[twitter-dev] statuses/update failing to wrap 127.0.0.1 URLs via t.co after opting in

2011-08-11 Thread Chris McClelland
After opting into the optional t.co wrapping, we are still getting the 
following error when trying to post statuses w/ URLs that are greater than 
140 characters in length.

Example:

I just posted a review of the Roast Beef with Scallion Roll from Taiwan Cafe 
on Tasted Menu! 
http://127.0.0.1/boston/restaurants/taiwan-cafe/roast-beef-with-scallion-roll

Returns:  POST https://api.twitter.com/1/statuses/update.json: 403: Status 
is over 140 characters.

But if we change the 127.0.0.1 to 'www.tastedmenu.com', e.g.:

I just posted a review of the Roast Beef with Scallion Roll from Taiwan Cafe 
on Tasted Menu! 
http://www.tastedmenu.com/boston/restaurants/taiwan-cafe/roast-beef-with-scallion-roll

... it posts properly.

I assume t.co is punting on wrapping 127.0.0.1 URLs. Is this expected 
behavior?

Thanks,

Chris

-- 
Have you visited the Developer Discussions feature on 
https://dev.twitter.com/discussions yet?

Twitter developer links:
Documentation and resources: https://dev.twitter.com/docs
API updates via Twitter: https://twitter.com/twitterapi

Unsubscribe or change your group membership settings: 
http://groups.google.com/group/twitter-development-talk/subscribe


[twitter-dev] Sign in with Twitter example for App Engine

2011-07-31 Thread Chris Baus
All-

For fellow app engine developers, I developed a small sample app which
shows how to use Twitter's Sign in with Twitter OAuth delegated
authentication on App Engine. App Engine apps typically use Google's
own authentication, but by adding session support, it is fairly
straight forward to support other authentication mechanisms.

Feedback is a appreciated. The code is on github:
https://github.com/baus/App-Engine-Sign-In-With-Twitter

-Chris

-- 
Have you visited the Developer Discussions feature on 
https://dev.twitter.com/discussions yet?

Twitter developer links:
Documentation and resources: https://dev.twitter.com/docs
API updates via Twitter: https://twitter.com/twitterapi

Unsubscribe or change your group membership settings: 
http://groups.google.com/group/twitter-development-talk/subscribe


[twitter-dev] Re: Open DM availability only for Verified Accounts?

2011-07-10 Thread Chris Teso
Bump.

We'd love to be verified at http://sellsimp.ly as we have core
functionality that relys on DMs. If users could Dm without us
following it would be of great assistance.

Thanks,
Chris

On Jul 5, 8:39 am, Ryan craft.r...@gmail.com wrote:
 Searched this forum and found nothing, but apparently you guys are rolling
 out a new feature for Verified accounts to be able to receive DM's without
 having to follow back each user.

 See:http://thenextweb.com/twitter/2011/07/04/twitter-drops-following-requ...

 This leads to multiple questions:

 1) Is it possible for regular small businesses to gain verified status? Or
 is this just limited to mega brands/businesses?  Obviously this feature
 would be very helpful to more than just the select few verified business
 accounts.

 2) Why not let any user apply this feature in their settings panel? If
 worried about DM spam, I don't really see the downside as they would only be
 inflicting spam on themselves. Any chance of this happening?

 3) Can verified users turn this off if its not desirable for their specific
 situation?  

 Thanks,
 Ryan

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk


[twitter-dev] Counter not increasing

2011-07-01 Thread Chris Stamp
Just put a new site live, but the Twitter counter is not working
(although the button works fine otherwise).

The site is www.euphonious.eu, and the button code is:

 a href=http://twitter.com/share; class=twitter-share-button data-
url=http://bit.ly/lOLzyy; data-text=Euphonious website is now live!
data-count=horizontal data-via=EuphoniousLtdTweet/ascript
type=text/javascript src=http://platform.twitter.com/widgets.js;/
script

Can anyone see the problem? Any assistance gratefully received.

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk


[twitter-dev] Re: Counter not increasing

2011-07-01 Thread Chris Stamp

I should clarify that the counter just remains at zero after the
button is used.

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk


[twitter-dev] Re: The new permission model (R / RW / RWD) is now in effect

2011-06-30 Thread Chris Teso
Arnaud  Taylor,

Thanks for the response. I must say that I'm confused as to why the
decision was made to block ones own app from reading their own DMs?
Can you elaborate on the logic behind this decision?

It seems logical that I would not have to re-authorize my own app
tokens to view my own DMs. Further, I do not want to change my apps
permission levels to do so. This effects ALL of our customers solely
so I can read my own apps DMs! If I follow Taylors suggested new token
request, can I then revert my apps permissions and still access my
apps own dms? ie: I DEFINITELY do not want to keep my app permissions
set to R/W/DM when I don't need to access any customer DM data.

Thanks,
Chris


On Jun 30, 12:17 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Additionally, newly generated tokens with the  My Access Token feature on
 dev.twitter.com will now return an access token at the same level of access
 your application requests.

 If you used My Access Token to generate your token in the past, you'll
 want to first go tohttp://twitter.com/settings/applicationsto revoke your
 access token's permissions and then go back to dev.twitter.com's My Access
 Token feature to re-negotiate an upgraded token.

 Any token that transitions from one state to another will have the string
 representation of the access token and secret changed: If a token goes from
 RO to RW, the strings will change. If a token goes from RW to RWD, the
 strings will change. If a user revokes a token and you then renegotiate the
 token, even if the permission level didn't change, the strings will change.

 Thanks,
 @episod http://twitter.com/intent/user?screen_name=episod - Taylor
 Singletary







 On Thu, Jun 30, 2011 at 12:11 PM, Arnaud Meunier arn...@twitter.com wrote:
  Hey Chris,

  The new permission model applies to all access tokens, including the
  application owner's one. You have to reauthorize your existing access_token
  through the OAuth Flow, just like any other user.

  Arnaud / @rno http://twitter.com/rno

  On Thu, Jun 30, 2011 at 11:56 AM, Chris Teso christ...@gmail.com wrote:

  I assumed that the new permissions would not apply to an app reading
  it's own DMs. ie: When authenticating with an apps own token and
  secret /1/direct_messages.{format} should not enforce the R/W/DM
  policy.

  Appears this is not the case?

  On Jun 30, 11:39 am, Arnaud Meunier arn...@twitter.com wrote:
   Hey Developers,

   As planned, the new three-tier permission model is now officially in
  effect.
   Please remember that you don't have to make any changes if your
  application
   or service doesn't need to read or delete Direct Messages.

   Key points:
   - Existing oauth_tokens have not (and will not) be invalidated, even if
  you
   update your application permission level.
   - Read/Write and Read tokens are now unable to read and delete Direct
   Messages. If you wish to read or delete a user's Direct Messages, you
  need
   to update your application and have your existing access tokens
  reauthorized
   through the OAuth authorize web flow.
   - All authenticated API requests return an X-Access-Level header, so
  you
   can find out the current permission level of the access token you're
  using
   (read, read-write, or read-write-directmessages).

   For more information, be sure to take a look on:
   - The Application Permission Model documentation page:
 http://t.co/elH0KY4
   - The Application Permission Model FAQ:http://t.co/1Wliqg4

   Thanks again for working with us on this new permission level,
   Arnaud / @rno

  --
  Twitter developer documentation and resources:
 https://dev.twitter.com/doc
  API updates via Twitter:https://twitter.com/twitterapi
  Issues/Enhancements Tracker:
 https://code.google.com/p/twitter-api/issues/list
  Change your membership to this group:
 https://groups.google.com/forum/#!forum/twitter-development-talk

   --
  Twitter developer documentation and resources:https://dev.twitter.com/doc
  API updates via Twitter:https://twitter.com/twitterapi
  Issues/Enhancements Tracker:
 https://code.google.com/p/twitter-api/issues/list
  Change your membership to this group:
 https://groups.google.com/forum/#!forum/twitter-development-talk

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk


[twitter-dev] Re: The new permission model (R / RW / RWD) is now in effect

2011-06-30 Thread Chris Teso
Ok, I just went through the following exercise:

1. changed app permissions to R/W/DM
2. reset oauth tokens and updated my app
3. reverted app permissions to R/W

And BOOM. Can't access my own apps DMs even with new token perms. So,
I guess I need to have ALL of our customers approve our app to read
their DMs solely so I can read my own!! I also need to have them use
the Authorize flow rather than Sign in.

Can anything be done to help me out here? To me it's obvious that
customers should not have to authorize their accounts just to give my
app permission to read it's own DMs. This is a huge downer.


On Jun 30, 12:27 pm, Chris Teso christ...@gmail.com wrote:
 Arnaud  Taylor,

 Thanks for the response. I must say that I'm confused as to why the
 decision was made to block ones own app from reading their own DMs?
 Can you elaborate on the logic behind this decision?

 It seems logical that I would not have to re-authorize my own app
 tokens to view my own DMs. Further, I do not want to change my apps
 permission levels to do so. This effects ALL of our customers solely
 so I can read my own apps DMs! If I follow Taylors suggested new token
 request, can I then revert my apps permissions and still access my
 apps own dms? ie: I DEFINITELY do not want to keep my app permissions
 set to R/W/DM when I don't need to access any customer DM data.

 Thanks,
 Chris

 On Jun 30, 12:17 pm, Taylor Singletary taylorsinglet...@twitter.com
 wrote:







  Additionally, newly generated tokens with the  My Access Token feature on
  dev.twitter.com will now return an access token at the same level of access
  your application requests.

  If you used My Access Token to generate your token in the past, you'll
  want to first go tohttp://twitter.com/settings/applicationstorevoke your
  access token's permissions and then go back to dev.twitter.com's My Access
  Token feature to re-negotiate an upgraded token.

  Any token that transitions from one state to another will have the string
  representation of the access token and secret changed: If a token goes from
  RO to RW, the strings will change. If a token goes from RW to RWD, the
  strings will change. If a user revokes a token and you then renegotiate the
  token, even if the permission level didn't change, the strings will change.

  Thanks,
  @episod http://twitter.com/intent/user?screen_name=episod - Taylor
  Singletary

  On Thu, Jun 30, 2011 at 12:11 PM, Arnaud Meunier arn...@twitter.com wrote:
   Hey Chris,

   The new permission model applies to all access tokens, including the
   application owner's one. You have to reauthorize your existing 
   access_token
   through the OAuth Flow, just like any other user.

   Arnaud / @rno http://twitter.com/rno

   On Thu, Jun 30, 2011 at 11:56 AM, Chris Teso christ...@gmail.com wrote:

   I assumed that the new permissions would not apply to an app reading
   it's own DMs. ie: When authenticating with an apps own token and
   secret /1/direct_messages.{format} should not enforce the R/W/DM
   policy.

   Appears this is not the case?

   On Jun 30, 11:39 am, Arnaud Meunier arn...@twitter.com wrote:
Hey Developers,

As planned, the new three-tier permission model is now officially in
   effect.
Please remember that you don't have to make any changes if your
   application
or service doesn't need to read or delete Direct Messages.

Key points:
- Existing oauth_tokens have not (and will not) be invalidated, even if
   you
update your application permission level.
- Read/Write and Read tokens are now unable to read and delete Direct
Messages. If you wish to read or delete a user's Direct Messages, you
   need
to update your application and have your existing access tokens
   reauthorized
through the OAuth authorize web flow.
- All authenticated API requests return an X-Access-Level header, so
   you
can find out the current permission level of the access token you're
   using
(read, read-write, or read-write-directmessages).

For more information, be sure to take a look on:
- The Application Permission Model documentation page:
  http://t.co/elH0KY4
- The Application Permission Model FAQ:http://t.co/1Wliqg4

Thanks again for working with us on this new permission level,
Arnaud / @rno

   --
   Twitter developer documentation and resources:
  https://dev.twitter.com/doc
   API updates via Twitter:https://twitter.com/twitterapi
   Issues/Enhancements Tracker:
  https://code.google.com/p/twitter-api/issues/list
   Change your membership to this group:
  https://groups.google.com/forum/#!forum/twitter-development-talk

    --
   Twitter developer documentation and resources:https://dev.twitter.com/doc
   API updates via Twitter:https://twitter.com/twitterapi
   Issues/Enhancements Tracker:
  https://code.google.com/p/twitter-api/issues/list
   Change your membership to this group:
  https://groups.google.com/forum/#!forum/twitter-development-talk

[twitter-dev] Re: The new permission model (R / RW / RWD) is now in effect

2011-06-30 Thread Chris Teso
Option #1 sounds perfect and will work. Thank you for the idea.

A larger issue now seems that we lost our white listing when resetting
the tokens. I realize this should not be the case, however I have
confirmed this is not an un-OAuthed issue. All API calls are going
through fine. Our rate limit has been reset though to 150/hr.


On Jun 30, 1:02 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Hi Chris,

 With the one exception of Site Streams' authorization pattern, there is no
 special relationship between the account owner of an application and the
 application itself -- you are just a user of your application, same as any
 other user. I'm sorry that wasn't clear.

 You have a few options in this scenario and I'm sure one of them will be
 right for you.

 * Option 1: Create a side-car application record for the purpose of reading
 and responding to DMs. Set your permission level on this app to RWD. Issue
 your own access token. Use this consumer key and secret for the portion of
 your application that needs to read/write DMs. You would code your
 application to use the appropriate set of keys for the appropriate
 situation. This separates concerns and would have other benefits. If your
 app tweets on its own behalf, you'd want to use your primary API keys so
 that you're attributed the way you like. When creating an app for this
 purpose, be sure and clearly label its intent and purpose.

 * Option 2: There's a feature we've added to the OAuth flow that allows you
 to specify the level of permissions you are asking for at the time of the
 request. In this scenario, you would set your application to RWD but
 explicitly request your end-users to receive only RW tokens by passing the
 parameter x_auth_access_type=write to
 api.twitter.com/oauth/request_tokenon the first step of the OAuth song
 and dance. When negotiating your own
 token, you'll ask for a RWD but for all end-user tokens, only RW. You leave
 your application at the RWD level. More details on this option are 
 athttp://dev.twitter.com/doc/post/oauth/request_token

 Either of these options seem suitable for your scenario, with the first
 option likely being your quickest solution and also the most preferable.
 Unless you have a requirement to share access tokens between arms of the
 application, it's a great approach for separating concerns in an app.

 Let me know if you have any questions on this.

 Thanks,
 @episod http://twitter.com/intent/user?screen_name=episod - Taylor
 Singletary







 On Thu, Jun 30, 2011 at 12:27 PM, Chris Teso christ...@gmail.com wrote:
  Arnaud  Taylor,

  Thanks for the response. I must say that I'm confused as to why the
  decision was made to block ones own app from reading their own DMs?
  Can you elaborate on the logic behind this decision?

  It seems logical that I would not have to re-authorize my own app
  tokens to view my own DMs. Further, I do not want to change my apps
  permission levels to do so. This effects ALL of our customers solely
  so I can read my own apps DMs! If I follow Taylors suggested new token
  request, can I then revert my apps permissions and still access my
  apps own dms? ie: I DEFINITELY do not want to keep my app permissions
  set to R/W/DM when I don't need to access any customer DM data.

  Thanks,
  Chris

  On Jun 30, 12:17 pm, Taylor Singletary taylorsinglet...@twitter.com
  wrote:
   Additionally, newly generated tokens with the  My Access Token feature
  on
   dev.twitter.com will now return an access token at the same level of
  access
   your application requests.

   If you used My Access Token to generate your token in the past, you'll
   want to first go tohttp://twitter.com/settings/applicationstorevoke
  your
   access token's permissions and then go back to dev.twitter.com's My
  Access
   Token feature to re-negotiate an upgraded token.

   Any token that transitions from one state to another will have the string
   representation of the access token and secret changed: If a token goes
  from
   RO to RW, the strings will change. If a token goes from RW to RWD, the
   strings will change. If a user revokes a token and you then renegotiate
  the
   token, even if the permission level didn't change, the strings will
  change.

   Thanks,
   @episod http://twitter.com/intent/user?screen_name=episod - Taylor
   Singletary

   On Thu, Jun 30, 2011 at 12:11 PM, Arnaud Meunier arn...@twitter.com
  wrote:
Hey Chris,

The new permission model applies to all access tokens, including the
application owner's one. You have to reauthorize your existing
  access_token
through the OAuth Flow, just like any other user.

Arnaud / @rno http://twitter.com/rno

On Thu, Jun 30, 2011 at 11:56 AM, Chris Teso christ...@gmail.com
  wrote:

I assumed that the new permissions would not apply to an app reading
it's own DMs. ie: When authenticating with an apps own token and
secret /1/direct_messages.{format} should not enforce the R/W/DM

[twitter-dev] Re: The new permission model (R / RW / RWD) is now in effect

2011-06-30 Thread Chris Teso
It appears the token and secret have be re-reset and needed time to
take effect. Rate limit is back up.

On Jun 30, 1:02 pm, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Hi Chris,

 With the one exception of Site Streams' authorization pattern, there is no
 special relationship between the account owner of an application and the
 application itself -- you are just a user of your application, same as any
 other user. I'm sorry that wasn't clear.

 You have a few options in this scenario and I'm sure one of them will be
 right for you.

 * Option 1: Create a side-car application record for the purpose of reading
 and responding to DMs. Set your permission level on this app to RWD. Issue
 your own access token. Use this consumer key and secret for the portion of
 your application that needs to read/write DMs. You would code your
 application to use the appropriate set of keys for the appropriate
 situation. This separates concerns and would have other benefits. If your
 app tweets on its own behalf, you'd want to use your primary API keys so
 that you're attributed the way you like. When creating an app for this
 purpose, be sure and clearly label its intent and purpose.

 * Option 2: There's a feature we've added to the OAuth flow that allows you
 to specify the level of permissions you are asking for at the time of the
 request. In this scenario, you would set your application to RWD but
 explicitly request your end-users to receive only RW tokens by passing the
 parameter x_auth_access_type=write to
 api.twitter.com/oauth/request_tokenon the first step of the OAuth song
 and dance. When negotiating your own
 token, you'll ask for a RWD but for all end-user tokens, only RW. You leave
 your application at the RWD level. More details on this option are 
 athttp://dev.twitter.com/doc/post/oauth/request_token

 Either of these options seem suitable for your scenario, with the first
 option likely being your quickest solution and also the most preferable.
 Unless you have a requirement to share access tokens between arms of the
 application, it's a great approach for separating concerns in an app.

 Let me know if you have any questions on this.

 Thanks,
 @episod http://twitter.com/intent/user?screen_name=episod - Taylor
 Singletary







 On Thu, Jun 30, 2011 at 12:27 PM, Chris Teso christ...@gmail.com wrote:
  Arnaud  Taylor,

  Thanks for the response. I must say that I'm confused as to why the
  decision was made to block ones own app from reading their own DMs?
  Can you elaborate on the logic behind this decision?

  It seems logical that I would not have to re-authorize my own app
  tokens to view my own DMs. Further, I do not want to change my apps
  permission levels to do so. This effects ALL of our customers solely
  so I can read my own apps DMs! If I follow Taylors suggested new token
  request, can I then revert my apps permissions and still access my
  apps own dms? ie: I DEFINITELY do not want to keep my app permissions
  set to R/W/DM when I don't need to access any customer DM data.

  Thanks,
  Chris

  On Jun 30, 12:17 pm, Taylor Singletary taylorsinglet...@twitter.com
  wrote:
   Additionally, newly generated tokens with the  My Access Token feature
  on
   dev.twitter.com will now return an access token at the same level of
  access
   your application requests.

   If you used My Access Token to generate your token in the past, you'll
   want to first go tohttp://twitter.com/settings/applicationstorevoke
  your
   access token's permissions and then go back to dev.twitter.com's My
  Access
   Token feature to re-negotiate an upgraded token.

   Any token that transitions from one state to another will have the string
   representation of the access token and secret changed: If a token goes
  from
   RO to RW, the strings will change. If a token goes from RW to RWD, the
   strings will change. If a user revokes a token and you then renegotiate
  the
   token, even if the permission level didn't change, the strings will
  change.

   Thanks,
   @episod http://twitter.com/intent/user?screen_name=episod - Taylor
   Singletary

   On Thu, Jun 30, 2011 at 12:11 PM, Arnaud Meunier arn...@twitter.com
  wrote:
Hey Chris,

The new permission model applies to all access tokens, including the
application owner's one. You have to reauthorize your existing
  access_token
through the OAuth Flow, just like any other user.

Arnaud / @rno http://twitter.com/rno

On Thu, Jun 30, 2011 at 11:56 AM, Chris Teso christ...@gmail.com
  wrote:

I assumed that the new permissions would not apply to an app reading
it's own DMs. ie: When authenticating with an apps own token and
secret /1/direct_messages.{format} should not enforce the R/W/DM
policy.

Appears this is not the case?

On Jun 30, 11:39 am, Arnaud Meunier arn...@twitter.com wrote:
 Hey Developers,

 As planned, the new three-tier permission model is now officially in
effect

[twitter-dev] GET statuses/retweets/:id

2011-06-26 Thread Chris Teso
The documentation at http://dev.twitter.com/doc/get/statuses/retweets/:id
states it will return up to 100 of the first retweets of a given
tweet.

However, in practice the method seems to only return the recent
Retweets for a given Tweet.

Take these two urls: http://www.flickfolia.com/free shows 17 Retweets.
This url is using the api to return Retweets.
http://twitter.com/#!/Flickfolia/status/85127683410886656 shows that
there has been 29 Retweets.

Note: The stats are as of the time of this post.

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk


[twitter-dev] Re: GET statuses/retweets/:id

2011-06-26 Thread Chris Teso
Ah, ok. Seems you need to specify count param to be accurate.

On Jun 26, 10:22 pm, Chris Teso christ...@gmail.com wrote:
 The documentation athttp://dev.twitter.com/doc/get/statuses/retweets/:id
 states it will return up to 100 of the first retweets of a given
 tweet.

 However, in practice the method seems to only return the recent
 Retweets for a given Tweet.

 Take these two urls:http://www.flickfolia.com/freeshows 17 Retweets.
 This url is using the api to return 
 Retweets.http://twitter.com/#!/Flickfolia/status/85127683410886656shows that
 there has been 29 Retweets.

 Note: The stats are as of the time of this post.

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk


[twitter-dev] Getting 401 errors trying to send direct message

2011-06-19 Thread Chris Mowforth
Hey all, I'm playing around with the Twitter OAuth API, having rolled
my own clients in both ruby and Objective-C. I've managed to authorise
myself successfully and send status updates, but api methods like
direct_messages/new always give me 401 errors.

I know I'm missing something elementary in the way I'm making the
calls, so I just want to clarify a couple of things:

- From what I understand in the doc, do the parameters for a POST
request go in the body? (I saw a reference to adding them as query
params in the url string but that seems to have been removed).

- Looking at the OAuth spec and the example on the auth page, can I
assume POST parameters are ordered alphabetically along with the other
params when building the base string? Do they have to be doubly url
encoded?

Here's a quick excerpt of the ruby client I put together:
https://gist.github.com/1033130

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk


[twitter-dev] Re: Loading twitter javascript using https

2011-05-05 Thread Chris Teso
@anywhere currently does not support https. As a work around you could
download http://platform.twitter.com/anywhere.js locally and pull it
off your server via https.

This comes with it's own challenges, as you'll need to manually update
when Twitter decides to update their codebase, but it will work.

On May 5, 5:02 pm, Ahmed Aly ahmed.aly...@gmail.com wrote:
 Hi everyone,

 I want to load twitter javascript (http://platform.twitter.com/anywhere.js)
 but using https.
 How can I do this?

 Thanks!

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] Re: direct_messages/new

2011-04-06 Thread Chris Teso
The Full http response is NULL.

The request sent is $this-connection-post('direct_message/new',
array( 'screen_name' = $username, 'text' = $text ) ) with proper
auth headers.

Again, the method works if we pass user_id rather than screen_name.
$this-connection-post( 'direct_messages/new', array( 'user' =
19081905, 'text' = $text ) );

Using screen_name has been working for 4 months in our app, and
stopped working 2 days ago.

Thanks

On Apr 5, 10:02 pm, Arnaud Meunier arn...@twitter.com wrote:
 Hey Chris,

 The endpoint is working fine with both parameters (just tested it).

 If you're still having this issue, think to provide more details (i.e.
 request sent with auth headers + Full HTTP response). Otherwise, people of
 this Mailing List won't be able to help you that much!

 Arnaud / @rno http://twitter.com/rnoOn Tue, Apr 5, 2011 at 4:34 PM, Chris 
 Teso christ...@gmail.com wrote:
  direct_messages/new seems to have stopped working if using
  screen_name.

  The method works if passing user_id.

  Can you confirm either way?

  --
  Twitter developer documentation and resources:http://dev.twitter.com/doc
  API updates via Twitter:http://twitter.com/twitterapi
  Issues/Enhancements Tracker:
 http://code.google.com/p/twitter-api/issues/list
  Change your membership to this group:
 http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] direct_messages/new

2011-04-05 Thread Chris Teso
direct_messages/new seems to have stopped working if using
screen_name.

The method works if passing user_id.

Can you confirm either way?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] Twitter Basics and Errors

2011-03-25 Thread Chris S.
I am in the process of getting re-acquainted with the API after a lot
of changes and I have run into some issues.

I am getting rate limited when I do a call to get the follower IDs. As
I understand it, it has 150 uses on my IP per hour, but I couldn't
have made more than 4 calls. My script is fairly simple as a test:

$twitterObj = new EpiTwitter();
$followers = $twitterObj-get_followersIds( array ('screen_name' =
'whoever'));
print \n . count($followers);

This isn't a part of a loop or anything, but I get a Rate Limit
Exceeded error after only one or 2 calls to this. Any idea what could
be wrong?

Also, has something changed with search? I attempt to do:

$twitterObj = new EpiTwitter();
$search = $twitterObj-search('whatever');
echo $search-responseText;

And I get a 403 Forbidden error.

Both my examples are using the php wrapper found here:
http://www.jaisenmathai.com/articles/twitter-php-oauth.html

If anyone has any help with my I might be seeing these errors, or if
there is a better library for PHP to do basic no authentication tasks,
such as getting a users followers and doing basic search queries, I
would very much appreciate it.

Thank you.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] Re: twitter app to be used at a kiosk (aka public computer)

2011-03-08 Thread Chris
Thanks for your reply Abraham.
Unfortunately, that is not an option in my case.

I remember running into the same troubles last year with Facebook, but
there was a solution: we can call a logout URL on facebook.com with a
security token and an URL to redirect to as a querystring parameters.

I wish there was the same at Twitter!



On Mar 8, 1:10 am, Abraham Williams 4bra...@gmail.com wrote:
 The best work around I currently know of is after users logout of your site
 to display a prompt reminding them to logout of twitter.com too.

 Abraham
 -
 Abraham Williams | Hacker Advocate | abrah.am
  http://abrah.amJust launched from Answerly http://answerly.com:
 InboxQhttp://inboxq.comfor Chrome
 @abraham https://twitter.com/abraham | github.com/abraham | blog.abrah.am
 This email is: [ ] shareable [x] ask first [ ] private.







 On Mon, Mar 7, 2011 at 14:11, Chris ch...@deliens.be wrote:
  Hi,

  We are currently developing a twitter app to allow people to tweet
  what they experienced at a fair, from a public computer.

  everything works fine except that users stays logged in when using the
  oauth/authenticate or oauth/authorize mehods.

  appending the force_login=true parameter to the oauth/authenticate
  actually forces the login screen to display (that's kind of a fix for
  now...), but this is a security risk, as the previous user is still
  logged in ;)

  I found that an issue (#1453 -
 http://code.google.com/p/twitter-api/issues/detail?id=1453)
  was opened over a year ago states this, but no updates...

  does anyone know a way to logout a user programmatically or at least
  prevent twitter.com for storing its authentication cookies after a
  successful login?

  thx!

  --
  Twitter developer documentation and resources:http://dev.twitter.com/doc
  API updates via Twitter:http://twitter.com/twitterapi
  Issues/Enhancements Tracker:
 http://code.google.com/p/twitter-api/issues/list
  Change your membership to this group:
 http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] twitter app to be used at a kiosk (aka public computer)

2011-03-07 Thread Chris
Hi,

We are currently developing a twitter app to allow people to tweet
what they experienced at a fair, from a public computer.

everything works fine except that users stays logged in when using the
oauth/authenticate or oauth/authorize mehods.

appending the force_login=true parameter to the oauth/authenticate
actually forces the login screen to display (that's kind of a fix for
now...), but this is a security risk, as the previous user is still
logged in ;)

I found that an issue (#1453 - 
http://code.google.com/p/twitter-api/issues/detail?id=1453)
was opened over a year ago states this, but no updates...

does anyone know a way to logout a user programmatically or at least
prevent twitter.com for storing its authentication cookies after a
successful login?

thx!

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] Trying to use Abraham's twitteroauth library to make search query, returns list of numbers in scientific notation?

2011-02-28 Thread Chris Sobolewski
I am attempting to use the twitteroauth library to make a query, and I
am getting some odd responses back.

My code:
$twitteroauth = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
$q=urlencode(#twitter);
$query = $twitteroauth-get(search.json?q={$q}rpp=100);
echo pre;
$qq = $query;
print_r($qq);
echo /pre;

First odd result is, when I try doing a JSON decode, I get an error
that it is not JSON which is what I expected to get back.

Second odd result is when I print_r, this is what I recieve back:

stdClass Object
(
[created_in] = 0.11146
[statuses] = Array
(
[0] = 4.2285483207823E+16
[1] = 4.2285478212403E+16
[2] = 4.2285477021237E+16
[3] = 4.228546655225E+16
[4] = 4.2285444607648E+16
[5] = 4.2285433509528E+16
[6] = 4.2285433383559E+16
 so on all the way down to 100
)
)

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] Re: Totally Stuck - Getting Incorrect signature error trying to update status using OAuth

2010-12-01 Thread Chris Koenig
In case anyone was following this, I figured it out. I had a
programmatic problem that caused a mismatch between the status
populated in the base string and status sent in the POST body. I was
also URL encoding the POST body, which I don't think I should have
been doing. Anyway, it's working now.


On Nov 29, 11:15 pm, Chris Koenig chris.koe...@gmail.com wrote:
 Hi,

 I'm trying to add (what I thought would be) a simple feature to a game
 I developed - allow the users to post their scores to twitter. Since
 my app is a game for the webOS platform, I felt xauth was the best way
 to implement this. I already got xauth approval from Twitter. I also
 have been able to request access tokens without any trouble.

 However, when it comes down to using the oauth token and oauth secret,
 I am totally 100% stuck.
 I've spent a few days on this, and I've tried changing small things,
 changing it back, it's driving me crazy, and no matter what I do I
 always get this response:

 failed to post to twitter: {request:\/1\/statuses\/
 update.json,error:Incorrect signature}

 Here is my code for constructing the and signing base string:
  var updateUrl = http://api.twitter.com/1/statuses/update.json;;
  var timestamp = Math.floor( (new Date(dt.toUTCString() )).getTime()/
 1000);
  var update_data=
                   'oauth_consumer_key=' +
 encodeURIComponent(constants.consumerKey) +
                    'oauth_nonce=' + encodeURIComponent(nonce) +
                    'oauth_signature_method=HMAC-SHA1' +
                    'oauth_timestamp=' + timestamp +
                     'oauth_token='+encodeURIComponent(o_auth_token) +
                     'oauth_version=1.0' +
                     'status='+encodeURIComponent(wow);
              var base_string = POST + encodeURIComponent(updateUrl)
 +  + encodeURIComponent(update_data);
              var oauth_signature =
 b64_hmac_sha1(constants.consumerSecret++o_auth_secret,
 base_string);

 o_auth_token and o_auth_secret are set prior to this block of code by
 parsing the response from the access token url call.

 And here is my code for building the authorization header:
 var auth_header = 'OAuth
 realm=,oauth_consumer_key='+constants.consumerKey +
                                ',oauth_nonce='+nonce
 +',oauth_signature='+oauth_signature+
                                ',oauth_signature_method=HMAC-
 SHA1,oauth_timestamp='+ timestamp +
                                ',oauth_token='+o_auth_token
 +',oauth_version=1.0';

 I've checked that my signature message matches when plugging in
 applicable values using this 
 tool:http://oauth.googlecode.com/svn/code/javascript/example/signature.html

 So it is NOT an issue with signing...

 And here is an output base string I get before signing:
 POSThttp%3A%2F%2Fapi.twitter.com%
 2F1%2Fstatuses%2Fupdate.jsonoauth_consumer_key
 %3DJxPeA0aTWPfkULuWu80dyA%26oauth
 _nonce%3DIpx2fKgwUXlQ18d%26oauth_signature_method%3DHMAC-
 SHA1%26oauth_timestamp%
 3D1291099840%26oauth_token%3D186684223-
 buwCSVt0NJQ7BDUo0q5OZo4jWjgSCDhPT2IBEGRF%
 26oauth_version%3D1.0%26status%3Dwow

 and here is the authorization header i sent:
 OAuth
 realm=,oauth_consumer_key=JxPeA0aTWPfkULuWu80dyA,oauth_nonce=Ipx2fKgwU 
 XlQ18d,oauth_signature=OzJHTccP
 %2FNurB5I1MrP2CUkGAyQ%3D,oauth_signature_method=HMAC-
 SHA1,oauth_timestamp=1291099840,oauth_token=186684223-
 buwCSVt0NJQ7BDUo0q5OZo4jWjgSCDhPT2IBEGRF,oauth_version=1.0

 Some things I'm not sure of:
 1. Is that first realm=  thing needed in the auth header?
 2. If I generate unix time using the local time zone, will that cause
 an incorrect signature since it would be say pacific time not UTC
 time? (seems to work ok to get the the access tokens though...)
 3. Are spaces correct after each comma in the auth header, or not, or
 does it matter?
 4. Does the order matter in the auth header?

 Thanks a lot for all the help, I'm beat and giving up on this for the
 evening.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] Totally Stuck - Getting Incorrect signature error trying to update status using OAuth

2010-11-30 Thread Chris Koenig
Hi,

I'm trying to add (what I thought would be) a simple feature to a game
I developed - allow the users to post their scores to twitter. Since
my app is a game for the webOS platform, I felt xauth was the best way
to implement this. I already got xauth approval from Twitter. I also
have been able to request access tokens without any trouble.

However, when it comes down to using the oauth token and oauth secret,
I am totally 100% stuck.
I've spent a few days on this, and I've tried changing small things,
changing it back, it's driving me crazy, and no matter what I do I
always get this response:

failed to post to twitter: {request:\/1\/statuses\/
update.json,error:Incorrect signature}

Here is my code for constructing the and signing base string:
 var updateUrl = http://api.twitter.com/1/statuses/update.json;;
 var timestamp = Math.floor( (new Date(dt.toUTCString() )).getTime()/
1000);
 var update_data=
  'oauth_consumer_key=' +
encodeURIComponent(constants.consumerKey) +
   'oauth_nonce=' + encodeURIComponent(nonce) +
   'oauth_signature_method=HMAC-SHA1' +
   'oauth_timestamp=' + timestamp +
'oauth_token='+encodeURIComponent(o_auth_token) +
'oauth_version=1.0' +
'status='+encodeURIComponent(wow);
 var base_string = POST + encodeURIComponent(updateUrl)
+  + encodeURIComponent(update_data);
 var oauth_signature =
b64_hmac_sha1(constants.consumerSecret++o_auth_secret,
base_string);

o_auth_token and o_auth_secret are set prior to this block of code by
parsing the response from the access token url call.

And here is my code for building the authorization header:
var auth_header = 'OAuth
realm=,oauth_consumer_key='+constants.consumerKey +
   ',oauth_nonce='+nonce
+',oauth_signature='+oauth_signature+
   ',oauth_signature_method=HMAC-
SHA1,oauth_timestamp='+ timestamp +
   ',oauth_token='+o_auth_token
+',oauth_version=1.0';

I've checked that my signature message matches when plugging in
applicable values using this tool:
http://oauth.googlecode.com/svn/code/javascript/example/signature.html

So it is NOT an issue with signing...

And here is an output base string I get before signing:
POSThttp%3A%2F%2Fapi.twitter.com%
2F1%2Fstatuses%2Fupdate.jsonoauth_consumer_key
%3DJxPeA0aTWPfkULuWu80dyA%26oauth
_nonce%3DIpx2fKgwUXlQ18d%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%
3D1291099840%26oauth_token%3D186684223-
buwCSVt0NJQ7BDUo0q5OZo4jWjgSCDhPT2IBEGRF%
26oauth_version%3D1.0%26status%3Dwow

and here is the authorization header i sent:
OAuth
realm=,oauth_consumer_key=JxPeA0aTWPfkULuWu80dyA,oauth_nonce=Ipx2fKgwUXlQ18d,oauth_signature=OzJHTccP
%2FNurB5I1MrP2CUkGAyQ%3D,oauth_signature_method=HMAC-
SHA1,oauth_timestamp=1291099840,oauth_token=186684223-
buwCSVt0NJQ7BDUo0q5OZo4jWjgSCDhPT2IBEGRF,oauth_version=1.0

Some things I'm not sure of:
1. Is that first realm=  thing needed in the auth header?
2. If I generate unix time using the local time zone, will that cause
an incorrect signature since it would be say pacific time not UTC
time? (seems to work ok to get the the access tokens though...)
3. Are spaces correct after each comma in the auth header, or not, or
does it matter?
4. Does the order matter in the auth header?

Thanks a lot for all the help, I'm beat and giving up on this for the
evening.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] Post status with in_reply_to_status_id via javascript api

2010-11-22 Thread Chris
I am using the anywhere javascript api with great success, except in
regards to posting a reply to a particular status id. I have no
trouble posting the status, and the returned status object including a
reply to user id, but no params I pass come back with an
in_reply_to_status_id with anything other than null.

I have tried lots of things, but from the looks of the api docs here's
what seems most intuitive to me:

T.Status.update('message', {in_reply_to_status_id: '123456789'}); //
where in_reply_to_status_id is part of the options object
-OR-
T.Status.reply('message', '123456789'); //where in_reply_to_status_id
is the second param passed

Can someone tell me what I'm doing wrong, or what is missing?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] Re: Post status with in_reply_to_status_id via javascript api

2010-11-22 Thread Chris
Matt,

Thank you for your reply. I will keep tweetbox as an option, but since
I am integrating lots of twitter functionality I am hoping to stick to
a common strategy, which in this case would be using the standard
anywhere methods.

Is there anyone that does support the JS-API?

Thanks much,
Chris

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] Re: GET Querystring for status update not working on new Twitter

2010-10-27 Thread Chris Muller
Is this the same underlying issue that could be causing the button to
not show the a tweet count for some URLs with query strings?

For instance, we're passing: a URL (http://www.foo.com/bar.cgi?
f=1/2/3456.stuff) encoded as http%3A%2F%2Fwww.foo.com%2Fbar.cgi%3Ff
%3D1%2F2%2F3456.stuff in a query string for the button..

I see a response in firebug of twttr.receiveCount({count:
0,url:http:\/\/www.foo.com\/bar.cgi\/?f=1%2F2%2F3456.stuff}) .
I'm not sure how those other characters are coming in.

If this is the same issue, is there word of a fix?


(Matt, I hit reply to author the first time by accident; apologies)


On Oct 7, 10:51 am, Matt Harris thematthar...@twitter.com wrote:
 Hi woodsytime,

 I wanted to add in here that if you URLencodethe URL you are trying
 to share it will work appropriately. Instead of what you have I would
 expect the URL to look like this:
    http://twitter.com/home?status=ASOS%20embellished%20dress%20http%3A%2...

 One known issue right now is that %26 is converted to  in #newtwitter
 so anything after it is ignored. The team is aware of this and it is
 being tracked here:
    http://code.google.com/p/twitter-api/issues/detail?id=1904

 To second what Taylor said, consider using theTweetButtoninstead of
 the URL. It provides a better experience for your users and allows
 them toTweetwithout leaving your site.

 Best
 @themattharris
 Developer Advocate, Twitterhttp://twitter.com/themattharris

 On Thu, Oct 7, 2010 at 9:17 AM, Taylor Singletary







 taylorsinglet...@twitter.com wrote:
  Hi there woodsytime,
  I'd recommend using aTweetButtonfor this kind of integration instead --
  your approach is kind of the most low rent approach you can take for this,
  and is less and less supported -- really, it's a hack.
  The URL you're presenting in your status update has an unencodedquestion
 mark.

  But even if you properly encoded it, it doesn't look like this kind of URL
  is passable in this way. Bug on our end? Maybe.
  What's the context that users would share this URL? Have you considered the
 TweetButton?
  I noticed that even with all of those query parameters, the page you're
  posting still redirects to the site's home page. What value do the links
  have to Twitter users who post, read, or click?
  Taylor
  On Thu, Oct 7, 2010 at 8:59 AM, woodsytime kr.wood...@gmail.com wrote:

  I need to update my status through an external link using the GET
  method.

  For example...the linked I would like to pass into the browser URL
  querystring is...

 http://twitter.com/home?status=ASOS%20embellished%20dress%20http://ww...

  This has been working, however, I'm using the updated version of
  Twitter as of today, and this way of updating my status is not working
  now?

  It seems to stop at the '=' sign (escape character %3D) in the 'cid
  %3D8745' part of the querystring towards the end.

  Any suggestions?

  Thanks

  --
  Twitter developer documentation and resources:http://dev.twitter.com/doc
  API updates via Twitter:http://twitter.com/twitterapi
  Issues/Enhancements Tracker:
 http://code.google.com/p/twitter-api/issues/list
  Change your membership to this group:
 http://groups.google.com/group/twitter-development-talk

  --
  Twitter developer documentation and resources:http://dev.twitter.com/doc
  API updates via Twitter:http://twitter.com/twitterapi
  Issues/Enhancements Tracker:
 http://code.google.com/p/twitter-api/issues/list
  Change your membership to this group:
 http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk


[twitter-dev] Re: On the demise of basic authentication.

2010-09-06 Thread Chris Hunt
 For perl devs, the move to OAuth is really quite easy

Not for me it's not.

I'm not trying to write a full-featured Twitter client, just trying to
get my event calendar app to send a few tweets to a particular
account. I don't need mega-high security, I just need it to work.

I've registered at http://dev.twitter.com, filling in everything
except the callback URL, cos I don't know what that is.

With some to-ing and fro-ing, I've managed to collect the four key
values and put each into a perl variable in my config file. I have set
the access level to Read and Write. I've installed Net::OAuth on my
machine, and I've tried sending a tweet like this:

  my $tw = Net::Twitter::Lite-new(
  traits = [qw/OAuth API::REST/],
  consumer_key= $TWITCONSKEY,
  consumer_secret = $TWITCONSSEC,
  access_token= $TWITACCTOK,
  access_token_secret = $TWITACCSEC,
  );
  my $result = $tw-update($message);

It just comes back with Read-only application cannot POST, even
though it isn't.

What do I do now?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


[twitter-dev] coldfusion / twitter status update/

2010-09-03 Thread chris brickhouse
I used to use the basic authentication process with a cfhttp tag but
since that doesn't work anymore, has anyone developed a way to post a
status update without having to redirect the user to the twitter site
using a username and password?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


[twitter-dev] annotations access

2010-09-01 Thread Chris Anderson
Howdy,

I'm building a Twitter client that needs to make use of annotations to
avoid displaying duplicate tweets to the end-user (long story...).

Do I need to do something special to get access to the annotations
API? I think I am posting my annotations correctly, but I can't be
sure, as they are not appearing when I read the statuses with curl, or
in my user stream.

Is anyone else out there successfully using annotations? Is the
feature not generally available yet? If not, how does one go about
getting on the beta group?

Thanks in advance,
Chris

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


[twitter-dev] Twitter button with custom image?

2010-08-30 Thread Chris Hylton
Hello, I don't have much experience with javascript but I wanted to
implement the recently released twitter button and all its features
with a custom image to go with my website's theme. I figured out the
basics, but I don't know how to replicate the url shortener or have
the @username. Can anyone help me with this?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en


Re: [twitter-dev] Sending 1600 DMs?

2010-07-27 Thread Chris Thomson
You can only send 250 DMs from one account per day: 
http://support.twitter.com/articles/15364-about-twitter-limits-update-api-dm-and-following

--
Chris Thomson

On Jul 28, 2010, at 12:47 AM, Mark Sievers wrote:

 http://twitter.com/blekko/status/19714365588
 
 Kind of curious what would happen myself. The call is not itself rate-
 limited, and the target must be following you (ie they have opted in)
 so this is ok, but wonder if firing off 1600 DMs in the space of a few
 minutes raises any red flags in the Twitter mopther ship.
 
 http://dev.twitter.com/doc/post/direct_messages/new



[twitter-dev] Re: What uses up my rate limit

2010-07-08 Thread Chris Thomson
Twitter had some issues with incorrect rate limits over the past few
days [1].

I believe they've resolved those issues now, so if you're still having
the issue you've described, visit the connections page [2] to see if
any app using OAuth may be accessing your account. If not, change your
password [3], which would prevent any Basic Auth apps (that you've
previously given your credentials to) from accessing your account and
using up some of your requests.

1. http://status.twitter.com/post/777268689/incorrect-rate-limiting
and 
http://status.twitter.com/post/781763549/investigating-rate-limit-exceeded-issues
2. https://twitter.com/account/connections
3. https://twitter.com/account/password

On Jul 7, 11:59 am, founder foun...@pege.org wrote:
 Just started to integrate twitter into my own CMS written in Perl.

 I use a very old Perl version, because only this old version is
 compatible to use MSIE as GUI.

 To use the API, Perl engages a download program by a batch file.

 Just right now, I only test with 
 thehttp://api.twitter.com/1/account/rate_limit_status.xml

 No other call is used. But from start to start, there are less hits
 remaining in the rate limit,
 Up to 10 less when I wait some minutes.

 I have no idea what consumes my rate limit

 I already closed Twitter in all browsers, but still the same effect.

 Any idea what could use up my rate limit?


Re: [twitter-dev] http://api.twitter.com/version/trends/current.json not working

2010-06-18 Thread Chris Thomson
You're supposed to change version in the URL: 
http://api.twitter.com/1/trends/current.json :)

--
Chris Thomson, via iPad

On 2010-06-18, at 4:18 PM, Rahul rahul.jun...@gmail.com wrote:

 I was trying to get the trends from twitter and this returns no page.
 Is this the right link to get the current trends. Also it mentions
 that it doesn't need authentication so i am not passing any
 authentication credential.
 
 Thanks,
 Rahul


[twitter-dev] Re: include_entities=true 500 error

2010-06-17 Thread Chris L
I seem to be getting the 500 error as well. I really hope this gets
fixed well in advance of the 't.co' links taking effect, because my
iPhone app will need to be updated to use entities. (It needs the
original link URLs to identify which links are photos.)

- Chris

On Jun 17, 9:35 am, Taylor Singletary taylorsinglet...@twitter.com
wrote:
 Hi Rich,

 I'll do some additional checking today to make sure this is the case, but I
 don't believe the bug fix has been deployed yet. With the World Cup and
 other issues, deploys have been scarce lately. I'll let you know if it has
 indeed been pushed yet.


[twitter-dev] Re: link wrapping on the API

2010-06-09 Thread Chris Barr
My 2 pence:

The difference with bit.ly is that I choose to use it. If I don't want
to use it I'm not forced to.

Additionally, what happens if the t.co service goes down? All links
will be temporarily broken until the service goes back up.


On Jun 9, 4:17 pm, Harshad RJ harshad...@gmail.com wrote:
 On Wed, Jun 9, 2010 at 6:48 PM, Dewald Pretorius dpr...@gmail.com wrote:

  I don't buy the click tracking privacy argument. Twitter will have no
  more insight into clicks than what bit.ly or any other shortening
  service has,

 The difference being that the user who clicks the links in Twitter will have
 most probably logged into Twitter. Thus, Twitter can directly associate a
 click with a user.

 When clicking on bit.ly shortened URLs it is very very unlikely that the
 user is logged into bit.ly. That is because only people who shorten URLs
 need a bit.ly account (which is a very small percentage).

 --
 Harshad RJhttp://hrj.wikidot.com


Re: [twitter-dev] Simple Twitter App?

2010-06-05 Thread Chris Thomson
You may want to take a look at this page: 
http://dev.twitter.com/pages/oauth_single_token

--
Chris Thomson, via iPad

On 2010-06-05, at 5:21 PM, Iguanasan eulo...@gmail.com wrote:

 Hello, Everyone.
 
 I'm trying to figure out how to create a simple app.  When someone
 adds a new record to my database I want to tweet that it's available
 to be seen - apartments for rent - so that anyone who follows my
 twitter feed will get a notification about a new place for rent.
 
 I've been forward and backward through the docs and I know that oAuth
 is required and I've run some of the samples, however, most of them
 seem to be allowing access to OTHER people's twitter accounts like a
 Twitter app would do.  I want to simple access to my OWN Twitter
 account.
 
 Can anyone help point me in the right direction?
 
 PS: I'm working in PHP for this project.


[twitter-dev] Clarification of Whitelisting

2010-06-01 Thread Chris Tsoi
Dear Sir/ Madam,

I have several questions about the whitelisting, hope you can provide
information.

Question 1)

From the link http://apiwiki.twitter.com/Rate-limiting;, it mentioned
IP whitelisting takes precedence to account rate limits. GET requests
from a whitelisted IP address made on a user's behalf will be deducted
from the whitelisted IP's limit, not the users. Therefore, IP-based
whitelisting is a best practice for applications that request many
users' data.

So if we whitelist our IP and call api (authenticated or
unauthenticated), through that ip, then all the rate limit by IP will
be exhausted very soon.  And when the rate limit by IP is used up, the
mechanism starts to use rate limit by user, but unauthenticated api
will not allowed to use this rate limit by user, and hence fail.

So under this situation, it is best to call authenticated and
unauthenticated through 2 different IPs?

Question 2)
Also,
Each whitelisted entity, whether an account or IP address, is allowed
2 requests per hour. This means that two authenticated users using
the same IP address would each get 2 requests per hour. 

The limit of account is per application account basis, or per user
basis?



Re: [twitter-dev] email

2010-06-01 Thread Chris Thomson
In order for someone to receive your tweets, they either have to be following 
you or following a list that has you added as a member.

--
Chris Thomson, via iPad

On 2010-05-31, at 10:02 PM, MacGuy flyme2...@yahoo.com wrote:

 Is there a way for the recipient to receive your tweet if you are
 following them, but they are not following you? Thanks.
 


Re: [twitter-dev] leave API problem

2010-05-20 Thread Chris Thomson
notifications/leave stops the authenticating user from receiving SMS 
notifications of the specified user's tweets.

If you'd like to unfollow a user, you're looking for friendships/destroy: 
http://dev.twitter.com/doc/post/friendships/destroy
--
Chris Thomson

On May 20, 2010, at 12:05 PM, roteva wrote:

 Hello,
 
 I am seeing a problem using
 
 https://api.twitter.com/1/notifications/leave.xml, (with oauth)
 in that it returns a good status (200), with the correct user info
 specifying the user
 I want to un-follow.
 
 However, the follow/friend status is unchanged. AM I using the wrong
 API method
 to unfollow?
 
 Thanks for any hints,
 
 Bernd



[twitter-dev] Re: Using @anywhere and the Twitter Search Widget

2010-05-05 Thread Chris
Here's a test page where i'm seeing this error: 
http://www.raebarnes.com/testtweet2.html

On Apr 23, 7:31 pm, Dustin Diaz dus...@twitter.com wrote:
 What is the url of your site?

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: About update limits

2010-04-30 Thread Chris White
Hello Raffi,

 and yes - there is a whitelisting for status/updates -- please e-mail
 a...@twitter to ask for it.

I don't have permissions so I can't post their name, but a friend of
mine sent such a request and received this response:


Thank you for writing in. Sorry for any confusion, but API
whitelisting does not cover the statuses/update call, as this call is
a POST method. All Twitter accounts are subject to the same 1000
tweets per day limit. We also do not have a specific limit status call
for remaining tweets, but I will pass this along to our engineers as a
feature request. I apologize for the inconvenience that this causes to
you and your team.

Thanks,
Brian


Seems to be conflicting with the previous statement, so I'm not sure
what to make of it.

Best Regards,
Chris White


[twitter-dev] Re: About update limits

2010-04-30 Thread Chris White
Hello Raffi,

 yeah - i was mistaken.  i'm just a lowly engineer :P  sutorius (the brian
 referenced on that e-mail, and he has posted in this forum before) knows
 best in this case.

Yikes, just saw that mentioned post.  I'd like to help gather some
ideas with a few other twitter developers, and would like to know what
is stopping status updates from increased right now?  The intention
here is not to complain, but simply to help figure out how to improve
the situation and understand better the issues that you folks know
about that application developers don't.

Best Regards,
Chris White


[twitter-dev] Re: How to show top 20 twiits of the day

2010-04-26 Thread Chris White
If you mean the 20 most recent tweets from all users there's statuses/
public_timeline:

http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-statuses-public_timeline

Best Regards,
Chris White

On Apr 26, 6:55 am, millu milindsav...@gmail.com wrote:
 Hello friends

 I have one big problem, I have to show the Top most 20 twitts on my
 site just like twitter home page (not a user home page).
  so question is it possible to shows the recent top most 20 result
 using php and Twitter API ?

 --
 Subscription 
 settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: Permission denied ... to get property Window.jQuery from https://api.twitter.com.

2010-04-26 Thread Chris
I'm seeing this error too.  Help would be appreciated.

Thanks.

On Apr 15, 5:53 am, T.Kitajima kitajimatom...@gmail.com wrote:
 Permission denied ... to get property Window.jQuery from https://
 api.twitter.com.

 My script throws XSS error. It's against same origin policy.
  Can someone explain to me what to do?

   script src=http://platform.twitter.com/anywhere.js?
 id=Xv=1 type=text/javascript/script
   script type=text/javascript
   function onAnywhereLoad(twitter) {
       twitter.hovercards();
   };
   twttr.anywhere(onAnywhereLoad);
   /script

 Getting Startedhttp://dev.twitter.com/anywhere/begin


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: Schedule for API call rate increases with oAuth?

2010-04-26 Thread Chris White
 I understand the very compelling reasons why Twitter wants to convert
 to universal OAuth access.  But let's quit spinning OAuth as this
 great new security enhancement technology that will benefit end-
 users  It's not.  It wasn't even meant to be.  It was just meant to
 help the Twitters of the world communicate end-user information among
 each other without having to share their end-users' credentials.

You're working on a webapp to deal with twitter timelines. You store
twitter usernames and passwords.  For some reason or another your site
gets hacked and all usernames and passwords are compromised.  In a
majority of cases, users have the same password setup for other
accounts.  The hackers do a username search to find the user in other
places and try to retrieve their data there. To combat this and be
totally sure, the user now has to remember all sites where they could
have used that password and get it changed. Crap.

Now let's see the oAuth version.  Your site gets hacked.  You reset
the consumer key and secret. Tada, Hackers now have useless tokens.
You get to the bottom of the hacking and explain to everyone what
occured and whatever data was compromised.  However, you don't have to
tell them that their login information was compromised, which is a
really nice thing.  Will people be distrustful of your app?  Yes, but
the fallout is a lot less painful.


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Status Update Limit Check

2010-04-23 Thread Chris White
I did a search around to see if I could find a similiar thread asking
what I am, but I'm having a hard time putting together the correct
search keywords for this.

I'm developing a twitter bot and plan to implement some features in
the bot itself, and others in a web application.  The bot and web
application will use the same database to keep in sync.

The features I plan to add would potentially increase the status
update rate for my bot.  If these events occur, I would transition
those features to the web app instead.  However, I don't see a way to
check against the status update limit short of keeping track locally.
It seems that the 1000 tweet limit is further broken down into some
unknown number.  Is there any way to check against the update limit so
I know to throttle my bot and modify my code? I'd rather not keep
hitting the API limit through HTTP errors and potentially get my bot
in trouble.

Also, I've seen a limit on duplicate content for not just the last
tweet, but x tweets back as well.  I normally get around this by
adding randomization to my bots tweets, which has worked pretty well,
but I'm curious as to why the x tweets back isn't clearly defined
somewhere.

If these questions are already answered somewhere I appologize ahead
of time, Once again I tried a few search keywords and didn't come up
with much.


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Using @anywhere and the Twitter Search Widget

2010-04-23 Thread Chris
I'm getting this error when I try to use an @anywhere tweetbox and the
twitter search widget on the same page.  Can anyone shed some light?

Unsafe JavaScript attempt to access frame with URL 
https://api.twitter.com/xd_receiver.html
from frame with URL about:blank. Domains, protocols and ports must
match.

Thanks!


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


[twitter-dev] Re: Status Update Limit Check

2010-04-23 Thread Chris White
Hello Taylor,

 What's your bot all about?

The bot is a character bot for a popular Japanese doujin (not
commercially backed, a person makes the game in their spare time and
usually sells them at conventions) game. Such bots are highly
concentrated throughout the Japanese community, as the writing system
they have can say a lot more in 140 characters than with English
characters (one word can constitute 2 characters for example).

Basically such bots are conversational AI bots. Given certain cues
they respond in a certain way.  Such responses are sometimes
randomized to provide a more dynamic interaction to users.  With my
current twitter bot, I'm currently working on an AI based system to
constitute unsupervised learning and responses based on how the user
interacts with the bot.

However, because of the status updates imposed, and lack of knowledge
on the specific rates, I have to consider how a normal person would
operate, and include events such as going to sleep and heading out
for a bit.  If certain interactions require a larger number of status
updates, I planned to have it as a kind of web app that users could
continue their conversation with the character, making my worries more
about the data storage requirements in the database than status update
limits.

Other bot creators, however, may not have such elaborate setups due to
hosting costs.  For them, it's important to be able to scale their
both with a large number of followers by being able to throttle status
updates as per the twitter requirements.  These bot creators wish to
stay within the guidelines that twitter provides, but armed only with
the knowledge of  but the daily limit and receiving HTTP error codes,
there is nothing to go off of.

On the point of how such bots contribute to the twitter community,
because the bot acts as the character itself, it draws fans of the
characters into a tighter knit community.  Users can look at the bot's
follower list and find users with more similiar and focused interests
with ease. Such bots will usually produce random non-reply based
tweets with the character's lines, giving a topic of discussion for
the bot's followers.  There are even some users that go so far as to
follow nothing but their favorite character's bots.

Best Regards,
Chris White


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en


Re: [twitter-dev] API returns 0 lists even though I follow 3

2010-04-01 Thread Chris Thomson
That method returns the lists owned by the specified user -- not the lists the 
user is subscribed to. You're looking for 
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-GET-list-subscriptions 
instead.

--
Chris Thomson

On Apr 1, 2010, at 5:49 PM, ryjennings wrote:

 http://api.twitter.com/1/ryjennings/lists.xml



Re: [twitter-dev] getting authenticated user's rate-limit-using rest API.

2010-03-21 Thread Chris Thomson
The rate_limit_status method does not take a username as a parameter. All 
account methods act on the authenticating user's account (or in the case of an 
unauthenticated call, the requesting IP address). In order to get each other's 
rate limit information, you'll need to have both the user's authenticated as 
themselves.

--
Chris Thomson

On Mar 21, 2010, at 8:01 AM, Rushikesh Bhanage wrote:

 Hi, there,
  I am using rest api method in my app, in that, I have two users(i.e 
 white-listed user accounts.) and need to get each user's account rate-limit 
 request balance, I am using following URL to get request balance.
   
 ' http://twitter.com/account/rate_limit_status/'.$unm.'.xml '. Here $unm is 
 user name passed through ratelimit() function . 
 
  Below is the code logic: (using cURL functions )
 
 [ function Checklimit()
 {
 for($i=0; $i2; $i++)
 {   
 $usrlimit = $this-ratelimit($this-u[$i]);   
// ratelimit($unm) function will give array containing remaining hits. 
 foreach($usrlimit as $key=$val)  
   // $this-u[]  is the array used for fetching users with $i. 
 {
 if($key == 'remaining-hits')
 {
 if($val != 0)
 { 
// here will return array element which is having hits.
return $i; 
 // here it doesn't come inside when value of ratelimit of first 
 user comes to an end
  } 
 
 }
 }
   // Actually here it goes to second user but does not get it's hits 
 from api using ratelimit function. gets same 0 as like first user. It will 
 return -1 when no user is having hits.   
 }
 return -1;
 }
  
 ]   
 
 Can I have some clue, please. 
 
 Thank You in advance.
 
 with regards,
 rishibhanage.
 
 
 
 
 To unsubscribe from this group, send email to 
 twitter-development-talk+unsubscribegooglegroups.com or reply to this email 
 with the words REMOVE ME as the subject.

To unsubscribe from this group, send email to 
twitter-development-talk+unsubscribegooglegroups.com or reply to this email 
with the words REMOVE ME as the subject.


Re: [twitter-dev] How to add my app to app wiki?

2010-03-21 Thread Chris Thomson
Have you tried requesting access to edit the wiki? See 
http://twitter.pbworks.com/request_access.php :)

--
Chris Thomson

On Mar 21, 2010, at 1:41 PM, Dmitri Snytkine wrote:

 Hello!
 
 I recently built by first Twitter app.
 
 http://qod.tw
 
 Is it possible to add it to Twitter apps wiki here: 
 http://twitter.pbworks.com/Apps
 
 I don't see any ways to submit your app, so does anybody know who to
 contact about it?
 
 Thanks.
 
 To unsubscribe from this group, send email to 
 twitter-development-talk+unsubscribegooglegroups.com or reply to this email 
 with the words REMOVE ME as the subject.

To unsubscribe from this group, send email to 
twitter-development-talk+unsubscribegooglegroups.com or reply to this email 
with the words REMOVE ME as the subject.


[twitter-dev] All replies are appearing in home_timeline

2010-03-04 Thread Chris Thomson
Replies from people I'm not following (not directly, and not through any lists) 
are appearing in home_timeline. This hasn't always been the case, has it? Is 
this the new expected behaviour, or is it just a bug?

--
Chris Thomson
http://twitter.com/chris24

[twitter-dev] Re: New way to get highest id?

2010-03-04 Thread Chris Thomson
You could always poll the search API occasionally for a very common
term like 'what' and just take the most recent tweet ID from that.

On Mar 3, 10:20 pm, Brian Morearty bmorea...@gmail.com wrote:
 With the upcoming deprecation of /statuses/public_timeline that was
 just announced, will there be any way to find out the (approximate)
 highest tweet id?

 I know the streaming API would work but it seems like overkill.

 Scenario: in my app I cache tweets for performance and to avoid over-
 calling the API. If someone references a tweet whose id doesn't exist
 (e.g. by searching), I'd like to be able to tell the difference
 between that tweet was deleted and that tweet id has never been
 used yet.

 I currently poll the public_timeline once every few minutes. Ids that
 are missing but are lower than the highest one are considered
 deleted.

 As you can see based on my current mechanism, exact precision doesn't
 matter much to me.

 A better alternative for this use case would be a deleted indicator
 (perhaps in the HTTP code?) if I try to retrieve a tweet that has been
 deleted. It could be different than the code returned if a tweet had
 never been created.


[twitter-dev] home_timeline problems with count and page/pagination

2010-02-19 Thread Chris Bailey
I probably am simply misunderstanding something, but I'm getting what
I think are odd results in calls to home_timeline when using the count
and page parameters.  For example, if I set the count to be 100, and
then simply start with page 1, then fetch successive pages I run into
two issues:

1) I don't always get 100 tweets back, even though I specified 100 for
the count.
2) I get zero tweets back on about page 9, yet, according to the
pagination and rate limiting docs, I should be able to do about 32
pages (rate limit of 3200 tweets, with asking for 100 per page)

E.g. my script spits out:

Processing 98 tweets on page 1...
Processing 99 tweets on page 2...
Processing 99 tweets on page 3...
Processing 100 tweets on page 4...
Processing 97 tweets on page 5...
Processing 100 tweets on page 6...
Processing 97 tweets on page 7...
Processing 99 tweets on page 8...
Processing 0 tweets on page 9...

I'm not using a since parameter (yet), since this is the initial run.
Thus, I'm trying to understand how I can go through a history of
tweets and ensure I've gotten as many back as I can per the rate and
pagination limits.  Can someone explain why I wouldn't get 100 tweets
per page, and then why it seems to drop off after returning roughly
800 tweets (8 pages)?


[twitter-dev] Re: Question about licensing

2010-02-18 Thread Chris Messina
Actually, NOW would be the time to contribute feedback to the OWF,
since there's a good amount of momentum converging on finalizing the
various agreements that the OWF will be offering.

Changing the licenses once they're set won't be easy — since the point
of the agreement is to codify a specific and particular understanding
of the ownership model (or non-ownership desire) of a group of
implementors.

The first agreement is here:

http://openwebfoundation.org/legal/agreement/

Meanwhile, feedback should be submitted here:

http://groups.google.com/group/open-web-legal-drafting

Chris

On Jan 24, 2:36 am, Jesse Stay jesses...@gmail.com wrote:
 I think the OWF agreement is an excellent idea - I'd love to see Twitter
 join in that agreement with its developers.  If Twitter has concerns with it
 I'd love to see them get involved in the OWF discussions and perhaps the
 agreement could be modified to meet Twitter's needs.  Why reinvent the
 wheel?

 Jesse



 On Sat, Jan 23, 2010 at 6:28 PM, DeWitt Clinton dclin...@gmail.com wrote:
  Thanks for the update, Ryan.  And thanks for the compliment on the Google
  Code policies page -- that page was one of the first things I launched at
  Google back when we were being asked the exact same questions.

  We also added patent licences, which follow this general format:

   http://code.google.com/apis/gdata/patent-license.html

  Granted, that license is maybe even more liberal than most implementors
  require.   Also, that was before we had a reusable patent agreement, such as
  the OWFa:http://openwebfoundation.org/legal/agreement/.  If I did
  something new outside Google I'd probably go the OWF route now.

  Trademark is trickier.  I'm not sure we've quite nailed it yet at Google,
  actually.  But the basic framework might be a statement that enumerates
  specific marks and lists specific appropriate usages.  You can always add to
  that list over time, and this would protect Twitter's rights in the cases
  you haven't anticipated yet.

  Thanks again for pushing this forward.  Cheers,

  -DeWitt

  On Sat, Jan 23, 2010 at 11:28 AM, Ryan Sarver rsar...@twitter.com wrote:

  DeWitt,

  Thanks for the serious patience on this thread. We're constantly trying to
  adapt to the needs of the developer community, and you're right that we
  haven't published guidelines around use of the Twitter API specifications.
  But, we are working on it and I wanted to share some of the thought that
  will help drive the policy.

  What we do know is that there is a clear need for a flexible, friendly and
  responsible policy. Policies such as this one (
 http://code.google.com/policies.html#restrictions) are a good start, and
  I can share some principles we'd like to live by. CC-BY should apply to a
  lot of the tools we release. You should be able to copy, modify and make
  derivatives of our specifications (with attribution). We shouldn't throw
  arbitrary roadblocks in your way, such as preventing you from naming a
  library tweet. And last, we shouldn't pester you for utilizing our 
  patents
  underlying these specifications.

  These are flexible and friendly principles, and in exchange we ask the
  development community to act responsibly. For example, naming a library
  twitter is one thing. Naming your application twitter is quite another.

  We hear you loud and clear, so please bear with us as we translate these
  principles into official policy.

  Thanks again for your patience and interest :)

  Best, Ryan

  On Tue, Nov 24, 2009 at 9:12 AM, DeWitt Clinton dclin...@gmail.comwrote:

  Hi all,

  I recently received a request to implement the retweet api calls in the
  python-twitter and java-twitter libraries, but before I proceed I was 
  hoping
  for a bit of clarification around the licensing terms for the Twitter API.

  My layman's understanding is that without explicit terms there are
  relatively few rights offered by default regarding a specification.  In
  particular, I have a few questions about copyright, trademark, and patents
  rights being offered to implementors of the Twitter API.  My longstanding
  sense is that Twitter has indicated the spirit of offering the API under
  generally permissive usage rights, so hopefully this thread can move the
  discussion forward a bit and perhaps turn that spirit into something more
  formal.

  *Copyright*

  **Question: Under what terms may third-party library and application
  developers use the text and images associated with the Twitter API
  specification?

  Example use case:  Third-party library developers would like to copy
  and/or modify the text of the Twitter API specification in the library's
  documentation.  This is preferred over inventing new text for the
  documentation, the meaning of which could deviate from the canonical 
  version
  in the Twitter API specification.

  Potential concern:  Without a copyright license, implementors may not be
  permitted to use or reuse the Twitter API

Re: [twitter-dev] Add My Application In Twitter

2010-02-16 Thread Chris Thomson
You can use http://twitter.com/oauth_clients to register a Twitter API 
application for use with OAuth. Is that what you're looking for?

--
Chris Thomson

On 2010-02-16, at 2:02 PM, 3rB3r wrote:

 Hey Guys ...
 Last Week I Found A URL For Add Application [ API ] In Twitter
 WebSite , But Now I Can't Find It And I Forgotted :( Anybody Can Help
 Me ?
 
 With Best Regards, @3rB3r


Re: [twitter-dev] Yet Another Rate Limit Question

2010-02-15 Thread Chris Thomson
GET requests to the REST API (not the streaming API or search API; they fall 
under different limits) count against the hourly rate limit. If you're making 
the request as an authenticated user, it count's against the user's rate limit. 
Otherwise, it counts against the IP address's (your website's IP address's) 
hourly rate limit.

POST requests, such as posting updates, don't count against the rate limit. All 
methods that require POST requests have other limits, which usually aren't 
public to prevent spam - see http://help.twitter.com/forums/10711/entries/15364 
for details on that. So no, posting an update on behalf of a user won't count 
against the hourly rate limit.

--
Chris Thomson

On 2010-02-15, at 7:20 PM, Paul wrote:

 Sorry; I did look at the FAQ and search the archive, but still the
 answer wasn't clear to me
 
 So far I have an ordinary authorized Twitter web application using
 OAuth, not whitelisted or anything.  From what I understand in the
 FAQ, that limits API requests from my website to 350/hr.
 
 People are meant to post tweets from my website.  Does this mean that
 the total of all tweets through my website are limited to 350/hour?
 If users have to authenticate each tweet (which currently they do
 because I don't store the tokens), does this mean the the whole site
 is limited to a max of 175 tweets per hour total for all users?
 
 Sorry if it's an uninformed question.  I did research it,  I've put
 in a lot of work to get the site to work; now I'm trying to figure out
 the policy issues
 


Re: [twitter-dev] Application Suspended

2010-02-14 Thread Chris Thomson
You may want to look at the Twitter Rules (http://twitter.com/rules - 
specifically the section on spam), and review your application's goals. If your 
application makes it easy for users to spam others, and if many of your users 
have been reported for activity generated by your application, that may be 
grounds for your application to be suspended.

I'm sure you'll get a response to your support ticket from a Twitter employee 
in the next few days.

--
Chris Thomson

On 2010-02-14, at 2:56 PM, Jim Fulford wrote:

 Hello, I need some help.  4 days ago I started getting emails from my
 users that they could not login to our site using the Oauth service.
 I checked my site and it said my application had been suspended.   I
 did not get any email from Twitter, they just deactivated my
 application so nothing works.  I have sent in two support tickets, but
 gotten no response.  2 days ago, I took my site down www.gotwitr.com
 so that I would stop getting support email from my users.
 
 I have had this site up for 5 months, and I have over 5000 users have
 used the service.  I am so glad that I have never charged for the
 service, this would be a nightmare.
 
 If they would let me know what our site, or one of our users did to
 get banned, we would be glad to fix it.   We have tried to make our
 site as Twitter API friendly as possible.
 
 We are 100% Oauth, we have never saved or requested any users
 passwords.
 We only let our users hit the Twitter API 1000 times in a 24 hour
 period
 We have all of our tools that follow or unfollow use individual user
 verification, (no mass follow or unfollow)
 
 An email with the issue would have been great.
 
 Not getting a response in the last 4 days that my site has been down
 is really not acceptable!
 
 Thanks
 
 


[twitter-dev] Status update request returns incorrect tweet

2010-01-21 Thread Chris Maguire
I've been wrangling Twitter's API for a few months while developing a
third-party ap that, among other things, allows users to update their
twitter streams.

This morning we received a support inquiry from a user who said that
he was unable to update his status through our service. We log every
return we get from twitter, so I checked out the log and the result
looked like a normal successful tweet reply.

Upon closer inspection, I noted that the response was based on a
*different* status update than the one we posted.

I tested making the update call manually, and I got a similar result:
The status we sent was not posted, but we were returned the
information for their most recent tweet.

In summary, this is what we're seeing:

1. An OAuth-authenticated user attempts to post a new status to
https://twitter.com/statuses/update.xml
2. Twitter returns a normal-looking response, but it is for a pre-
existing tweet that was not posted through our ap.
3. The user's timeline does not reflect the new post.

So far, I've only seen the behavior with this particular user's two
Twitter accounts. All other users seem to be getting normal results
back from their status updates.

I've tested it pretty extensively, but I can't imagine it being caused
by anything other than a Twitter API bug. Is there some strange case
in statuses/update that I'm missing, or is this truly a bug?


Re: [twitter-dev] Filing a new support ticket re a reversed user spam complaint

2009-12-19 Thread Chris Thomson
You can open a support ticket here: http://help.twitter.com/requests/new

--
Chris Thomson

On 2009-12-19, at 7:30 PM, Abir wrote:

 Hey Guys,
 
 1. An user had done a Report Spam in response to a marketing message
 we sent based on product keywords in their recent tweet.
 
 2. We talked w the user over Facebook and agreed not to send him more
 marketing Tweets and he has agreed to withdraw the spam complaint.
 
 3. We can't locate a way to open a support ticket to notify you here:
 http://twitter.com/help/start
 
 4. Should we email or @ message someone?  What's the protocol you guys
 want to follow?
 
 Thanks,
 Abir



[twitter-dev] Locked Out! Why?

2009-12-14 Thread Chris Prakoso
Hi all,

One of the feature of my app that I'm building at the moment is
collecting details of every followers, following that a user has.  So,
what I'm doing is, getting id_list of followers from a user and
hitting user/show to get user details of each follower.
Recently when I'm doing this, I keep getting myself locked out (I use
my own Twitter account to test), and when I try to log myself on
Twitter via the web, I've the following error message:

Locked out!
We've temporarily locked your account after too many failed attempts
to sign in. Please chillax for a few, then try again.

Anybody know why I've got this? and how can I avoid this?

Thanks very much for your help,
Chris Prakoso


Re: [twitter-dev] What Is The Status of Twitter OAuth?

2009-11-30 Thread Chris Babcock
On Mon, 30 Nov 2009 10:27:24 -0800 (PST)
Dewald Pretorius dpr...@gmail.com wrote:

 Last information I've seen said that Twitter OAuth is in public beta,
 if I remember correctly.
 
 Has that status changed, as in, has OAuth been moved out of beta and
 into production?

This doesn't look beta to me:
http://oauth.net/core/1.0a

A is a revision code, not alpha.

Chris



signature.asc
Description: PGP signature


Re: [twitter-dev] Is it possible to recreate Twitter's followers screen?

2009-11-23 Thread Chris Thomson
There seems to be a `following` boolean attribute returned for each user in 
/statuses/followers.xml (and .json)... is that what you're looking for?

--
Chris Thomson

On 2009-11-23, at 11:16 AM, Ryan Bell wrote:

 I would like to completely recreate Twitter's followers screen.  After
 some research, we aren't sure its possible without being inefficient
 with the API.
 
 We're unable to determine if a user is a following the logged in user
 in a bulk fashion.This information is needed in order to determine
 which options to include next to each follower. ex) should you show
 'follow' or 'unfollow' button?
 
 Twitter returns your followers information, but does not include
 information as to whether you are also following that user.  It seems
 that the only way to get this additional information is on a 1-by-1
 basis by checking to see if each of your followers is being followed
 by you.
 
 QUESTION:
 Is there a better way to determine in bulk if users are being followed
 by you?  It seems that this functionality must exist in order for an
 application to mimic Twitter's Followers page.
 
 Thanks in advance for any assistance,
 
 Ryan



Re: [twitter-dev] the name i want is taken but the person doesnt use the account

2009-11-22 Thread Chris Thomson
You could *try* opening a ticket at http://help.twitter.com/requests/ 
new, but I'm not sure if they release usernames anymore.


On 2009-11-22, at 11:14 PM, Enue enuecloth...@gmail.com wrote:


I would love for our username to just be Enue, but someone has it
already. However, they haven used their account since April 2008. Is
there any way I can get them removed from twitter? or somehow contact
them through e-mail?


Re: [twitter-dev] Question and/or Feature Request: in-reply-to-direct-message-id for DMs

2009-11-21 Thread Chris Thomson
I'd suggest opening a new issue on the Twitter API bug/enhancement tracker so 
others can 'star' it to show interest: 
http://code.google.com/p/twitter-api/issues/entry

--
Chris Thomson

On 2009-11-21, at 2:11 PM, Michael Steuer wrote:

 Hi Twitter, Twitter Developers,
 
 Let me start with the question: is there a good reason why the payload for 
 direct_messages doesn’t have a “in-reply-to-direct-message-id”, just like 
 the “in-reply-to-status-id” for status updates? I know that for my use 
 cases, and I’m sure for some of yours, it’d be helpful to know if a DM was a 
 reply to an earlier one, or a new DM to the recipient.
 
 So here’s the feature request: can we pretty please have a 
 “in-reply-to-direct-message-id” in the DM API payload? And if you consider 
 this a reasonable request, how long do you think that would take ;)
 
 THANK YOU!
 
 Michael.



[twitter-dev] Re: Whitelisting rejection e-mail

2009-11-09 Thread Chris Thomson
a...@twitter.com

On 2009-11-09, at 8:41 PM, John Meyer wrote:

 What was the e-mail to submit questions as to why an application was rejected 
 and what 
 I can do to rectify the situation as a developer?



[twitter-dev] Re: Show a specific list you can use the new resource

2009-11-07 Thread Chris Thomson

That method shows information about a list and its owner. Full
documentation is at: 
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-GET-list-id

On Nov 7, 11:31 am, Matthew Terenzio mteren...@gmail.com wrote:
 Can someone explain this?

 GET '/:users/lists/:list_slug.:format'
 Show a specific list you can use the new resource.


[twitter-dev] Re: My application for whitelisting has been rejected for no reason!

2009-11-05 Thread Chris Thomson


There's a bug in the whitelisting system that's not properly passing  
along the reason for rejection. Try emailing a...@twitter.com with the  
username you submitted the request under, and someone from the  
Platform team will look up the reason for you.


On 2009-11-05, at 1:47 PM, Nish wrote:



Hi,

Today i submitted by application to twitter stating that we are
developing a Twitter application similar to socialoomph and asking to
whitelist 3 of my IPs, I also explained them how am going to use them.

However to my shock i got a email today stating its rejected and No
reason was mentioned! (see below)

Please Help!

Hi Nishanth Chandran,

Thanks for requesting to be on Twitter's API whitelist. Unfortunately,
we've rejected your request.

Here's why:

Please address the issues above and submit another request if
appropriate.

The Twitter API Team




[twitter-dev] Re: OAuth in popup, does not work when auto close

2009-10-26 Thread Chris Babcock

 
 I authenticate with twitter oauth using a popup from my site. When the
 authentication is done, twitter redirects the user to my site again.
 The user then has my site both in the original browser window, and in
 the popup.

One way of formulating your problem would be How can I avoid having two
windows open? The simplest answer would be, Don't open a second
window.

 I want to close the popup automatically, so the user don't have to. I
 do this with the following:
 ?php if (strlen($_GET['oauth_token'])  0) { echo scriptself.close
 ()/script; } ?

 The problem is that when using the above code, the authentication
 don't seem to work. When trying to tweet I get this:
 /statuses/update.xml Could not authenticate you.
 
 When I don't use the above code, and thereby force the user to close
 the popup manually if he don't want it open, everything works fine.

 Can someone explain this to me, and help with how I can auto close the
 popup without messing with the authentication?

PHP is not my language of choice, but that looks like a scoping issue.

When you close the window with JavaScript, the authentication data you
obtained is lost when the window containing it is closed. You need to
persist the data whatever that means for your application - save a
cookie, submit data or (Ugh!) set a global - before you close the
window 

Chris Babcock




[twitter-dev] Re: OAuth without user interaction

2009-10-23 Thread Chris Babcock

On Fri, 23 Oct 2009 16:32:25 -0400
ryan alford ryanalford...@gmail.com wrote:

 It is possible to do OAuth without user interaction if you have their
 username and password, but this is frowned upon by Twitter and could
 get your IP blacklisted.

You do need user interaction to get initial approval for a token, after
which you can reuse a token until it is revoked. There is a chance (Has
this happened recently?) that a token may expire without obvious
reason, but they are supposed to be reusable. 

There's no replacement for testing, which has been absent in my shop
recently because of the churn on the API... which I'm hoping will be
addressed by versioning.

Chris Babcock


[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?

2009-10-15 Thread Chris Babcock

On Thu, 15 Oct 2009 12:32:19 +0700
Dwi Sasongko Supriyadi ruck...@gmail.com wrote:

 Okay. If Mallory changed Bob's password after successfully get in,
 Can Bob still access his account through his application (which is
 authorized)? 

Yes, OAuth apps that have their own authentication context would still work
for Bob. A change in Bob's Twitter password will not prevent the OAuth
application from working. As long as Bob can prove that he is Bob to
the application's satisfication then he can use that application and
that application can use OAuth tokens that Bob previously authorized.

 From your explanation above, the answer is no, it is
 impossible. Since Bob cannot sign in anymore, Mallory has changed his
 password.

The application may or may not relay on Twitter itself to authenticate
the Twitter user after it has obtained a token. While Twitter is kind
enough to give us the Sign-in with Twitter work flow, OAuth does not
specify the means by which the application should authenticate the user.

Account hi-jacking is a minor risk; It is auditable and reversible.
OAuth is low risk because it is being offered in parallel with HTTP
methods that have known vulnerabilities. Twitter accounts are low risk
targets because the content is public, transient and repudiatable.

A threat model that over-emphasizes those risks reveals fundamental
misperceptions about the Twitter meme that is going to result in
disappointment when those misperceptions attempt to manifest themselves
as a business model.

Chris Babcock



[twitter-dev] Re: url fail

2009-10-15 Thread Chris Babcock



 Using IE seems like a personal problem, and something you'll have to
 conquer on your own ;)

Yes, but sending a screenshot to a development mailing list to report a
broken link on a website is so wrong on so many levels... 

Using IE is a bit like smoking marijauna after work or having an
expensive fetish - as long you don't drive while you're doing it or
involve vulnerable members of society then there's no harm in it.

On the other hand, can you imagine what life would be like if every
user sent a screen shot of the fail whale to a random Twitter contact
every time *that* happened with a comment like Someone might want to
look into this? 

With the OP's reputation as a spamware vender and FUDmonger, I think we
may have to face the fact that he has finally unleashed his master plan
to bring down the Internet. We may be looking at the equivalent of the
'Dr. Doofenshmirtz Roller Skating in His Underwear Until He Falls Head
First into a Toilet' video. If this practice goes viral, it could make
the original Twitapocalypse seem like a spring day.

Chris Babcock


[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?

2009-10-14 Thread Chris Babcock

On Tue, 13 Oct 2009 23:48:13 -0700 (PDT)
ruckuus ruck...@gmail.com wrote:

 Is there anyone have an experience to hijack a twitter account?

The security profile of a Twitter account is no different than that of
many other on-line services. The major weaknesses are signing in over
HTTP, accepting insecure cookies for account modifications and password
'reminders' (actually replacements) by email.

 well, the story is really weird. There is a celebrity's account
 hijacked (password stolen, etc), and then he created a new account,
 the told the world that he could do something in his old account, e.g.
 sending a new tweet as usual.
 
 This case is the same with: Bob can tweet in Alice's timeline. Can Bob
 do that? This is almost being very stupid question, and the answer is:
 IMPOSSIBLE, or possible with an 'if' ...?

There are a couple scenarios. 

The thing that gets overlooked in these discussions is how these
situations benefit the attacker. It's not a technical challenge, so
there's no Cracker Glory in it. There's no money involved. Twitter could
always return control of a hijacked account manually. It's a risk
without reward. Most anyone suitably incentivized to run exploits would
be better served by attacking the service as a whole anonymously than
attacking one account.

 To make long story short, I am developing a twitter client in C, and I
 am implementing oauth with liboauth and I feel I do not deeply
 understood of oauth in the case above (hijack vulnerability).

If you use OAuth with a desktop client, you are distributing your
secret key with the application. Users should not assume that an
authorization request for your app is from their copy of the app
unless they initiated the transaction.

Chris Babcock




[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?

2009-10-14 Thread Chris Babcock

The situation in this scenario is that Mallory phished Bob's Twitter
credentials and used them to authorize access for himself with an OAuth
App that Bob also uses. Mallory can only be detected by the changes he
makes in the account; He cannot be detected by viewing the list of
OAuth apps with access to the account. Additionally, Mallory's access
does not disturb Bob's access to the account via the OAuth consumer App.

This scenario is largely equivalent to Mallory's posession of the
credentials themselves. The only difference is that Mallory retains
certain capabilities even if the credentials he obtained are changed.

The real security profile for this scenario is that it adds an extra
layer of maintenance to be done by a user if a compromise is suspected.
In addition to changing passwords, Bob should cancel all other accesses
to his account and reauthorize those that are trusted and necessary.

Chris Babcock


On Wed, 14 Oct 2009 20:17:48 +0530
srikanth reddy srikanth.yara...@gmail.com wrote:

 Yes. The risk is high with Desktop apps as Consumer secret/keys are
 distributed.
 
 On Wed, Oct 14, 2009 at 8:04 PM, Dewald Pretorius dpr...@gmail.com
 wrote:
 
 
  So this is a problem with web apps as well then.
 
  If User Bob authorized Web App to work on his account, and Phishing
  Dude also authorizes his Web App account to work on User Bob's
  Twitter account because he phished User Bob's Twitter username and
  password, User Bob is blissfully unaware of that?
 


[twitter-dev] Re: Randomly Sampling Users: Suggestions?

2009-10-12 Thread Chris Babcock


 I am doing some research using the Twitter API and I would like to get
 a random sample of Twitter users. Any ideas of how this can be
 accomplished?

Here's a start:
http://en.wikipedia.org/wiki/Sampling_(statistics)

At this point you are asking for a sampling method without providing an
adequate definition of the population.

 So far, I have scraped 2 weeks from the Streaming API and extracted 3
 million user IDs from the stream. Any arguments as to whether or not
 this could constitute random?

That sample will be biased towards more active posters and may include
some demographic biases due to seasonal activities during the limited
time frame of the sample.

Chris Babcock


[twitter-dev] Re: twitter.com/followers/befriend_all ?

2009-10-09 Thread Chris Thomson


There's no need to bump threads here.

As for your question, I believe the befriend_all link was available a  
year (or two) ago, until people abused it. If I remember correctly, it  
was accessible through a GET request which made it easy to abuse  
(shorten the link, tweet it out, boom!). Someone please correct me if  
I'm wrong, though. :)


--
Chris Thomson

On 2009-10-09, at 8:29 AM, Rick Yazwinski wrote:



Bump..

On Wed, Oct 7, 2009 at 2:29 PM, Rick Yazwinski rick.yazwin...@gmail.com 
 wrote:

I see comments via google about having a bot call this regularily to
make sure your bot follows anyone following the bot... makes sense
(rather than getting all friends and all followers and issuing
seperate friend requests), however I see no reference to it on the
twitter api site.

Is this legit?

When I call it it just redirects to my home page.

Rick...




[twitter-dev] Re: How to know numberof result total agian keyword search?

2009-10-03 Thread Chris Thomson


No, there isn't a way. 
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/30fe89346814f42d#

--
Chris Thomson

On 2009-10-03, at 8:54 AM, Gohar Sultan wrote:


Hi,
I am new to twitter API, and i want to know total number of results  
found against any keyword search.


Please help me,


Thanks,
Gohar Sultan




[twitter-dev] monitor a #

2009-10-01 Thread Chris

I want to write a tool that monitors a channel, say #startnow, and
checks say, every minute, to see if its been updated.

How would I do this? I'm good with php, but won't that only check
every time someone loads a php page? How do people like @hashphp reply
to everyone that posts in #php?

Thanks,
Chris


[twitter-dev] Re: monitor a #

2009-10-01 Thread Chris

Appreciate all the help from you guys. Anyone want to link me to a C++
or cURL tutorial?
Bless,
Chris

On Oct 1, 10:13 am, Andrew Badera and...@badera.us wrote:
 5am Eastern, it's probably forgivable. ;)

 On Thu, Oct 1, 2009 at 5:08 AM, Kevin Mesiab ke...@mesiablabs.com wrote:

  Attention to detail fail. ;)

  On Wed, Sep 30, 2009 at 11:01 PM, Andrew Badera and...@badera.us wrote:

  And, that only works if you have appropriate access to the server.

  On Thu, Oct 1, 2009 at 5:00 AM, Andrew Badera and...@badera.us wrote:
  Read #2 Kevin.

  ∞ Andy Badera
  ∞ +1 518-641-1280
  ∞ This email is: [ ] bloggable [x] ask first [ ] private
  ∞ Google me:http://www.google.com/search?q=andrew%20badera

  On Thu, Oct 1, 2009 at 4:59 AM, Kevin Mesiab ke...@mesiablabs.com wrote:

  Or a chron job ;)

  On Wed, Sep 30, 2009 at 10:53 PM, Andrew Badera and...@badera.us wrote:

  You have to think beyond PHP.

  1) Consider having a third-party ping monitoring utility ping your PHP
  script to hit the Search API for the tag once a minute.
  2) Write something in Python or Ruby or C++ and have it run on the
  server as a daemon, once a minute. Or have curl or something else
  local on the server cron'd to call your script once a minute.
  3)  Chad Etzel's TweetHook might be a more real-time option for you
  and would remove the necessity of you doing something once a minute --
  I would definitely check it out. It will automagically post search
  data back to your hook callback URL.

  ∞ Andy Badera
  ∞ +1 518-641-1280
  ∞ This email is: [ ] bloggable [x] ask first [ ] private
  ∞ Google me:http://www.google.com/search?q=andrew%20badera

  On Thu, Oct 1, 2009 at 4:27 AM, Chris bigonr...@googlemail.com wrote:

  I want to write a tool that monitors a channel, say #startnow, and
  checks say, every minute, to see if its been updated.

  How would I do this? I'm good with php, but won't that only check
  every time someone loads a php page? How do people like @hashphp reply
  to everyone that posts in #php?

  Thanks,
  Chris

  --
  Kevin Mesiab
  CEO, Mesiab Labs L.L.C.
 http://twitter.com/kmesiab
 http://mesiablabs.com
 http://retweet.com

  --
  Kevin Mesiab
  CEO, Mesiab Labs L.L.C.
 http://twitter.com/kmesiab
 http://mesiablabs.com
 http://retweet.com


[twitter-dev] Re: About the oneforty application directory

2009-09-29 Thread Chris Babcock

On Mon, 28 Sep 2009 16:49:29 -0700 (PDT)
Dewald Pretorius dpr...@gmail.com wrote:

 Then I don't understand. Why would OneForty elect to pay the
 developer's 70% in the form of a gift or donation to the developer?

All hypothetical, no malice imputed...

 - What if program costs run away and there isn't enough $$$ to cover
   the obligations? How much can developers legally recover? 30%.

 - Above a certain $$$ threshold, the accounting requirements change.
   Reporting 70% of the distribution as a gift effective triples the
   total payments that can be made to a developer before tax status
   changes.

 - Some development *is* done by non-profit organizations or could
   possibly be donated to a non-profit. If the structure of the
   developer agreement was conduscive to it, as this is, then
   non-profit work and code donations to non-profit orgs would be
   encouraged and there could be tax benefits.

Chris Babcock



[twitter-dev] Question on Account Suspension

2009-09-19 Thread Chris Latko


According to the new terms of service, it seems that there is much  
more that can get an account suspended. I've seen many friends have  
their accounts obliterated for apparently no reason. I'm wondering if  
Twitter is just a bit too trigger happy now. Having just been  
suspended, now I'm feeling the pain. This is my main account and  
without it, I feel lost at sea. I expect there are thousands of others  
who feel the same way. Is there anything I can do to not wait what  
seems like an eternity for my account to be reinstated?


Thanks.

--
Chris Latko
www.latko.org
@clatko





[twitter-dev] Re: Widget - external links ?

2009-09-09 Thread Chris

Big thanks from my side, it works perfect !

On 8 Sep., 20:25, Stuart stut...@gmail.com wrote:
 2009/9/8 Chris abcnoct...@googlemail.com:



  Hi everybody,
  I'm trying to use the widget to have a shoutbox.

  I'm using this one:
 http://twitter.com/goodies/widget_search

  I am using iframes, so when I click on the links of the shoutbox, they
  open only in the iframe.

  I there a way to set the target of all links in the shoutbox on
  _blank ?

 Put a base tag in the head section:http://www.w3schools.com/TAGS/tag_base.asp

 -Stuart

 --http://stut.net/projects/twitter/


[twitter-dev] Widget - external links ?

2009-09-08 Thread Chris

Hi everybody,
I'm trying to use the widget to have a shoutbox.

I'm using this one:
http://twitter.com/goodies/widget_search

I am using iframes, so when I click on the links of the shoutbox, they
open only in the iframe.

I there a way to set the target of all links in the shoutbox on
_blank ?

Best regards
Chris


[twitter-dev] Re: Implementing update via JS

2009-09-08 Thread Chris Babcock

On Mon, 7 Sep 2009 02:06:33 -0700 (PDT)
Srinivas srinivas.venka...@gmail.com wrote:

 
 Hi,
I have to implement updating Twitter status through JS.
 Need pointers on how to get started

http://apiwiki.twitter.com/Libraries#JavaScript


[twitter-dev] Re: Read Status in API

2009-09-04 Thread Chris

On Aug 7, 2:56 am, Abraham Williams 4bra...@gmail.com wrote:
 I've heard Al3x mention adding flags so that application A tells twitter the
 user read their friends timeline up to stats xyz so when they start using
 application B it can jump over already read statuses. I have no idea the
 status of this feature or if it is still being considered.


Yes, I would imagine adding a flag that when the authenticated user
pulls from the API it would flag it as consumed.


[twitter-dev] Re: Is twitter a fad or worth development efforts?

2009-09-04 Thread Chris Babcock
 commodity that
Twitter can gateway here is access to the Tweet stream.

 A rich developer community, incentivized by a Twitter regulated app
 store, and a firm developer bill of rights will ensure Twitter stays
 relevant (and its users enjoy a rich experience) for a lot longer than
 it should.  It also gets to 'grow up' into a real company and earn
 revenue from a reseller split (again, via Apple).

I'm not developing for Yahoo because their terms say that I'm not
supposed to compete with their services. That means if I run a game and
it is successful then they can copy it and I'm out of business. There's
no viable revenue model for those terms of service.

A developers' rights doc would be a huge plus. The 'app store' metaphor
and central regulation do not necessarily follow, except as part of
following the hardware vendor's pattern. Twitter itself is a great
vehicle for consensus building and Twitter apps could easily be self
regulating.

One of the problems of all this speculation, however, is that it
doesn't really change anything. Twitter's fortunes will rise or fall on
their own strategy and implementation. Whether we participate in that
success of failure depends on our respective capacities for risk.

In Hollywood (where I've never lived), they have an expression, If you
have to ask, you can't afford it.

Chris Babcock






[twitter-dev] Re: Find twitter account from email address?

2009-09-03 Thread Chris Babcock

 Ok, the long answer is no too.

Here is the long answer: http://www.youtube.com/watch?v=3zNjQecyjE8

Chris Babcock


[twitter-dev] Re: Using Twitter API by Nick Beam

2009-09-01 Thread Chris Babcock

  Andrew Badera and...@badera.us wrote:  
   TEXT AVALANCHE! RUN!  
  
 On Sep 1, 1:22 am, Chris Babcock cbabc...@kolonelpanic.org wrote:
  Paste Bin - pastebin.com - is our friend.

On Mon, 31 Aug 2009 18:49:26 -0700 (PDT)
Pj pravee...@gmail.com wrote:

 Are there any Documentation to refer to?
 
If you are going to send more than one or two lines of sample code then
using pastebin or a similar site instead of sending the code by email
can help avoid the problem of leaving a brainy mess on the keyboard for
our spouses to clean up. I think that a link to pastebin.com is a
slightly more constructive, though significantly less cathartic,
approach than shouting TEXT AVALANCHE! RUN!

As for your question... In a Tweet, docs twitter api php lib - Google
Search http://bit.ly/Ww09j  which brings us back to our punchline,
Google is your friend.

Chris Babcock



[twitter-dev] Re: Using Twitter API by Nick Beam

2009-08-31 Thread Chris Babcock

Paste Bin - pastebin.com - is our friend.

Chris


On Mon, 31 Aug 2009 16:17:55 -0400
Andrew Badera and...@badera.us wrote:

 TEXT AVALANCHE! RUN!
 
 ∞ Andy Badera
 ∞ This email is: [ ] bloggable [x] ask first [ ] private
 ∞ Google me:
 http://www.google.com/search?q=(andrew+badera)+OR+(andy+badera)
 
 
 
 On Mon, Aug 31, 2009 at 3:27 PM, Pjpravee...@gmail.com wrote:
 
  Can anyone please assist me on how to use/call this API functions
  with php?
 
  I tried
  ?php
 
  require(new.class.php);
 
  $twitter = new Twitter(, );
 
  $msg = $twitter-getMessages(xml);
 
  echo pre. $msg. /pre;
 
  ?
 
  And something weird displayed..
  thanks in advance.
 
  //new.class.php\\
  ?php
  /**
   * Twitter interface class
   * Nov 26 2007 Nick Beam
   * Bugs, comments, questions: winkerb...@gmail.com
   * http://rbrw.net -- http://tinydinosaur.com
   *
   * This is a simple interface to the Twitter API.
   * I've tried to keep as close as possible to the real API
   *   calls (some had to be changed due to ambiguity), but all
   *   of the arguments are as they are in the official docs.
   *
   * Usage:
   *  $twitter = new Twitter(username, password);
   *  $public_timeline_xml = $twitter-getPublicTimeline(xml);
   *
   * Methods:
   *  getPublicTimeline($format [, $since_id])
   *  getFriendsTimeline($format [, $id [, $since ]])
   *  getUserTimeline($format [, $id [, $count [, $since ]]])
   *  showStatus($format, $id)
   *  updateStatus($status)
   *  destroyStatus($format, $id)
   *  getReplies($format [, $page ])
   *  getFriends($format [, $id ])
   *  getFollowers($format [, $lite ])
   *  getFeatured($format)
   *  showUser($format [, $id [, $email ]])
   *  getMessages($format [, $since [, $since_id [, $page ]]])
   *  getSentMessages($format [, $since [, $since_id [, $page ]]])
   *  newMessage($format, $user, $text)
   *  destroyMessage($format, $id)
   *  createFriendship($format, $id)
   *  destroyFriendship($format, $id)
   *  verifyCredentials([$format])
   *  endSession()
   *  getArchive($format [, $page ])
   *  getFavorites($format [, $id [, $page ]])
   *  createFavorite($format, $id)
   *  destroyFavorite($format, $id)
   *  lastStatusCode()
   *  lastAPICall()
   */
 
  class Twitter {
         /* Username:password format string */
         private $credentials;
 
         /* Contains the last HTTP status code returned */
         private $http_status;
 
         /* Contains the last API call */
         private $last_api_call;
 
         /* Twitter class constructor */
         function Twitter($username, $password) {
                 $this-credentials = sprintf(%s:%s, $username,
  $password); }
 
         function getPublicTimeline($format, $since_id = 0) {
                 $api_call =
  sprintf(http://twitter.com/statuses/public_timeline. %s, $format);
                 if ($since_id  0) {
                         $api_call .= sprintf(?since_id=%d,
  $since_id); }
                 return $this-APICall($api_call);
         }
 
         function getFriendsTimeline($format, $id = NULL, $since =
  NULL) { if ($id != NULL) {
                         $api_call =
  sprintf(http://twitter.com/statuses/friends_timeline/ %s.%s, $id,
  $format); }
                 else {
                         $api_call =
  sprintf(http://twitter.com/statuses/friends_timeline. %s,
  $format); }
                 if ($since != NULL) {
                         $api_call .= sprintf(?since=%s,
  urlencode($since)); }
                 return $this-APICall($api_call, true);
         }
 
         function getUserTimeline($format, $id = NULL, $count = 20,
  $since = NULL) {
                 if ($id != NULL) {
                         $api_call =
  sprintf(http://twitter.com/statuses/user_timeline/%s. %s, $id,
  $format); }
                 else {
                         $api_call =
  sprintf(http://twitter.com/statuses/user_timeline.%s;, $format);
                 }
                 if ($count != 20) {
                         $api_call .= sprintf(?count=%d, $count);
                 }
                 if ($since != NULL) {
                         $api_call .= sprintf(%ssince=%s,
  (strpos($api_call, ?count=) === false) ? ? : ,
  urlencode($since)); }
                 return $this-APICall($api_call, true);
         }
 
         function showStatus($format, $id) {
                 $api_call =
  sprintf(http://twitter.com/statuses/show/%d.%s;, $id, $format);
                 return $this-APICall($api_call);
         }
 
         function updateStatus($status) {
                 $status =
  urlencode(stripslashes(urldecode($status))); $api_call =
  sprintf(http://twitter.com/statuses/update.xml?status= %s,
  $status); return $this-APICall($api_call, true, true);
         }
 
         function getReplies($format, $page = 0) {
                 $api_call =
  sprintf(http://twitter.com/statuses/replies.%s;, $format);
                 if ($page

[twitter-dev] Re: Installing Modules

2009-08-30 Thread Chris Babcock

On Sat, 29 Aug 2009 23:08:28 -0700 (PDT)
Kidd jva...@gmail.com wrote:

 
 I'm new to python and just want to install the twitter module, but no
 one on here explains how, probably because this is a common function
 for veterans.
 
 How do I install this or any module?  I've downloaded the tar file to
 my downloads folder on my mac.

This is your new best friend: http://docs.python.org/install/index.html

This is the best place to ask really basic Python questions:

http://www.python.org/community/lists/#tutor

Best,
Chris Babcock


[twitter-dev] Re: oAuth doubt : do we need get access permission from user every time

2009-08-24 Thread Chris Babcock


 I understand that we can store the access token in DB.
 but how do i know the logged in user's screen name after session
 timeout?

Nowhere in the entire OAuth workflow do you handle users' passwords or
their usernames. A benefit is that you do not need the Twitter username
to perform any function on the users' behalf with the Twitter API any
more than you need the password.

If it happens that you need the username for some other business reason
then you can call a GET method that returns user profile information to
obtain the user name. The account/verify_credentials methods is most
common for this purpose, but reliance on this method can make your app
subject to DoS because the call has a low, per-user rate limit to
protect against brute force password hacking. You can obtain the user
id from statuses/user_timeline as well. Send count=1 if you do not need
the statuses themselves. 

Better yet, design your app to not require that you know the username,
if possible.

Chris Babcock



[twitter-dev] Re: oAuth doubt : do we need get access permission from user every time

2009-08-24 Thread Chris Babcock

On Mon, 24 Aug 2009 05:21:05 -0700 (PDT)
J. Dale dale.gonza...@gmail.com wrote:

 I've read the http://apiwiki.twitter.com/Sign-in-with-Twitter FAQ and
 they say that access tokens don't expire.  However, it appears that
 they do.  Has anyone else noticed that storing access tokens in the
 database doesn't really work?

Even if access tokens do not expire, there are other reasons why they
may fail to persist. Your algorithm for using a token should include a
recovery method in the event that authentication fails. Given the work
flow for Sign-in-with-Twitter, that should be a matter of storing the
request in a way that the landing page for your app can recover it and
direct the user there after re-authenticating. If the user is logged
into Twitter and hasn't revoked your App then they won't see anything
while the redirection is occuring.

Chris Babcock



[twitter-dev] Re: oAuth doubt : do we need get access permission from user every time

2009-08-24 Thread Chris Babcock

On Mon, 24 Aug 2009 03:04:52 -0700 (PDT)
abhishek sanoujam abhi.sanou...@gmail.com wrote:

 You don't need to get permission everytime from the user if you are
 going to store it in a DB. The problem with this is that you will have
 to implement another level of authorization in your site/app, kind of
 a password for your app, so that when the session times out, or a user
 comes back again, he can authorize with your site's password and thus
 you can use the initial access token granted behind the scenes.

Right, you need your own session management. That can be anything from
HTTP Auth to cookies to your own User Database and the authentication 
routines native to your scripting language or framework.

 This way of doing things is against the Sign in with Twitter
 philosophy, but then I also don't see a way of re-using the access
 token if you are going with Sign in with Twitter philosophy. You are
 going to ask the user everytime (which means a If you use a cookie,
 or HTTP Basic Auth with anonymous users.new access token),

Sign in with Twitter isn't conceptually compatible with the design of
OAuth authentication, but it makes an attempt to deliver on what the
consumer expects from it. OAuth authentication allows the Consumer App
to use the Service Provider in the place of the user without knowledge
of the user name or password. It serves those authentication needs, but
as you see it doesn't meet some of the other expectations.

That some of these expectations are faulty, isn't of concern to our
users, nor should we necessarily expect the service provider to bear
the full brunt of building the bridge between the spec and the
expectation. Otherwise, what are you getting paid for? :-)

 and after getting a new access token, you are going to do
 verifyCredentials (to find out who logged in actually)... 

Everyone assumes that this is something they need to know and that the
verify credentials is the only way to find that out. Both assumptions
are false, at least as far as the functionality provided by the Twitter
API.

You don't need to know the user name to use OAuth. Access to API
methods using OAuth is as agnostic of usernames as it is passwords.

If you do need to know the user name then verify credentials is the
easiest and most obvious, but not the best, way to get it.

 and verify-
 credentials is limited to only 15 requests per 1 hour. This seems like
 using Sign in with Twitter and not reusing access token, you can
 login only 15 times in an hour? I hope this is not correct... but thts
 what I understand from
 http://apiwiki.twitter.com/Twitter-REST-API-Method:-account%C2%A0verify_credentials...
 If my assumptions are correct, 15 wrong verify-credentials requests
 from your site will halt your site for at least 1 hour .. and another
 15 wrong requests for another 1 hour... which seems too easy for your
 competitors to block your app!! I'd rather add another authorization
 level in my app than face this...

No, you get 15 verify credentials requests per user regardless of
correctness or source. Since OAuth does not know the user, you may get
unlimited rejections but only 15 confirmations - shared with all other
apps regardless of their authentication method. That is why you can't
rely on it.

Instead, use http://twitter.com/statuses/user_timeline.xml?count=1 if
obtaining the user name is critical. If you are using Twitter accounts
to authenticate users on your site for non-Twitter services then
remember that screen names can change. Use the user_id instead.

Chris Babcock



[twitter-dev] Re: oAuth doubt : do we need get access permission from user every time

2009-08-24 Thread Chris Babcock

On Mon, 24 Aug 2009 20:43:57 +0530
srikanth reddy srikanth.yara...@gmail.com wrote:

 just to add you can obtain the user id , screen name along with access
 token/secret . You need to cache this.


I stopped development on my own API library and decided to use Python
for my app when Twython was introduced, so I haven't had a chance to
send an OAuth request and examine the returns, which aren't documented.

Do you mean to say that the OAuth call returns the user record? That
makes sense, but it doesn't explain the pathological obsession with
working the verify credentials call into the work flow that I've seen.

Chris Babcock



[twitter-dev] Re: oAuth doubt : do we need get access permission from user every time

2009-08-24 Thread Chris Babcock

On Mon, 24 Aug 2009 22:06:21 +0530
srikanth reddy srikanth.yara...@gmail.com wrote:

  Sign in with Twitter isn't conceptually compatible with the design
  of OAuth authentication, but it makes an attempt to deliver on what
  the consumer expects from it.
   
 i am not sure i get this But from Desktop app point of view it
 perfectly makes sense. You do not ask the user to login again  rather
 you use the stored tokens .

For a desktop, the consumer app lives on the same machine that the end
user is using. In that case, the only reasons to use OAuth instead of
Basic would be that an HTTPS connection cannot be reliably established
or the server application has stated that it intends not to support
Basic after some time. That's not the target use case for Oauth
Authentication, which was designed so that end users could delegate a
third party to authenticate as the end user and act on his behalf.

Authentication there means allowing the app to authenticate as the
user, which makes it a needless complication for a desktop application,
and counter intuitive for a Consumer who is expecting Authenticate the
End User to me instead of Authenticate me to the Service Provider as
the End User.

That is why there have been such hacks to get it to work with iPhone
and why there are still open issues. There is acknowledgement in the
spec that Service Providers should not trust the Consumer Secret, but
good luck educating end users not to approve a token unless they
initiate the request.

Paradoxically, probably because of the length of the distribution cycle,
desktop apps seem to have been among the first to implement OAuth.

Chris



[twitter-dev] Re: OAuth API for Third Party Services

2009-08-24 Thread Chris Babcock

On Mon, 24 Aug 2009 11:14:12 -0700 (PDT)
Greg gregory.av...@gmail.com wrote:

 When I first started programming Twitter application using OAuth - I
 thought that eventually it would open up to allow Third Party API
 (TwitPic, TweetPhoto) to start using OAuth tokens to authenticate.
 However - its been a while since this has gain any air.

Twitter got burned with early adoption and the sesion-fixation
vulnerability. Not that their service gat hacked through it, but
because they didn't point the finger of blame when they pulled the API.
There might be quite a bit of wait and see going on because of that,
because of the way SSO has faltered, and because of the general FUD
that always surrounds security issues.

 Is this something that would should be seeing from third-party
 services in the future? Thinking about it - your tokens authenticate
 you only for that specific application with the consumer key and
 consumer secret - how could it be possible to authenticate you on
 another service?

By design, the user has to authorize each combination of Consumer and
Service Provider separately. Trust me, you wouldn't want the kind of
interoperability that you seem to be asking for here. It would either
open up tons of man in the middle vulnerabilities or be horridly
complicated to implement, which has its own risks.

 If not - what's the point of OAuth? You can't integrate with other
 Twitter Services without having the user sign in again.

OAuth will be gaining traction as part of OpenSocial. There could very
well be sites that are waiting for this or waiting for better support
infrastructure. 

I have a game site that I'm looking to let users promote by pushing
information about forming games out to as many social media outlets as
I can support. Facebook is low on my list because it already has an
implementation of the game I offer and, even though the implementation
isn't very good, the Facebook API is too involved for me to make a run
at share shifting them until I've built more share elsewhere. High on
my list are sites that are using Open Social, like Avatars United, or
where I only need one or two features of the API, like MeetUps. Twitter
is on my list because the API is just simple and well-used enough that
it would be worthwhile to write and maintain a library on my own.

Seriously, though, if we're busting out of our skulls thinking how this
affects us as Consumers, think about how it has to be affecting the
service providers with 100's of thousands or 44.5 millions of users.

Chris



[twitter-dev] Re: how can I get user address using Twitter API?

2009-08-22 Thread Chris Babcock

   I am trying to integrate Twitter OAuth with my website. Right now
   I can use this API
   (https://twitter.com/account/verify_credentials.xml) to get lots
   of profile information like user ID, screen name, but I didn't
   any info about the user email address. Is there any API to get
   email address? Thanks in advance.
 
 Is there any reason twitter doesn't support it? it is so weird.


App User:
Morning,

Mail Server:
Morning.

App User:
What have you got?

Mail Server:
Well, there's egg and bacon,
egg sausage and bacon
Egg and spam
Egg, bacon and spam
Egg, bacon, sausage and spam
Spam, bacon, sausage and spam
Spam, egg, spam, spam, bacon and spam
Spam, sausage, spam, spam, spam, bacon, spam tomato and spam
Spam, spam, spam, egg and spam
Spam, spam, spam, spam, spam, spam, baked beans, spam, spam, spam and spam.

(Developers: Spam! Spam! Spam! Spam! Lovely Spam! Lovely Spam!)

Or Lobster Thermidor aux crevettes with a mornay sauce
served in a provencale manner with shallots and aubergines
garnished with truffle pate, brandy and a fried egg on top and spam.

Email User:
Have you got anything without spam?

Mail Server:
Well, the spam, eggs, sausage and spam
That's not got much spam in it

Email User:
I don't want any spam!

App User:
Why can't she have eggs, bacon, spam and sausage?

Email User:
That's got spam in it!

App User:
Hasn't got much spam in it as spam, eggs, sausage and spam has it?

(Developers: Spam! Spam! Spam!...)

Email User:
Could you do me eggs, bacon, spam and sausage without the spam, then?

Mail Server:
Iiiich!!

Email User:
What do you mean 'Iich'? I don't like spam!

(Developers: Lovely spam! Wonderful spam!)

Mail Server (to Developers):
Shut up!

(Developers: Lovely spam! Wonderful spam!)

Mail Server:
Shut Up! Bloody Developers!
You can't have egg, bacon, spam and sausage without the spam.

Email User:
I don't like spam!

App User:
Shush dear, don't have a fuss. I'll have your spam. I love it,
I'm having spam, spam, spam, spam, spam, spam, spam, baked beans,
spam, spam, spam, and spam!

(Developers: Spam! Spam! Spam! Spam! Lovely spam! Wonderful spam!)

Mail Server:
Shut Up!! Baked beans are off.

App User:
Well, could I have her spam instead of the baked beans then?

Mail Server:
You mean spam, spam, spam, spam, spam, spam, spam, spam, spam, spam, spam,
spam and spam?

Developers (intervening):
Spam! Spam! Spam! Spam!
Lovely spam! Wonderful spam!
Spam spa-a-a-a-a-am spam spa-a-a-a-a-am spam.
Lovely spam! Lovely spam! Lovely spam! Lovely spam!
Spam spam spam spam! 

Chris Babcock



[twitter-dev] Re: how can I get user address using Twitter API?

2009-08-22 Thread Chris Babcock

   I am trying to integrate Twitter OAuth with my website. Right now
   I can use this API
   (https://twitter.com/account/verify_credentials.xml) to get lots
   of profile information like user ID, screen name, but I didn't
   any info about the user email address. Is there any API to get
   email address? Thanks in advance.
 
 
 Is there any reason twitter doesn't support it? it is so weird.

Levity aside, even if the user grants you rights to do everything else
possible with his or her Twitter account, that does not absolve Twitter
of the right and the responsibility to maintain the privacy of the
email address used on the account.

There is also the next logical stop after getting an address via the
API, which is changing it via the API. Why not allow that too? Well,
maybe because it would make using OAuth as insecure as using basic with
3rd party services. Being able to change the email address on an account
that offers password recovery services is the same as being able to
change the password and lock out the original user. 

Identifying the email account used to register for a service is not only
a Spam concern, but it is also a step towards being able to hi-jack the
account. Instead of needing to crack one password to access the
account, a hacker can choose one of two. Also, most email users don't
control their own mail infrastructure, so passwords shared across
acounts and the lack of implementation of secure protocols for services
means that doubling the number of services exposed to attack more than
doubles the chances of an attack being successful. 

I'm not saying that Twitter is a secure service, but that publishing
the email address given by the user for the service - even to those who
provide some credentials or level of trust for the account - presents an
additional level of trust that cannot be safely implied from the
initial delegation. 

Chris Babcock



[twitter-dev] Re: how can I get user address using Twitter API?

2009-08-22 Thread Chris Babcock

On Sat, 22 Aug 2009 10:01:08 -0400
Dossy Shiobara do...@panoptic.com wrote:

 Easy revenue model: sell lookups from email - twitter ID and twitter
 ID - email.  

That's a fair response to an earlier thread about looking up the
Twitter ID by email address. The message to which you were responding
had to do with verify credentials. It's was a fair question as the
implications are for more subtle. Here's the real threat model... 

Provide a service that uses your OAuth key and logs the response to
verify credentials calls. You obtain valid email addresses and names
that people actually use to self-identify. If you use, misuse, abuse or
resell these to third parties, it is traced back to Twitter - not you -
and you have a very high quality list of names and email addresses that
can help your spam mailing score well on some features of some content
filters - including the human eye. What makes it work is that, as far
as the user knows, your service never asked for an email address.

Chris Babcock



[twitter-dev] Re: Can I DM via the API with username and password?

2009-08-22 Thread Chris Babcock

On Fri, 21 Aug 2009 06:43:21 -0700 (PDT)
mchid markchid...@gmail.com wrote:

 I need my app to be able to send a direct message to a registered
 users - so I know their username and the password they use to log in.
 Do I need them to manually authorise this first (using oAuth) or can I
 avoid this?

I think I understand you. You only need to verify that your user is the
account holder for a given Twitter account. You do not need to perform
any actions with their account. You want to implement a feature similar
to email verification where the user clicks on a link or replies to a
message in order to prove that they own that account - in this case
the Twitter account rather than an email account.

The only problem with this for Twitter is that the user has to be
following you in order to get your direct message. The situation is
analogous to an email user who's mail acount requires that you be
whitelisted first.

 For reference (and for my sins) the app is developed in
 c#.net :)

Say 10 Hail, Bills and give $400 to the wealthy. 

Chris Babcock



[twitter-dev] Re: oAuth consumer keys, tokens...how sensitive are those keys?

2009-08-22 Thread Chris Babcock


 On Aug 19, 10:26 am, Andriy Ivanov tigrus...@gmail.com wrote:
  I've written Desktop app that usesoAuthto communicate with twitter.
  All the keys/tokens/pin I save in Settings file in my project
  (.NET). Is it safe to do so or what is the better approach to save
  this kind of data? What if all the tokens get in hand of evil,
  they can impersonate the user using the tokens, right? Why won't
  tokens expire with Twitter? I am knew to internet protocols, so any
  help would be appreciated. Thanks!

 
 There was some discussion of this at
 http://groups.google.com/group/twitter-development-talk/browse_thread/thread/972b23136fdf9ed8/80d6e999d9dedced?hl=en
 
 An attacker who knows your consumer key and consumer secret can create
 an application that imitates yours. But they can't impersonate a user
 unless they have that user's access token and token secret.
 
Right, that takes a social engineering exploit to complete. After
obtaining the consumer's keys, the malicious user needs to employ it to
impersonate your application so that he can trick your legitimate user
into authorizing a new token to replace the existing one.

OAuth is written with the implicit understanding that the consumer
application lives on a server. In the absence of some scheme for bulk
key assignments, distributing your key and secret with the application
is the only alternative to running all traffic for your app through
your own server.

Chris



[twitter-dev] Re: API Version of /friend_requests?

2009-08-22 Thread Chris Babcock


 Is there an API version of http://twitter.com/friend_requests ? I want
 to be able to pre-authorize people to follow me so that I don't have
 to manually check my email and visit that page every once in a while.

Not necessary. Users can follow you without authorization.

Chris Babcock


  1   2   3   >