932-
  seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0
  ===

  On the other hand, The exact same request using Basic
  Authentication, It will work fine. I either getting
  - You have already favorited this status.
  - Favorites added

Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error

[Taylor Singletary]

Hi Chiu,

You're going to want to reset your keys on your application settings on
dev.twitter.com -- we will really recommend not posting your consumer
secrets to the group -- but easy to rectify if you go and change your keys.

Your signature base string is actually a bit different than your keys. In
many OAuth libraries, they are difficult to access while other libraries
will make it easy. If you trace your code execution path through the OAuth
library you are using, you will find the step where your signature base
string is created -- that particular string holds most of the things that
can go wrong in an OAuth request.

Taylor

On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote:

 Hi Taylor,

 Thanks for the prompt reply



 thanks
 -chiu


 On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com
 wrote:
  Can you share your signature base string that was used to create this
  request?
 
  I also highly recommending using HTTP Header-based OAuth instead of
  query-string based OAuth. It separates concerns and makes debugging much
  simpler.
 
  Taylor Singletary
  Developer Advocate, Twitterhttp://twitter.com/episod
 
  On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com
 wrote:
 
   The xAuth - favorites/create - is broken
 
   I make calls to - favorites/create with an ID parameter using xAuth
 
   $response = $connection-get ( 'favorites/create', array ('id' =
   $status_id ) );
 
   but I always getting 401 Not authorized Error
 
   ===
   /1/favorites/create.json?
 
  
 id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY
   %3Doauth_signature_method=HMAC-
   SHA1oauth_timestamp=1276713005oauth_token=13073932-
   seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0
   ===
 
   On the other hand, The exact same request using Basic
   Authentication, It will work fine. I either getting
   - You have already favorited this status.
   - Favorites added
 
 

Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error

[Abraham Williams]

favorites/create should be a POST. Try:

$response = $connection-post( 'favorites/create', array ('id' = $status_id
) );

Abraham
-
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


On Wed, Jun 16, 2010 at 12:57, Taylor Singletary 
taylorsinglet...@twitter.com wrote:

 Hi Chiu,

 You're going to want to reset your keys on your application settings on
 dev.twitter.com -- we will really recommend not posting your consumer
 secrets to the group -- but easy to rectify if you go and change your keys.

 Your signature base string is actually a bit different than your keys. In
 many OAuth libraries, they are difficult to access while other libraries
 will make it easy. If you trace your code execution path through the OAuth
 library you are using, you will find the step where your signature base
 string is created -- that particular string holds most of the things that
 can go wrong in an OAuth request.

 Taylor

 On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote:

 Hi Taylor,

 Thanks for the prompt reply



 thanks
 -chiu


 On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com
 wrote:
  Can you share your signature base string that was used to create this
  request?
 
  I also highly recommending using HTTP Header-based OAuth instead of
  query-string based OAuth. It separates concerns and makes debugging much
  simpler.
 
  Taylor Singletary
  Developer Advocate, Twitterhttp://twitter.com/episod
 
  On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com
 wrote:
 
   The xAuth - favorites/create - is broken
 
   I make calls to - favorites/create with an ID parameter using xAuth
 
   $response = $connection-get ( 'favorites/create', array ('id' =
   $status_id ) );
 
   but I always getting 401 Not authorized Error
 
   ===
   /1/favorites/create.json?
 
  
 id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY
   %3Doauth_signature_method=HMAC-
   SHA1oauth_timestamp=1276713005oauth_token=13073932-
   seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0
   ===
 
   On the other hand, The exact same request using Basic
   Authentication, It will work fine. I either getting
   - You have already favorited this status.
   - Favorites added
 
 

[twitter-dev] Re: 413 Request Entity Too Large for Direct Message

[El Greg]

Bump - any idea on this? I'm trying to switch my app to OAuth before
the big switch at the end of June.

Thanks,

Greg

On Jun 13, 10:32 pm, El Greg greglaval...@gmail.com wrote:
 Hi there - I'm trying to get set up with the new OAuth API for a
 little app that I'm hosting on site5. When make a signed POST request
 from the app on my home machine, it works just fine. When I have the
 application do it on my host, the response to my curl request is a 413
 Requet Entity Too large and looks like this (hope it comes out):

 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
 htmlhead
 title413 Request Entity Too Large/title
 /headbody
 h1Request Entity Too Large/h1
 The requested resourcebr //direct_messages/new.jsonbr /
 does not allow request data with POST requests, or the amount of data
 provided in
 the request exceeds the capacity limit.
 pAdditionally, a 413 Request Entity Too Large
 error was encountered while trying to use an ErrorDocument to handle
 the request./p
 /body/html

 I'm not sure if I want to post the entire signed request and its
 parameters for security reasons.  I can't understand why it would work
 locally and not up on the server... Is it possible that my web host is
 attaching some junk to the request that twitter is rejecting?

[twitter-dev] Re: oAuth for server-side applications

[Rob]

I'm working (more or less) in Java. I'm planning to start picking
through the Scribe library to see the flow.


The flow (http://dev.twitter.com/images/dev/oauth_diagram.png) makes
sense.  What I'm having difficulty with is mapping the pieces of that
diagram to the single token solution.  What steps from the diagram
(and in what sequence) apply to the STS?

Also, in the case of server-side accesses, what is the mapping of
Twitter application registrations to Twitter IDs?  One app's
registration can access multiple Twitter IDs (concurrently) or is it
one app/reg per TwID?

Re: [twitter-dev] Re: oAuth for server-side applications

[Taylor Singletary]

Scribe is an excellent choice. The author is very responsive to issues as
well.

So, the one access token flow is essentially starting OAuth from the point
of having completed the Exchange Request Token for an Access Token flow --
now you have an oauth_token and oauth_token_secret that comprise your
access token and with it, you can make all the authenticated REST API
calls you know and love, signing the request with these credentials. With a
single access token use case, you don't implement any of the request_token,
authorize, or get access_token steps.

As for multiple accounts -- that's really all up to you. To associate more
accounts with the same application, you'll need to build out more of the
OAuth flow -- the my access token feature we offer will only give you an
access token for the user who owns the application. If you want to support
more accounts, simply push them through the request_token - authorize -
access_token flow, and you'll end up with more access tokens, which you'll
store and associate with the specific user, shifting contexts as needed (or
authorized) in your application.

Hope this helps.

Taylor

On Wed, Jun 16, 2010 at 1:11 PM, Rob robert-h...@comcast.net wrote:


 I'm working (more or less) in Java. I'm planning to start picking
 through the Scribe library to see the flow.


 The flow (http://dev.twitter.com/images/dev/oauth_diagram.png) makes
 sense.  What I'm having difficulty with is mapping the pieces of that
 diagram to the single token solution.  What steps from the diagram
 (and in what sequence) apply to the STS?

 Also, in the case of server-side accesses, what is the mapping of
 Twitter application registrations to Twitter IDs?  One app's
 registration can access multiple Twitter IDs (concurrently) or is it
 one app/reg per TwID?

Re: [twitter-dev] Re: 413 Request Entity Too Large for Direct Message

[Taylor Singletary]

Hi Greg,

Do you have any kind of HTTP proxy active in your other location? It's
definitely possible that they are messing with HTTP headers or proxying the
request in some way.

Though unrelated, you'll want to make sure that the time on your server is
within a reasonable amount of drift from our server time (which is included
in a HTTP header of every request).

Is just this particular POST request failing in your site5 server, or all
POST requests?

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Wed, Jun 16, 2010 at 1:08 PM, El Greg greglaval...@gmail.com wrote:

 Bump - any idea on this? I'm trying to switch my app to OAuth before
 the big switch at the end of June.

 Thanks,

 Greg

 On Jun 13, 10:32 pm, El Greg greglaval...@gmail.com wrote:
  Hi there - I'm trying to get set up with the new OAuth API for a
  little app that I'm hosting on site5. When make a signed POST request
  from the app on my home machine, it works just fine. When I have the
  application do it on my host, the response to my curl request is a 413
  Requet Entity Too large and looks like this (hope it comes out):
 
  !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
  htmlhead
  title413 Request Entity Too Large/title
  /headbody
  h1Request Entity Too Large/h1
  The requested resourcebr //direct_messages/new.jsonbr /
  does not allow request data with POST requests, or the amount of data
  provided in
  the request exceeds the capacity limit.
  pAdditionally, a 413 Request Entity Too Large
  error was encountered while trying to use an ErrorDocument to handle
  the request./p
  /body/html
 
  I'm not sure if I want to post the entire signed request and its
  parameters for security reasons.  I can't understand why it would work
  locally and not up on the server... Is it possible that my web host is
  attaching some junk to the request that twitter is rejecting?

[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce

[Craig]

I am in read/write mode.

I tried posting to two different twitter accounts without luck...my
dev account, where I know what the access secret and token is supposed
to be and another one I just created.  I know my access token and
secret are being stored correctly and I believe they are being used
correctly in the auth header and the signature base string.

Other thoughts?  It would be nice to get an error returned that was a
little more indicative of what the problem might be.  Invalid/used
nonce isn't really cutting it right now.

Thanks,
Craig

On Jun 16, 3:52 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Our setup is such that I can't easily trace a single request.

 Connecting some dots: if you have time, can you try to use a different
 access token with your keys and see if it has the ability to tweet?

 Can you go to your application settings and verify that your application is
 in read/write mode on dev.twitter.com?

 Finally, this might be a case of something funky with your client
 application -- which might be resolved by creating a new one. But let's rule
 out some other possibilities first.

 Taylor Singletary
 Developer Advocate, Twitterhttp://twitter.com/episod



 On Wed, Jun 16, 2010 at 12:39 PM, Craig chanson9...@gmail.com wrote:
  By the way, even when I try to tweet with just one word like: tweet,
  it doesn't work.  Just simple ascii characters.  Is there any way you
  can just intercept one of my test tweets and look at what, if anything
  might be going wrong on the server side?

  -Craig

  On Jun 16, 3:05 pm, Craig chanson9...@gmail.com wrote:
   My signature base string status pair looks like:
   status%3Dmy%2520tweet

   When I tried xAuth authentication with a * character in the password,
   it didn't work at first.  But once I double url encoded it, I was able
   to authenticate no problem.  So that definitely helps.  I am now
   double url encoding the username and password values.

   However, the tweet still didn't work.  I am double url encoding the
   status message in the signature base string and single url encoding it
   in the post body.

   Thanks,
   Craig

   On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com
   wrote:

Hi Craig,

Do you know if the status update, status=my%20tweet is being encoded
correctly in your signature base string (which is the string used to
  create
your signature).

For the signature base string, the key/value pair would look like:

status%3Dmy%2520tweet

Have you tried your xAuth authentication with spaces and other possible
  odd
characters yet in fields like the password?

Taylor

On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com wrote:
 Hi Matt,

 Thanks for responding.  My authorization header is still the same as
 it was in my first message above.  Here it is for another request I
 just tried:

 OAuth oauth_nonce=TEeSMm8q3m5abhmppain,
  oauth_signature_method=HMAC-
 SHA1, oauth_timestamp=1276701304,
 oauth_consumer_key=x, oauth_token=-
 x, oauth_signature=xxx
 %3D, oauth_version=1.0

 The post body is simply:
 status=my%20tweet

 When I create the request in objective c, it looks like this: (where
 authHeader is the authorization header noted above and postBody is
  the
 post body noted above):

 NSString* requestString= [NSString
 stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
 NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
                                initWithURL:[NSURL
 URLWithString:requestString]

 cachePolicy:NSURLRequestReloadIgnoringCacheData
                                    timeoutInterval:30.0];
 [request setHTTPMethod:@POST];
 [request addValue:authHeader forHTTPHeaderField:@Authorization];
 [request setValue:@application/x-www-form-urlencoded
 forHTTPHeaderField:@Content-Type];
 [request setValue:postBodyLength forHTTPHeaderField:@Content-
 Length];
 [request setHTTPBody:[postBody
 dataUsingEncoding:NSUTF8StringEncoding]];

 This type of formatting works just fine for my xAuth authentication.

 On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com wrote:
  Hey Craig,

  Could you let us see what the authorization header you are sending
  looks like (obfuscating your oauth keys and secrets)?

  What you're aiming for is a header similar to this:

  POST /1/statuses/update.xml HTTP/1.1
  Accept: */*
  Connection: close
  User-Agent: OAuth gem v0.4.0
  Content-Type: application/x-www-form-urlencoded
  Authorization: OAuth
    oauth_consumer_key=\\,
    oauth_nonce=\\,
    oauth_signature=\\,
    oauth_signature_method=\HMAC-SHA1\,
    oauth_timestamp=\1276634179\,
    

Re: [twitter-dev] Re: oauth status update returning error 401 invalid / used nonce

[Taylor Singletary]

I agree that it's the wrong error. We have a new, better implementation of
OAuth waiting in the wings that's going to be much more helpful in this
regard.

I'm still trying to rule out some possibilities. Can you try and create a
new application, then grab the access token from the my access token
feature, and try to post? It'll just help rule something out.

Taylor Singletary
Developer Advocate, Twitter
http://twitter.com/episod


On Wed, Jun 16, 2010 at 1:55 PM, Craig chanson9...@gmail.com wrote:

 I am in read/write mode.

 I tried posting to two different twitter accounts without luck...my
 dev account, where I know what the access secret and token is supposed
 to be and another one I just created.  I know my access token and
 secret are being stored correctly and I believe they are being used
 correctly in the auth header and the signature base string.

 Other thoughts?  It would be nice to get an error returned that was a
 little more indicative of what the problem might be.  Invalid/used
 nonce isn't really cutting it right now.

 Thanks,
 Craig

 On Jun 16, 3:52 pm, Taylor Singletary taylorsinglet...@twitter.com
 wrote:
  Our setup is such that I can't easily trace a single request.
 
  Connecting some dots: if you have time, can you try to use a different
  access token with your keys and see if it has the ability to tweet?
 
  Can you go to your application settings and verify that your application
 is
  in read/write mode on dev.twitter.com?
 
  Finally, this might be a case of something funky with your client
  application -- which might be resolved by creating a new one. But let's
 rule
  out some other possibilities first.
 
  Taylor Singletary
  Developer Advocate, Twitterhttp://twitter.com/episod
 
 
 
  On Wed, Jun 16, 2010 at 12:39 PM, Craig chanson9...@gmail.com wrote:
   By the way, even when I try to tweet with just one word like: tweet,
   it doesn't work.  Just simple ascii characters.  Is there any way you
   can just intercept one of my test tweets and look at what, if anything
   might be going wrong on the server side?
 
   -Craig
 
   On Jun 16, 3:05 pm, Craig chanson9...@gmail.com wrote:
My signature base string status pair looks like:
status%3Dmy%2520tweet
 
When I tried xAuth authentication with a * character in the password,
it didn't work at first.  But once I double url encoded it, I was
 able
to authenticate no problem.  So that definitely helps.  I am now
double url encoding the username and password values.
 
However, the tweet still didn't work.  I am double url encoding the
status message in the signature base string and single url encoding
 it
in the post body.
 
Thanks,
Craig
 
On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com
 
wrote:
 
 Hi Craig,
 
 Do you know if the status update, status=my%20tweet is being
 encoded
 correctly in your signature base string (which is the string used
 to
   create
 your signature).
 
 For the signature base string, the key/value pair would look like:
 
 status%3Dmy%2520tweet
 
 Have you tried your xAuth authentication with spaces and other
 possible
   odd
 characters yet in fields like the password?
 
 Taylor
 
 On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com
 wrote:
  Hi Matt,
 
  Thanks for responding.  My authorization header is still the same
 as
  it was in my first message above.  Here it is for another request
 I
  just tried:
 
  OAuth oauth_nonce=TEeSMm8q3m5abhmppain,
   oauth_signature_method=HMAC-
  SHA1, oauth_timestamp=1276701304,
  oauth_consumer_key=x, oauth_token=-
  x,
 oauth_signature=xxx
  %3D, oauth_version=1.0
 
  The post body is simply:
  status=my%20tweet
 
  When I create the request in objective c, it looks like this:
 (where
  authHeader is the authorization header noted above and postBody
 is
   the
  post body noted above):
 
  NSString* requestString= [NSString
  stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
  NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
 initWithURL:[NSURL
  URLWithString:requestString]
 
  cachePolicy:NSURLRequestReloadIgnoringCacheData
 timeoutInterval:30.0];
  [request setHTTPMethod:@POST];
  [request addValue:authHeader forHTTPHeaderField:@
 Authorization];
  [request setValue:@application/x-www-form-urlencoded
  forHTTPHeaderField:@Content-Type];
  [request setValue:postBodyLength forHTTPHeaderField:@Content-
  Length];
  [request setHTTPBody:[postBody
  dataUsingEncoding:NSUTF8StringEncoding]];
 
  This type of formatting works just fine for my xAuth
 authentication.
 
  On Jun 15, 4:44 pm, themattharris thematthar...@twitter.com
 wrote:
   Hey Craig,
 
   Could you let us 

[twitter-dev] Re: xAuth - favorites/create - bug - 401 error

[chiu ming luk]

If I do a HTTP POST - i got error message saying that

This method requires a GET.

On Jun 16, 1:00 pm, Abraham Williams 4bra...@gmail.com wrote:
 favorites/create should be a POST. Try:

 $response = $connection-post( 'favorites/create', array ('id' = $status_id
 ) );

 Abraham
 -
 Abraham Williams | Hacker Advocate |http://abrah.am
 @abraham |http://projects.abrah.am|http://blog.abrah.am
 This email is: [ ] shareable [x] ask first [ ] private.

 On Wed, Jun 16, 2010 at 12:57, Taylor Singletary 

 taylorsinglet...@twitter.com wrote:
  Hi Chiu,

  You're going to want to reset your keys on your application settings on
  dev.twitter.com -- we will really recommend not posting your consumer
  secrets to the group -- but easy to rectify if you go and change your keys.

  Your signature base string is actually a bit different than your keys. In
  many OAuth libraries, they are difficult to access while other libraries
  will make it easy. If you trace your code execution path through the OAuth
  library you are using, you will find the step where your signature base
  string is created -- that particular string holds most of the things that
  can go wrong in an OAuth request.

  Taylor

  On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk 
  lukchium...@gmail.comwrote:

  Hi Taylor,

  Thanks for the prompt reply

  thanks
  -chiu

  On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com
  wrote:
   Can you share your signature base string that was used to create this
   request?

   I also highly recommending using HTTP Header-based OAuth instead of
   query-string based OAuth. It separates concerns and makes debugging much
   simpler.

   Taylor Singletary
   Developer Advocate, Twitterhttp://twitter.com/episod

   On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com
  wrote:

The xAuth - favorites/create - is broken

I make calls to - favorites/create with an ID parameter using xAuth

$response = $connection-get ( 'favorites/create', array ('id' =
$status_id ) );

but I always getting 401 Not authorized Error

===
/1/favorites/create.json?

  id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY
%3Doauth_signature_method=HMAC-
SHA1oauth_timestamp=1276713005oauth_token=13073932-
seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0
===

On the other hand, The exact same request using Basic
Authentication, It will work fine. I either getting
- You have already favorited this status.
- Favorites added

[twitter-dev] Re: xAuth - favorites/create - bug - 401 error

[chiu ming luk]

The signature base string is the following
zZyk1NxKlpXZEapSszao6PCIAQM=

$signature = $this-build_signature($signature_method, $consumer,
$token);

thanks
-chiu


On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Hi Chiu,

 You're going to want to reset your keys on your application settings on
 dev.twitter.com -- we will really recommend not posting your consumer
 secrets to the group -- but easy to rectify if you go and change your keys.

 Your signature base string is actually a bit different than your keys. In
 many OAuth libraries, they are difficult to access while other libraries
 will make it easy. If you trace your code execution path through the OAuth
 library you are using, you will find the step where your signature base
 string is created -- that particular string holds most of the things that
 can go wrong in an OAuth request.

 Taylor

 On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote:

  Hi Taylor,

  Thanks for the prompt reply

  thanks
  -chiu

  On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com
  wrote:
   Can you share your signature base string that was used to create this
   request?

   I also highly recommending using HTTP Header-based OAuth instead of
   query-string based OAuth. It separates concerns and makes debugging much
   simpler.

   Taylor Singletary
   Developer Advocate, Twitterhttp://twitter.com/episod

   On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com
  wrote:

The xAuth - favorites/create - is broken

I make calls to - favorites/create with an ID parameter using xAuth

$response = $connection-get ( 'favorites/create', array ('id' =
$status_id ) );

but I always getting 401 Not authorized Error

===
/1/favorites/create.json?

  id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY
%3Doauth_signature_method=HMAC-
SHA1oauth_timestamp=1276713005oauth_token=13073932-
seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0
===

On the other hand, The exact same request using Basic
Authentication, It will work fine. I either getting
- You have already favorited this status.
- Favorites added

[twitter-dev] Re: xAuth - favorites/create - bug - 401 error

[chiu ming luk]

Request =
/1/favorites/create.json?
id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=6c2b0e1a7af3dd0b60680c8860e63454oauth_signature=zZyk1NxKlpXZEapSszao6PCIAQM
%3Doauth_signature_method=HMAC-
SHA1oauth_timestamp=1276724507oauth_token=13073932-
seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0

signature base string =
zZyk1NxKlpXZEapSszao6PCIAQM=

$signature = $this-build_signature($signature_method, $consumer,
$token);

thanks
-chiu

On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Hi Chiu,

 You're going to want to reset your keys on your application settings on
 dev.twitter.com -- we will really recommend not posting your consumer
 secrets to the group -- but easy to rectify if you go and change your keys.

 Your signature base string is actually a bit different than your keys. In
 many OAuth libraries, they are difficult to access while other libraries
 will make it easy. If you trace your code execution path through the OAuth
 library you are using, you will find the step where your signature base
 string is created -- that particular string holds most of the things that
 can go wrong in an OAuth request.

 Taylor

 On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.comwrote:

  Hi Taylor,

  Thanks for the prompt reply

  thanks
  -chiu

  On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com
  wrote:
   Can you share your signature base string that was used to create this
   request?

   I also highly recommending using HTTP Header-based OAuth instead of
   query-string based OAuth. It separates concerns and makes debugging much
   simpler.

   Taylor Singletary
   Developer Advocate, Twitterhttp://twitter.com/episod

   On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk lukchium...@gmail.com
  wrote:

The xAuth - favorites/create - is broken

I make calls to - favorites/create with an ID parameter using xAuth

$response = $connection-get ( 'favorites/create', array ('id' =
$status_id ) );

but I always getting 401 Not authorized Error

===
/1/favorites/create.json?

  id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY
%3Doauth_signature_method=HMAC-
SHA1oauth_timestamp=1276713005oauth_token=13073932-
seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0
===

On the other hand, The exact same request using Basic
Authentication, It will work fine. I either getting
- You have already favorited this status.
- Favorites added

Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error

[Abraham Williams]

Let us continue this on the issue tracker so we don't spam the list as
much: http://github.com/abraham/twitteroauth/issues#issue/33

Abraham
-
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.


On Wed, Jun 16, 2010 at 14:42, chiu ming luk lukchium...@gmail.com wrote:

 The signature base string is the following
 zZyk1NxKlpXZEapSszao6PCIAQM=

 $signature = $this-build_signature($signature_method, $consumer,
 $token);

 thanks
 -chiu


 On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com
 wrote:
  Hi Chiu,
 
  You're going to want to reset your keys on your application settings on
  dev.twitter.com -- we will really recommend not posting your consumer
  secrets to the group -- but easy to rectify if you go and change your
 keys.
 
  Your signature base string is actually a bit different than your keys. In
  many OAuth libraries, they are difficult to access while other libraries
  will make it easy. If you trace your code execution path through the
 OAuth
  library you are using, you will find the step where your signature base
  string is created -- that particular string holds most of the things that
  can go wrong in an OAuth request.
 
  Taylor
 
  On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.com
 wrote:
 
   Hi Taylor,
 
   Thanks for the prompt reply
 
   thanks
   -chiu
 
   On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com
   wrote:
Can you share your signature base string that was used to create this
request?
 
I also highly recommending using HTTP Header-based OAuth instead of
query-string based OAuth. It separates concerns and makes debugging
 much
simpler.
 
Taylor Singletary
Developer Advocate, Twitterhttp://twitter.com/episod
 
On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk 
 lukchium...@gmail.com
   wrote:
 
 The xAuth - favorites/create - is broken
 
 I make calls to - favorites/create with an ID parameter using
 xAuth
 
 $response = $connection-get ( 'favorites/create', array ('id' =
 $status_id ) );
 
 but I always getting 401 Not authorized Error
 
 ===
 /1/favorites/create.json?
 
  
 id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY
 %3Doauth_signature_method=HMAC-
 SHA1oauth_timestamp=1276713005oauth_token=13073932-
 seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0
 ===
 
 On the other hand, The exact same request using Basic
 Authentication, It will work fine. I either getting
 - You have already favorited this status.
 - Favorites added
 
 

[twitter-dev] Changing Application Ownership

[adambbraly]

About 6 months ago I built an application via the Twitter API for my
company using my personal twitter account. I am now leaving the
company, and would like to transfer ownership of the application to a
co-worker that is staying. How do I do this?

Re: [twitter-dev] Granularity for geo/search is strange/unknown

[David Helder]

That query will search for java java places of type neighborhood or
higher granularity (including city, admin, and country).  If you want
POI (or higher), set granularity to poi.  We do return results that
are far away.  This may be controllable in the future.

The autocomplete parameter is flag that's a hint that search is being
used for autocompletion.  It will favor results with matching
prefixes.

An admin place is an administrative area, such as a state or province.

David
Twitter Geo Team


On Wed, Jun 16, 2010 at 7:54 AM, MeltingIce meltingice8...@gmail.com wrote:
 Hey everyone,

 I am trying to search for locations using the new geo/search API call,
 but the granularity of the locations returned is nearby cities at best
 even though the granularity is set to neighborhood.  I would like to
 pass in simply a lat/long, but even when I pass in a search query as
 well, I either get extremely broad results or no results at all.

 Heres an example that I've been trying which is returning cities as
 far away as Virginia although the lat/long is really in Charleston,
 SC.

 http://api.twitter.com/1/geo/search.json?query=java+javaaccuracy=761.9884176autocomplete=falselong=-80.1489lat=32.6058granularity=neighborhood

 The autocomplete param is undocumented, although switching it from
 false to true doesn't seem to have an effect anyways.  Is there
 something I'm missing here?  Thanks in advance for the help!

Re: [twitter-dev] Re: xAuth - favorites/create - bug - 401 error

[Matt Harris]

The URL to create a favorite using the API is a POST to:

/1/favorites/create/id.format

So in your case it would be:

/1/favorites/create/16170711730.json

Give that a try and let us know how it goes. I know the docs on
dev.twitter.com are incorrect for this so i'll be updating them soon.

On Wed, Jun 16, 2010 at 2:46 PM, chiu ming luk lukchium...@gmail.comwrote:

 Request =
 /1/favorites/create.json?

 id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=6c2b0e1a7af3dd0b60680c8860e63454oauth_signature=zZyk1NxKlpXZEapSszao6PCIAQM
 %3Doauth_signature_method=HMAC-
 SHA1oauth_timestamp=1276724507oauth_token=13073932-
 seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0

 signature base string =
 zZyk1NxKlpXZEapSszao6PCIAQM=

 $signature = $this-build_signature($signature_method, $consumer,
 $token);

 thanks
 -chiu

 On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com
 wrote:
  Hi Chiu,
 
  You're going to want to reset your keys on your application settings on
  dev.twitter.com -- we will really recommend not posting your consumer
  secrets to the group -- but easy to rectify if you go and change your
 keys.
 
  Your signature base string is actually a bit different than your keys. In
  many OAuth libraries, they are difficult to access while other libraries
  will make it easy. If you trace your code execution path through the
 OAuth
  library you are using, you will find the step where your signature base
  string is created -- that particular string holds most of the things that
  can go wrong in an OAuth request.
 
  Taylor
 
  On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.com
 wrote:
 
   Hi Taylor,
 
   Thanks for the prompt reply
 
   thanks
   -chiu
 
   On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com
   wrote:
Can you share your signature base string that was used to create this
request?
 
I also highly recommending using HTTP Header-based OAuth instead of
query-string based OAuth. It separates concerns and makes debugging
 much
simpler.
 
Taylor Singletary
Developer Advocate, Twitterhttp://twitter.com/episod
 
On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk 
 lukchium...@gmail.com
   wrote:
 
 The xAuth - favorites/create - is broken
 
 I make calls to - favorites/create with an ID parameter using
 xAuth
 
 $response = $connection-get ( 'favorites/create', array ('id' =
 $status_id ) );
 
 but I always getting 401 Not authorized Error
 
 ===
 /1/favorites/create.json?
 
  
 id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY
 %3Doauth_signature_method=HMAC-
 SHA1oauth_timestamp=1276713005oauth_token=13073932-
 seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0
 ===
 
 On the other hand, The exact same request using Basic
 Authentication, It will work fine. I either getting
 - You have already favorited this status.
 - Favorites added
 
 




-- 


Matt Harris
Developer Advocate, Twitter
http://twitter.com/themattharris

Re: [twitter-dev] Changing Application Ownership

[Taylor Singletary]

Hi,

Just send an email to a...@twitter.com from the email address associated with
the account that currently owns the application, and include the target
account and email address owning the account that you want to take ownership
of the account. It'll get taken care of from there.

Your company may want a Twitter account of its own to associate directly
with the application so that ownership doesn't have to be transferred again.

Thanks,
Taylor

On Wed, Jun 16, 2010 at 2:45 PM, adambbraly adambbr...@gmail.com wrote:

 About 6 months ago I built an application via the Twitter API for my
 company using my personal twitter account. I am now leaving the
 company, and would like to transfer ownership of the application to a
 co-worker that is staying. How do I do this?

[twitter-dev] Re: xAuth - favorites/create - bug - 401 error

[chiu ming luk]

Yes, you are right,

abraham mention that the following will fix the problem

$response = $connection-post('favorites/create/' . $status_id);

-chiu


On Jun 16, 2:51 pm, Matt Harris thematthar...@twitter.com wrote:
 The URL to create a favorite using the API is a POST to:

 /1/favorites/create/id.format

 So in your case it would be:

 /1/favorites/create/16170711730.json

 Give that a try and let us know how it goes. I know the docs on
 dev.twitter.com are incorrect for this so i'll be updating them soon.

 On Wed, Jun 16, 2010 at 2:46 PM, chiu ming luk lukchium...@gmail.comwrote:



  Request =
  /1/favorites/create.json?

  id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=6c2b0e1a7af3dd0b60680c8860e63454oauth_signature=zZyk1NxKlpXZEapSszao6PCIAQM
  %3Doauth_signature_method=HMAC-
  SHA1oauth_timestamp=1276724507oauth_token=13073932-
  seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0

  signature base string =
  zZyk1NxKlpXZEapSszao6PCIAQM=

  $signature = $this-build_signature($signature_method, $consumer,
  $token);

  thanks
  -chiu

  On Jun 16, 12:57 pm, Taylor Singletary taylorsinglet...@twitter.com
  wrote:
   Hi Chiu,

   You're going to want to reset your keys on your application settings on
   dev.twitter.com -- we will really recommend not posting your consumer
   secrets to the group -- but easy to rectify if you go and change your
  keys.

   Your signature base string is actually a bit different than your keys. In
   many OAuth libraries, they are difficult to access while other libraries
   will make it easy. If you trace your code execution path through the
  OAuth
   library you are using, you will find the step where your signature base
   string is created -- that particular string holds most of the things that
   can go wrong in an OAuth request.

   Taylor

   On Wed, Jun 16, 2010 at 12:53 PM, chiu ming luk lukchium...@gmail.com
  wrote:

Hi Taylor,

Thanks for the prompt reply

thanks
-chiu

On Jun 16, 12:35 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Can you share your signature base string that was used to create this
 request?

 I also highly recommending using HTTP Header-based OAuth instead of
 query-string based OAuth. It separates concerns and makes debugging
  much
 simpler.

 Taylor Singletary
 Developer Advocate, Twitterhttp://twitter.com/episod

 On Wed, Jun 16, 2010 at 11:44 AM, chiu ming luk 
  lukchium...@gmail.com
wrote:

  The xAuth - favorites/create - is broken

  I make calls to - favorites/create with an ID parameter using
  xAuth

  $response = $connection-get ( 'favorites/create', array ('id' =
  $status_id ) );

  but I always getting 401 Not authorized Error

  ===
  /1/favorites/create.json?

  id=16170711730oauth_consumer_key=vfM8qYNAEBfZsofKDNX65Qoauth_nonce=bde7b35f5206ebc8a2cc31a7ea2b86acoauth_signature=V6%2BeC7%2FODp42W6GPV4EDWNpvSqY
  %3Doauth_signature_method=HMAC-
  SHA1oauth_timestamp=1276713005oauth_token=13073932-
  seUruGITdpHxCJsoUhpjectP4hpdRubW62Q7nftyAoauth_version=1.0
  ===

  On the other hand, The exact same request using Basic
  Authentication, It will work fine. I either getting
  - You have already favorited this status.
  - Favorites added

 --

 Matt Harris
 Developer Advocate, Twitterhttp://twitter.com/themattharris

[twitter-dev] Re: oauth status update returning error 401 invalid / used nonce

[Craig]

Just tried it.  Same error.  So at least that rules something out...

-Craig

On Jun 16, 5:19 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 I agree that it's the wrong error. We have a new, better implementation of
 OAuth waiting in the wings that's going to be much more helpful in this
 regard.

 I'm still trying to rule out some possibilities. Can you try and create a
 new application, then grab the access token from the my access token
 feature, and try to post? It'll just help rule something out.

 Taylor Singletary
 Developer Advocate, Twitterhttp://twitter.com/episod



 On Wed, Jun 16, 2010 at 1:55 PM, Craig chanson9...@gmail.com wrote:
  I am in read/write mode.

  I tried posting to two different twitter accounts without luck...my
  dev account, where I know what the access secret and token is supposed
  to be and another one I just created.  I know my access token and
  secret are being stored correctly and I believe they are being used
  correctly in the auth header and the signature base string.

  Other thoughts?  It would be nice to get an error returned that was a
  little more indicative of what the problem might be.  Invalid/used
  nonce isn't really cutting it right now.

  Thanks,
  Craig

  On Jun 16, 3:52 pm, Taylor Singletary taylorsinglet...@twitter.com
  wrote:
   Our setup is such that I can't easily trace a single request.

   Connecting some dots: if you have time, can you try to use a different
   access token with your keys and see if it has the ability to tweet?

   Can you go to your application settings and verify that your application
  is
   in read/write mode on dev.twitter.com?

   Finally, this might be a case of something funky with your client
   application -- which might be resolved by creating a new one. But let's
  rule
   out some other possibilities first.

   Taylor Singletary
   Developer Advocate, Twitterhttp://twitter.com/episod

   On Wed, Jun 16, 2010 at 12:39 PM, Craig chanson9...@gmail.com wrote:
By the way, even when I try to tweet with just one word like: tweet,
it doesn't work.  Just simple ascii characters.  Is there any way you
can just intercept one of my test tweets and look at what, if anything
might be going wrong on the server side?

-Craig

On Jun 16, 3:05 pm, Craig chanson9...@gmail.com wrote:
 My signature base string status pair looks like:
 status%3Dmy%2520tweet

 When I tried xAuth authentication with a * character in the password,
 it didn't work at first.  But once I double url encoded it, I was
  able
 to authenticate no problem.  So that definitely helps.  I am now
 double url encoding the username and password values.

 However, the tweet still didn't work.  I am double url encoding the
 status message in the signature base string and single url encoding
  it
 in the post body.

 Thanks,
 Craig

 On Jun 16, 11:30 am, Taylor Singletary taylorsinglet...@twitter.com

 wrote:

  Hi Craig,

  Do you know if the status update, status=my%20tweet is being
  encoded
  correctly in your signature base string (which is the string used
  to
create
  your signature).

  For the signature base string, the key/value pair would look like:

  status%3Dmy%2520tweet

  Have you tried your xAuth authentication with spaces and other
  possible
odd
  characters yet in fields like the password?

  Taylor

  On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com
  wrote:
   Hi Matt,

   Thanks for responding.  My authorization header is still the same
  as
   it was in my first message above.  Here it is for another request
  I
   just tried:

   OAuth oauth_nonce=TEeSMm8q3m5abhmppain,
oauth_signature_method=HMAC-
   SHA1, oauth_timestamp=1276701304,
   oauth_consumer_key=x, oauth_token=-
   x,
  oauth_signature=xxx
   %3D, oauth_version=1.0

   The post body is simply:
   status=my%20tweet

   When I create the request in objective c, it looks like this:
  (where
   authHeader is the authorization header noted above and postBody
  is
the
   post body noted above):

   NSString* requestString= [NSString
   stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
   NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
                                  initWithURL:[NSURL
   URLWithString:requestString]

   cachePolicy:NSURLRequestReloadIgnoringCacheData
                                      timeoutInterval:30.0];
   [request setHTTPMethod:@POST];
   [request addValue:authHeader forHTTPHeaderField:@
  Authorization];
   [request setValue:@application/x-www-form-urlencoded
   forHTTPHeaderField:@Content-Type];
   [request setValue:postBodyLength forHTTPHeaderField:@Content-
   Length];
   [request setHTTPBody:[postBody
   

Re: [twitter-dev] Re: oauth status update returning error 401 invalid / used nonce

[Taylor Singletary]

Can you follow up with me off the list and I'll help you out tomorrow? We'll
need to compare signatures and work with me knowing your application
secrets. There's something subtle going on.

Taylor

On Wed, Jun 16, 2010 at 3:22 PM, Craig chanson9...@gmail.com wrote:

 Just tried it.  Same error.  So at least that rules something out...

 -Craig

 On Jun 16, 5:19 pm, Taylor Singletary taylorsinglet...@twitter.com
 wrote:
  I agree that it's the wrong error. We have a new, better implementation
 of
  OAuth waiting in the wings that's going to be much more helpful in this
  regard.
 
  I'm still trying to rule out some possibilities. Can you try and create a
  new application, then grab the access token from the my access token
  feature, and try to post? It'll just help rule something out.
 
  Taylor Singletary
  Developer Advocate, Twitterhttp://twitter.com/episod
 
 
 
  On Wed, Jun 16, 2010 at 1:55 PM, Craig chanson9...@gmail.com wrote:
   I am in read/write mode.
 
   I tried posting to two different twitter accounts without luck...my
   dev account, where I know what the access secret and token is supposed
   to be and another one I just created.  I know my access token and
   secret are being stored correctly and I believe they are being used
   correctly in the auth header and the signature base string.
 
   Other thoughts?  It would be nice to get an error returned that was a
   little more indicative of what the problem might be.  Invalid/used
   nonce isn't really cutting it right now.
 
   Thanks,
   Craig
 
   On Jun 16, 3:52 pm, Taylor Singletary taylorsinglet...@twitter.com
   wrote:
Our setup is such that I can't easily trace a single request.
 
Connecting some dots: if you have time, can you try to use a
 different
access token with your keys and see if it has the ability to tweet?
 
Can you go to your application settings and verify that your
 application
   is
in read/write mode on dev.twitter.com?
 
Finally, this might be a case of something funky with your client
application -- which might be resolved by creating a new one. But
 let's
   rule
out some other possibilities first.
 
Taylor Singletary
Developer Advocate, Twitterhttp://twitter.com/episod
 
On Wed, Jun 16, 2010 at 12:39 PM, Craig chanson9...@gmail.com
 wrote:
 By the way, even when I try to tweet with just one word like:
 tweet,
 it doesn't work.  Just simple ascii characters.  Is there any way
 you
 can just intercept one of my test tweets and look at what, if
 anything
 might be going wrong on the server side?
 
 -Craig
 
 On Jun 16, 3:05 pm, Craig chanson9...@gmail.com wrote:
  My signature base string status pair looks like:
  status%3Dmy%2520tweet
 
  When I tried xAuth authentication with a * character in the
 password,
  it didn't work at first.  But once I double url encoded it, I was
   able
  to authenticate no problem.  So that definitely helps.  I am now
  double url encoding the username and password values.
 
  However, the tweet still didn't work.  I am double url encoding
 the
  status message in the signature base string and single url
 encoding
   it
  in the post body.
 
  Thanks,
  Craig
 
  On Jun 16, 11:30 am, Taylor Singletary 
 taylorsinglet...@twitter.com
 
  wrote:
 
   Hi Craig,
 
   Do you know if the status update, status=my%20tweet is being
   encoded
   correctly in your signature base string (which is the string
 used
   to
 create
   your signature).
 
   For the signature base string, the key/value pair would look
 like:
 
   status%3Dmy%2520tweet
 
   Have you tried your xAuth authentication with spaces and other
   possible
 odd
   characters yet in fields like the password?
 
   Taylor
 
   On Wed, Jun 16, 2010 at 8:21 AM, Craig chanson9...@gmail.com
   wrote:
Hi Matt,
 
Thanks for responding.  My authorization header is still the
 same
   as
it was in my first message above.  Here it is for another
 request
   I
just tried:
 
OAuth oauth_nonce=TEeSMm8q3m5abhmppain,
 oauth_signature_method=HMAC-
SHA1, oauth_timestamp=1276701304,
oauth_consumer_key=x,
 oauth_token=-
x,
   oauth_signature=xxx
%3D, oauth_version=1.0
 
The post body is simply:
status=my%20tweet
 
When I create the request in objective c, it looks like this:
   (where
authHeader is the authorization header noted above and
 postBody
   is
 the
post body noted above):
 
NSString* requestString= [NSString
stringWithFormat:@%@,TWITTER_STATUS_UPDATE_URL];
NSMutableURLRequest* request = [[NSMutableURLRequest alloc]
   initWithURL:[NSURL
URLWithString:requestString]
 

[twitter-dev] Places database - how to get listed?

[M. Edward (Ed) Borasky]

Suppose a merchant - let's say a coffee shop - is listed in Google and  
Yahoo's database. Are they *automatically* in Twitter's place  
database? If not, how do they get listed? Does it cost anything?


As an aside, I know of a restaurant in Portland that's in the Google  
database with the correct address, but they showed up in Google Maps a  
couple of weeks ago a mile or so east of where they actually are. ;-)

Re: [twitter-dev] jQuery get getting empty value

[Steve Brunton]

On Wed, Jun 16, 2010 at 7:02 PM, Peter Denton petermden...@gmail.com wrote:
 Hello,
 Please accept this question as a sanity check for myself. Im using jQuery -
 (google cache of latest version). getting  empty/null for the following,
 when I should be getting json back. Thanks

 // gets empty response
  $.ajax({
     type: GET,
     url: http://api.twitter.com/1/statuses/followers/aplusk.json;,
     cache: false,
     success: function(data) {
     alert(data);
     }
   });

 // gets null response
 $.getJSON('http://api.twitter.com/1/statuses/followers/aplusk.json',
 function(data) {
     alert(data);
 });


If you just do a GET/wget/curl (pick your favorite) to
http://api.twitter.com/1/statuses/followers/aplusk.json from the
machine you are running that code in a browser from (or even hit the
API from the browser) do you get a response back? Could it be
returning an 4xx or 5xx error and you aren't seeing that since there
is no error: callback?

I just did a GET from one of my workstations and got a JSON response.


-steve

Re: [twitter-dev] jQuery get getting empty value

[Peter Denton]

if I do a curl, I get the response as expected. Its only from jQuery that I
get null.

On Wed, Jun 16, 2010 at 4:21 PM, Steve Brunton brun...@dudeman.com wrote:

 On Wed, Jun 16, 2010 at 7:02 PM, Peter Denton petermden...@gmail.com
 wrote:
  Hello,
  Please accept this question as a sanity check for myself. Im using jQuery
 -
  (google cache of latest version). getting  empty/null for the following,
  when I should be getting json back. Thanks
 
  // gets empty response
   $.ajax({
  type: GET,
  url: 
 http://api.twitter.com/1/statuses/followers/aplusk.json;,
  cache: false,
  success: function(data) {
  alert(data);
  }
});
 
  // gets null response
  $.getJSON('http://api.twitter.com/1/statuses/followers/aplusk.json',
  function(data) {
  alert(data);
  });
 

 If you just do a GET/wget/curl (pick your favorite) to
 http://api.twitter.com/1/statuses/followers/aplusk.json from the
 machine you are running that code in a browser from (or even hit the
 API from the browser) do you get a response back? Could it be
 returning an 4xx or 5xx error and you aren't seeing that since there
 is no error: callback?

 I just did a GET from one of my workstations and got a JSON response.


 -steve




-- 
Peter Denton
Co-Founder, Product Marketing
www.mombo.com
cell: (206) 427-3866
twitter @Mombo_movies
twitter - personal: @petermdenton

Re: [twitter-dev] Places database - how to get listed?

[Bernd Stramm]

On Wed, 16 Jun 2010 16:11:34 -0700
M. Edward (Ed) Borasky zn...@borasky-research.net wrote:

 Suppose a merchant - let's say a coffee shop - is listed in Google
 and Yahoo's database. Are they *automatically* in Twitter's place  
 database? If not, how do they get listed? Does it cost anything?
 
 As an aside, I know of a restaurant in Portland that's in the Google  
 database with the correct address, but they showed up in Google Maps
 a couple of weeks ago a mile or so east of where they actually
 are. ;-)
 

I know of a restaurant that is listed in Google Maps, has been in the
same location for more than 5 years. The satellite image, with a
copyright of 2010, still doesn't show the building.

-- 
Bernd Stramm
bernd.str...@gmail.com

[twitter-dev] Twitter4J Bounding Boxes?

[Aidan C]

Hey guys,
I've started a streamer via Twitter4J and I'm consuming tweets with
certain keywords currently. I'd like to only get tweets within a
certain location e.g within a certain country. I understand bounding
boxes will do this? But I don't know how I'd implement them within
twitter4J. Does anyone know?
Thanks!

Re: [twitter-dev] Places database - how to get listed?

[M. Edward (Ed) Borasky]

Quoting Bernd Stramm bernd.str...@gmail.com:


On Wed, 16 Jun 2010 16:11:34 -0700
M. Edward (Ed) Borasky zn...@borasky-research.net wrote:


Suppose a merchant - let's say a coffee shop - is listed in Google
and Yahoo's database. Are they *automatically* in Twitter's place
database? If not, how do they get listed? Does it cost anything?

As an aside, I know of a restaurant in Portland that's in the Google
database with the correct address, but they showed up in Google Maps
a couple of weeks ago a mile or so east of where they actually
are. ;-)



I know of a restaurant that is listed in Google Maps, has been in the
same location for more than 5 years. The satellite image, with a
copyright of 2010, still doesn't show the building.


Yes - I've eaten there - a lot of NSA folks from Fort Meade have lunch  
there. ;-)

[twitter-dev] track with CJK (non-English) Does it work?

[paloalto]

I am trying to track several Korean words that I put in a file called
tracking and it does not work.
It works with English. But, not Korean words.
Is track working with cjk (foreign langauge)?

curl -d @tracking http://stream.twitter.com/1/statuses/filter.json

[twitter-dev] Re: Using OAuth with a one-user application

[Jerry Thompson]

You can build a single oauth token and secret for that single account
and store it.  It won't expire unless the @nice_group_of_people
twitter account removes access to your app (which I doubt you would
do).

So essentially, generate the oauth token/secret, store it in a DB and
using whatever authentication method you have in front of it to
prevent unauthorized access by anyone that shouldn't use it, you
should be good to go.


On Jun 14, 10:09 pm, Felipe Sodré Silva fso...@gmail.com wrote:
 Hi everyone.

 I'm brand new to OAuth and have read some documents on how it works, but
 there's something that is still not clear to me.

 Let's say I want to build an application in which I want to allow a group of
 people to send updates through a unique twitter account
 (@nice_group_of_people, for example).

 If I use OAuth for this, do I need to get a new Access Token for every
 update my application sends on behalf of @nice_group_of_people, or can I
 just do it once and store the Access Token forever? Does the Access Token
 expires somehow?

 Best Regards,

 Felipe

[twitter-dev] Is oauth_callback param disabled?

[Neuromaster]

I'm having trouble  getting a request_token while using oauth_callback
param.
Without it the request_token is send , but when I include it the HTTP
request  i get the classical Failed to validate oauth signature and
token error.

I've tried  both the POST( Header - Authorization: OAuth ... ) and
the GET( simple query) approaches whitout success.

Reading this http://dev.twitter.com/pages/auth tutorial  I observed
that the callback url ,from the signature base , is two times URL
encoded ( is this  normal?)

Proof:

POSThttps%3A%2F%2Fapi.twitter.com%2Foauth
%2Frequest_tokenoauth_callback%3Dhttp%253A%252F%252Flocalhost
%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id
%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce
%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0


URL decoded  becomes this:

POSThttps://api.twitter.com/oauth/request_tokenoauth_callback=http%3A
%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback
%3Fservice_provider_id
%3D11oauth_consumer_key=GDdmIQH6jhtmLUypg82goauth_nonce=QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqkoauth_signature_method=HMAC-
SHA1oauth_timestamp=1272323042oauth_version=1.0

[twitter-dev] Need help with PayPal security requirements

[Jonathon Hill]

I'm trying to get approval from PayPal to use their Preapproval API,
and to do so my application must meet several requirements. I won't
post the entire list here, because it isn't applicable to Twitter,
however since users log in to my application via Twitter OAuth several
of them are applicable:



A1. User passwords must conform to industry best practices for content

Generally, the length should be at least 6 characters, and contain at
least one alpha and one numeric. Candidate passwords which meet the
static syntactical requirements should also be passed across a
dictionary of common passwords, and rules – no passwords of
“blink182”, or passwords which are the same as the user-ID, for
example.



A6. A control must be implemented that prevents the brute force attack
of login credentials.

A common attack against web sites is to attempt to login in with a
variety of different commonly used passwords for a given login id.
There must be some method used to ensure that one is unable to perform
this sort of attack. A common solution is to lock login attempts on an
account for some period of time. In order to ensure that these
mechanisms do not generate a means of denial of service attacks
against accounts, these lockouts should cancel after a period of time
(a few hours is typical).



A7. A control must be implemented that prevents brute force guessing
of passwords, especially if the attack is originating from a botnet.

Typically, this will require collecting metadata about logons, logging
them into a central log store, and then performing real-time analytics
against that data. If a brute force attack is detected, a strong
CAPTCHA (resistant against machine/scripted attacks) would be switched
on. There are other implementation techniques, but this is the least
invasive from a user experience perspective. Note – this is
conceptually and functionally different from A6.



B1. Login credentials must only be collected on pages that implement
https with Extended Validation (EV) certificates.

In order to allow customers to verify that they are truly connected to
the partner site and to encourage general good practices, login
credentials must be collected on pages that are https enabled, and
using Extended Validation (EV) certificates.



So, my questions are:

1. Would you guys be willing to add to your API to allow enforcing
tighter password requirements as needed?

2. Will you upgrade your SSL certificate on api.twitter.com to one
with Extended Validation? It seems like this would be relatively easy
and inexpensive to do, and beneficial to all.

3. How does https://api.twitter.com/oauth/authenticate respond to
brute-force attacks on login credentials?

Thanks!

Jonathon Hill
@compwright
@rainmakerapp