[twitter-dev] Re: Grease Monkey and #NewTwitter
Hi Peter, This was done over my weekend and outside of the Twitter development process, which is why I used my personal blog and did a project based on publicly available information. With that in mind, I don't think dev.twitter.com integration is anywhere in the near future (any more so than if anyone else posted this). This was my 3rd party developer side coming back to life for a stint rather than a company- sponsored project. I hope to make more time for 3rd party hacking soon. Cheers; — Matt On Sep 19, 6:14 pm, Peter Denton wrote: > Matt, > Awesome! I can't wait to see the cool things to be developed. Do you think > there will be a showcase on dev.twitter for people to find scripts? > > Regards > Peter > > Sent from my iPhone > > On Sep 19, 2010, at 4:59 PM, Matt Sanford wrote: > > > > > Hi all, > > > Not sure who has #NewTwitter so far, and who has interest in > > Grease Monkey, but I threw together a quick blog post on adding > > content to the new Detail Pane athttp://bit.ly/gm-newtwitter. I'm > > planning to do a second post on more complicated scripts soon (like > > the bit.ly click counter display I'm testing locally). I'm looking > > forward to seeing what other people do with Grease Monkey and > > #NewTwitter as well. > > > Thanks; > > — Matt Sanford > > > -- > > Twitter developer documentation and resources:http://dev.twitter.com/doc > > API updates via Twitter:http://twitter.com/twitterapi > > Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list > > Change your membership to this > > group:http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Grease Monkey and #NewTwitter
Hi all, Not sure who has #NewTwitter so far, and who has interest in Grease Monkey, but I threw together a quick blog post on adding content to the new Detail Pane at http://bit.ly/gm-newtwitter. I'm planning to do a second post on more complicated scripts soon (like the bit.ly click counter display I'm testing locally). I'm looking forward to seeing what other people do with Grease Monkey and #NewTwitter as well. Thanks; — Matt Sanford -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Re: How to filter out utf-8 characters in java
Hi giustin, I don't think it's the same issue since yours is more PHP specific. My guess is that the PHP library in question or the code you're using to process the results is incorrectly converting between UTF-8 and ISO-8859-1 [1]. Maybe someone on the list with some more PHP knowledge can suggest a fix. Thanks; — Matt Sanford / @mzsanford [1] = The UTF-8 encoding of ã is two bytes. When those same two bytes are interpreted as ISO-8859-1 (a.k.a ISO-Latin-1) they are interpreted as two characters, like so (fixed width font required): UTF-8 Bytes vs. Same bytes in ISO-8859-1 n 0x6E n ã 0xC3 à 0xA3 £ o 0x6F o On May 12, 7:19 pm, giustin wrote: > I have similar problems. > > When I try to search using the tag "não" the result is ""não". The > API that I used were Twitter Search API from Ryan Faerman (http:// > ryanfaerman.com/twittersearch/) > > Regards. > > On 12 maio, 21:47, Matt Sanford wrote: > > > > > Hi there, > > > All characters in Tweets are utf-8. I'm assuming you're looking > > for something specific like accents or ASCII-art punctuation. Can you > > describe your problem in a little more detail? I might be able to help > > once I know what you're trying to prevent. > > > Thanks; > > — Matt Sanford / @mzsanford > > > On May 12, 4:21 pm, adamjamesdrew wrote: > > > > any ideas?
[twitter-dev] Re: How to filter out utf-8 characters in java
Hi there, All characters in Tweets are utf-8. I'm assuming you're looking for something specific like accents or ASCII-art punctuation. Can you describe your problem in a little more detail? I might be able to help once I know what you're trying to prevent. Thanks; — Matt Sanford / @mzsanford On May 12, 4:21 pm, adamjamesdrew wrote: > any ideas?
[twitter-dev] Re: Send Cyrillic character (OAuth)
Hi Z-13, Short Answer: This looks like a bug in Tweetr [5]. Long Answer: I'm not familiar with Tweetr, and my Action Script is a bit rusty, but I took a look at the source of the updateStatus method [1]. It looks like the code calls strEscape [2] (also defined in that file [3]), which takes care of some common problems. What it does not do is encode the string as UTF-8. It looks like some special handling is needed in Action Script [4]. There is already a bug opened again Tweetr for this [5]. Thanks; — Matt "Footnote" Sanford / @mzsanford Twitter International [1] - http://svn.swfjunkie.com/websvn/filedetails.php?repname=Tweetr&path=%2Ftrunk%2Fsrc%2Fcom%2Fswfjunkie%2Ftweetr%2FTweetr.as [2] Calling code: vars.status = strEscape(status.substr(0,140)); [3] strEscape: private function strEscape(value:String):String { if (_oAuth) { var str:String = escape(value); str = str.replace(/\//g, "%2F"); str = str.replace(/\*/g, "%2A"); str = str.replace(/\+/g, "%2B"); str = str.replace(/@/g, "%40"); return str; } return value; } [4] - http://blog.dborisenko.com/en/2009/09/05/extended-utf-8-in-oauth-actionscript-library/ [5] - http://bugs.swfjunkie.com/task/30?project=3&status%5B0%5D=open On May 10, 11:54 am, Z-13 wrote: > How does this relate to AIR 1.5 and ActionScript 3?
[twitter-dev] Re: UTF-8 and 140 characters still doesn't work?
Hi Cameron, Raffi asked me about this but since I have a few moments over lunch I figured I would reply to the list. It's been so long but it feels good. Anyway, the issue is the last two bytes of your URL encoded values. From the Ruby irb console I can see: >> CGI.unescape("%e3%83") => "###" >> CGI.unescape("%e3%83").unpack('U*') ArgumentError: malformed UTF-8 character (expected 3 bytes, given 2 bytes) from (irb):13:in `unpack' from (irb):13 The issue is that %e3%83 is incomplete UTF-8. The %e3 is expected to be followed by two bytes, like the "TE" character [1], which is %e3%83%86: >> CGI.unescape("%e3%83%86") => "テ" >> CGI.unescape("%e3%83%86").unpack('U*') => [12486] Since the exact length of the escape sequence is 140 I'm guessing there is still some code truncating the value based on byte counts. Thanks; — Matt Sanford / Twitter Engineer [1] - http://www.fileformat.info/info/unicode/char/30c6/index.htm On Mar 9, 10:35 am, Cameron Kaiser wrote: > So I rewrote TTYtter to count in characters instead of bytes, because users > have been asking for ages for full 140-character tweets, and I was under > the impression that the API now supported them thanks to Raffi's confirmation. > Unfortunately, there seems to be a bug as soon as the tweet gets over 140 > bytes (user credentials removed). The Japanese was picked to be exactly 10 > characters long (the "yo" hiragana lands on the 10th character). The return > block is the response from the server, which is only edited for length. I > attached the transcript. Notice that as soon as it gets overlength, it bombs. > > -- > personal:http://www.cameronkaiser.com/-- > Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com > -- Shady business do not make for sunny life. -- Charlie Chan > - > > utft.txt > 5KViewDownload
[twitter-dev] Re: What is 140 characters?
Hi There, I'm sorry this never got updated. Some changes have been made and are waiting to go out now. When I switched from working on the Platform (formerly API) team to my focus on international I took over this issue. Once this current fix is deployed (probably in a week or so since I'm traveling at the moment) the definition of a character will be consistent throughout our API. The new change will always compute length based on the Unicode NFC [1] version of the string. Using the NFC form makes the 140 character limit based on the length as displayed rather than some under-the-cover byte arithmetic. I more than agree with the above statement that a character is a character and Twitter shouldn't care. Data should be data. The main issue with that is that some clients compose characters and some don't. My common example of this is é. Depending on your client Twitter could get: é - 1 byte - URL Encoded UTF-8: %C3%A9 - http://www.fileformat.info/info/unicode/char/00e9/index.htm -- or -- é - 2 bytes - URL Encoded UTF-8: %65%CC%81 - http://www.fileformat.info/info/unicode/char/0065/index.htm + plus: http://www.fileformat.info/info/unicode/char/0301/index.htm So, my fix will make it so that no matter the client if the user sees é it counts as a single character. I'll announce something in the change log once my fix is deployed. Thanks; — Matt Sanford / @mzsanford [1] - http://www.unicode.org/reports/tr15/ On Sep 9, 6:05 am, TjL wrote: > It's been nearly 6 months. Has this question been answered? If so I missed it. > > > > On Tue, Mar 24, 2009 at 9:36 PM, Alex Payne wrote: > > > Unfortunately, nothing definitive. We're still looking into this. > > > On Tue, Mar 24, 2009 at 07:56, Craig Hockenberry > > wrote: > > >> Any news from the Service Team? I'd really like to get the counters > >> right in an upcoming release... > > >> -ch > > >> On Mar 6, 12:18 pm, Alex Payne wrote: > >>> I'm taking this email to our Service Team, the folks who work on the > >>> back-end of the service. The whole "message body changing as it moves > >>> from cache to backing store" thing is totally unacceptable. Answers > >>> soon. > > >>> On Fri, Mar 6, 2009 at 09:43, Craig Hockenberry > > >>> wrote: > > >>> > Some discussion about this thread popped up on Twitter yesterday: > > >>> > <http://groups.google.com/group/twitter-development-talk/browse_thread/ > >>> > thread/44be91d5ec5850fa> > > >>> > Alex states that it's 140 bytes per tweet. So, of course, Loren > >>> > Brichter and I tried to prove that. With the following results: > > >>> > 1) 140 characters that including ones that include HTML entities: > >>> > <http://twitter.com/gnitset/status/1286202252> > > >>> > At the time of posting, this tweet showed up on the site and in feeds > >>> > with all 140 characters. After a few hours, the "<" was converted to > >>> > "<", increasing the count per character from one to four bytes and > >>> > decreasing the tweet length from 140 characters to 69. (You can see > >>> > this truncation at the end of the tweet: the "&" is from "<") > > >>> > Presumably, this happens as tweets in the memcache are written though > >>> > to the backing store. > > >>> > I also see a lot of Twitter clients that don't realize how special the > >>> > < and > entities are. It took me a LONG time to figure out what > >>> > was going on here. > > >>> > 2) 140 Unicode _multi-byte_ characters: <http://twitter.com/atebits/ > >>> > status/1286199010> > > >>> > What's curious is that Loren's example with 140 characters uses the > >>> > Unicode 27A1 glyph. It uses 3 bytes in UTF-8. Why didn't it get > >>> > truncated? This seems to contradict Alex's statement in the thread > >>> > mentioned above. > > >>> > As people start to use things like Emoji, tinyarro.ws and generally > >>> > figure out that Unicode (UTF-8) is a valid type of data on Twitter, > >>> > our clients should adapt and display more accurate "characters > >>> > remaining" counts. I can count bytes instead of characters, but I'm > >>> > not sure if I should or not. > > >>> > No one likes a truncated tweet: we need an explicit statement on how > >>> > to count and submit multi-byte characters and entities. > > >>> > -ch > > >>> -- > >>> Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x > > > -- > > Alex Payne - API Lead, Twitter, Inc. > >http://twitter.com/al3x
[twitter-dev] Matt Sanford, signing off.
Hi everybody*, Starting next week I'm not going to be responding to mails on the dev list or working on Google Code issues as part of my daily work. I have been working on the Search and API/Platform teams here at Twitter since the acquisition of Summize a year ago and the time has come for a change. I'm leaving both teams to take on the role of technical lead for the new Twitter internationalization team. Anybody who's gotten me talking about language detection or language-specifics (especially in person) knows this is something I have a personal interest in. The other team member are going to continue to keep an eye on the dev list and the Google Code issues. As always you can email a...@twitter.com directly if you need something. I'll continue working on the Google Code issues assigned to me or in some cases someone will take them over next week. I mostly felt like I should send you all a good bye since you're considered an extension of the API/Platform team. This change should be fully backward compatible so I didn't see the need for 7-days notice. Good night, and good luck; – Matt Sanford / @mzsanford Twitter Dev * = Who just said "Hi, Dr. Nick." out loud? Your cube neighbor thinks you're crazy.
[twitter-dev] Re: Atom API From a User not retrieving results
Hi there, If your account is not showing up in Twitter search check out the help article at http://help.twitter.com/forums/10713/entries/16817 Thanks; — Matt Sanford On Jul 17, 2009, at 11:31 AM, brandonvara wrote: I'd like to include my latest tweet in my website but when I try to pull through the atom API i do not get any results. I'm using: http://search.twitter.com/search.atom?q=from:brandonvara I don't have a private account but I'm wondering if I'm not using the correct URL or if there is a setting on my account that needs to be changed. I've replaced my user name with friends usernames and it seems to pull results fine. Any ideas would be so appreciated!!!
[twitter-dev] Re: Query Length
Hello, The length of a query is limited to 140 characters, and the near:/within: need to be translated to a geocode URL parameter. Checkout the documentation at http://apiwiki.twitter.com/Twitter-Search-API-Method%3A-search for more information. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 17, 2009, at 8:54 AM, lukeMV wrote: I am pulling a search query results into a web page that I have... I can have quite a few queries, but it appears that I can max out (resulting in zero results). 1) What is the magic number of queries (including "-" and "OR") 2) Should the "NEAR:" and "WITHIN:" work for pulling tweets on my web site?
[twitter-dev] Re: Filter Profanity
Hello there, There is no stemming available for search (which is the {ducking} -> {duck} conversion). We've talked internally about the profanity issue before so it's something we're aware of. We'll announce something here once we have a plan. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 17, 2009, at 8:34 AM, lukeMV wrote: I have a few questions: I am using API to publish my search query onto a web page. Because the web site is a public site, I don't want profanity. I found that I can eliminate certain words with the "-"... but I also found that my API stops working if I have too many queries... is there a simple query that will block variations of a word. For example: -duck (I want to block "duck") is there something I can type (for example -{duck}) that blocks: ducker, ducking, duckeroo, unduckingbelieveable etc? Thanks
[twitter-dev] Re: HTML escaping by Twitter is really a bug
Hi Bjoern, Short Answer: It's working as designed for security reasons. We don't like it any more than you do. Long Answer: This has come up on the list quite a bit in the past. Like a great many things spammers, scammers and unkind people are the reason we can't have nice things. When we discussed allowing non-escaped data the main argument against it was that the majority of tweets are displayed via HTML and that failing to do that correctly poses a security risk to everyone. We erred on the side of security and caution, returning the data in a way suitable for display on a web page rather than trusting each and every developer to handle it correctly. That would make each developer a single point of failure for security … and that's a whole lot of possible failure. As it stands now a web developer has to go out of their way to enable XSS attacks in tweets. The feeling was that security should be the default, and disabling should be an exercise left to the reader. We're well aware that this is not ideal, and that it's a bit of a pain for non-web applications. We wish we didn't have to do this sort of thing but sometime you have to find a balance between standards, data purity, and protection. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 17, 2009, at 7:53 AM, Bjoern wrote: (somehow got the response above as email, too - sorry for replying twice...) Hi, look for example at this: http://twitter.com/statuses/show/2689100482.json My status update was "test html escaping by twitter bold" but Twitter sends me "test html escaping by twitter <b>bold<\/ b>" So it has transformed the "<" and "<" into HTML entities < and > - that's another thing than URL escaping. Hope that clarifies it? Best wishes, Björn
[twitter-dev] Re: Hashing standard for URLs to find the Twitter version of shortened URLs
Hi Björn, Your proposal works if everybody plays by the rules but I think email spam has taught us that's an unrealistic expectation. Think of shortening malwareurl.com via Bit.ly and then including the hash for the URL to a popular YouTube video. Applications searching for the YouTube video would find the tweet, provide it to users, and infect them. Shorteners have the general problem of not knowing the destination but I think a hash created by the same person who might be trying to trick you in the first place is unreliable. Just a thought. Thanks; — Matt Sanford / @mzsanford On Jul 17, 2009, at 5:50 AM, Bjoern wrote: Hi, this is maybe a bit random, but I feel like throwing the idea out there for fun. It was suggested in a recent discussion thread that to get the Twitter variant of an URL, one could just post the URL to Twitter and see what Twitter makes of it. Since it is infeasible to generate a lot of URLs that way, here is a variant: what if along with posting the URL to twitter, one would also post a short hash of the URL. The hash function would be a standard everybody agrees on. Then to find the Twitter variant of a shortened URL, one could search Twitter for the hash of that URL. So you would not have to post all URLs yourself, you could also benefit from other people having "Twitter-Shortened" the URL before. (Searching for the hash might bring up multiple results, as Twitter does not always shorten the URL - sometimes multiple tries might be necessary). In fact if such a scheme was in place, it would also give people a way to "officially" link to a site. They could add the hash of the destination URL in their tweet and become searchable. I realize that would probably be too geeky for widespread adaption, but in theory I like the idea ;-) Björn
[twitter-dev] Re: search.json pagination returning duplicates
Hi Zac, The response should also include a warning message that since_id was removed. When you paginate we have to remove the since_id so you'll need to keep track of the since_id and stop paginating when you reach it. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 16, 2009, at 11:23 AM, Zac Witte wrote: I'm paginating through a search query that was initially created with a since_id parameter. I'm using the query suggested by next_page, which includes a max_id and not a since_id, which I believe is the correct usage. I'm still getting duplicate tweets. Is anyone else experiencing this?
[twitter-dev] Re: friends timeline help
Hello there, The call to friends_timeline requires authentication. My guess is that you're not sending the authentication header in that request. My ActionScript/Flash is pretty rusty but take a look at the setAuthenticationCredentials function in the TwitterScript library [1] for an example. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://twitterscript.googlecode.com/svn-history/r14/trunk/src/twitter/api/Twitter.as On Jul 15, 2009, at 11:53 PM, nite21 wrote: hi all friends i want to show my friends timeline in flash im using this loadTwitterXML("http://twitter.com/statuses/friends_timeline/ shanebond1982.xml"); but it is giving me an IOError Error opening URL 'http://twitter.com/statuses/friends_timeline/ shanebond1982.xml' Error #2044: Unhandled ioError:. text=Error #2032: Stream Error. URL: http://twitter.com/statuses/friends_timeline/shanebond1982.xml at main1shad_fla::Symbol3_24/loadTwitterXML() at main1shad_fla::Symbol3_24/main1shad_fla::frame2() pls someone help me in this and thanks
[twitter-dev] Re: Is the rate limiting on IP or User a/c
And I did one better, I manually unsubscribed you from the management interface. — Matt On Jul 15, 2009, at 11:27 PM, Chris Thomson wrote: Victor, email twitter-development-talk+unsubscr...@googlegroups.com to unsubscribe. -- Chris Thomson On 2009-07-16, at 2:15 AM, victor castleton wrote: Hello All, can anybody tell how to stop me unwanted mail from coming, I am getting hundreds of mails and I cannot find the way to stop them. Thanks VJC
[twitter-dev] Re: Does Rate Limiting Apply to Users or Clients?
Hi Lee, The rate limit is per-account for authenticated requests, and per- IP address for non-authenticated requests. If you (or anyone) has suggestions on how to make the documentation [1] clearer I'm all for it; please email a...@twitter.com with your suggestions. This seems to be a common point of confusion. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://apiwiki.twitter.com/Rate-limiting On Jul 15, 2009, at 9:13 PM, LEE wrote: If i have 2 accounts "abc" and "efg", then i use a httpclient (java) as a client to get the friend's status from a web application (which use the Twitter4j), then how do this rate limiting for these 2 accounts "abc" and "efg"? each account has 150 requests? The how about the web applicaiton only have 150 requests can be sent? Thanks' Lee On Jul 7, 9:16 am, Abraham Williams <4bra...@gmail.com> wrote: Each account has 150 requests / hr. If that that account is being used from several clients all of the hits will count against the 150. Abraham On Mon, Jul 6, 2009 at 19:54, devstudent wrote: If a person uses 2 clients. Can each client make 150 requests / hr, or does the 150 limit apply to both clients? -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Searching for tweets that refer to an URL still impossible with bit.ly (and others)
Hi there, Please be aware there are update limits in addition to the rate limit. There are also the spam and abuse marshals looking out for accounts acting suspiciously. Posting a bunch of link-only tweets seems like it's very likely to run afoul of them and get the account suspended. I can't say for sure since they're always evolving the types of abuse the check for but I don't recommend this course of action. Have you thought about using one of the APIs built for this, like backtweets [1]? Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - Disclaimer: I've not used the API at http://backtweets.com/api but it seems like what you're looking for. On Jul 15, 2009, at 8:52 AM, Nick Arnett wrote: On Wed, Jul 15, 2009 at 8:45 AM, Bill Kocik wrote: So for 10 URLs, you post 10 status updates, then retrieve your own last 10 updates in one call by retrieving your own timeline via / statuses/user_timeline(and that's the one hit against your rate limit). If Twitter will shorten multiple URLs in the same tweet, you could get even more than that. I just tried putting two longer URLs in a tweet and it didn't shorten them at all, just did the ellipsis thing, so that was inconclusive. This method is rather unreliable, I suppose... and I don't want to post more test tweets. My mother will see them on Facebook and become confused. ;-) Nick
[twitter-dev] Re: How to track a phrase in Streaming API?
Hello, I think the problem is missing quotes and URL encoding. Try curl … -d "track=harry+potter" Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 14, 2009, at 7:29 AM, owkaye wrote: How do I track a phrase like "harry potter"? The docs only show how to track individual words, not phrases ... and this curl command doesn't work properly because it finds tweets with "harry" and not "potter": curl -o /home/ken/twitterStreamJSON.txt http://stream.twitter.com/track.json -u username:password -d track=harry potter, Owkaye
[twitter-dev] Re: Interested in hiring a twitter developer
Hi Jason, Send your information in an email to api AT twitter.com. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 13, 2009, at 1:45 PM, JasonWyatt wrote: Matt, How can I add my name to that page? Thanks -Jason On Jul 13, 10:06 am, Matt Sanford wrote: Hi Dale, Check out the directory on our wiki at:http://apiwiki.twitter.com/Developers Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 13, 2009, at 5:29 AM, Dale wrote: Hi, If there is an excellent Twitter app developer out there (very familiar with APIs), I want to develop an application for my company. Must be willing to sign an NDA and be able to verify your work. Thanks!
[twitter-dev] Re: Rate Limit reporting
Hi Justin, The user:pass is a shortcut used by some browsers and libraries but is not supported in all libraries. What language/library are you using? Most of them have some option for setting the user and password directly. Also, the most common issue when seeing the IP limit is an incorrect password. You should also try calling verify_credentials to make sure the password is correct and everything is being received correctly by Twitter. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 13, 2009, at 9:22 AM, Justin wrote: I feel a bit silly asking this in the time of OAuth - but I'm not quite there yet... So how to return the rate limit for a given user? Looking at the api documentation I presume you need to authenticate (log in) The obvious way to do this is via GET with: http://username:passw...@twitter.com/account/rate_limit_status.xml I've also tried base64'ing the username:password as suggested here: http://en.wikipedia.org/wiki/Basic_access_authentication http://base64(User:Pass)@twitter.com/account/rate_limit_status.xml However, every time I try I'm returned with the rate limit for the IP address and not the user. I know I'm missing something (a few sandwiches from the picnic probably) - could someone enlighten me? Many thanks
[twitter-dev] Re: How to insure that all tweets are retrieved in a search?
for things like this, but as stated above the pagination limit is not something that has a "white list". The streaming API really is the most scalable solution. Thanks! Owkaye Thanks; – Matt Sanford / @mzsanford Twitter Dev
[twitter-dev] Re: Interested in hiring a twitter developer
Hi Dale, Check out the directory on our wiki at: http://apiwiki.twitter.com/Developers Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 13, 2009, at 5:29 AM, Dale wrote: Hi, If there is an excellent Twitter app developer out there (very familiar with APIs), I want to develop an application for my company. Must be willing to sign an NDA and be able to verify your work. Thanks!
[twitter-dev] Re: OAuth: Screen name returned with access token - documented feature?
Hello there, The screen_name and user_id had to be removed from the redirect back to your site but I later added it to the response to the access_token call. That is an official feature and can be relied upon. Looking back it seems I never announced the feature here on the list after I put it on the change log [1]. Sorry I forgot to mention that … feel free to use those parameters. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - May 13th - http://apiwiki.twitter.com/REST-API-Changelog On Jul 11, 2009, at 9:34 AM, Scott Carter wrote: I noted that the screen name (and user id) are returned along with the Access token and secret. It this a documented feature that I can rely upon? The only related thread that I found on this topic was: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/8b24ab7dbb326d5f/10e6b73bd9fdce69 That thread was apparently referring to the callback after authorization and why screen_name and user_id were removed for security reasons. Matt mentioned that the verify_credentials method was the solution in that case. If I have the screen_name available with the Access token/secret, I don't see a need for calling verify_credentials at all in the process. I don't really need the screen name until after I exchange my request token for an access token. Can I rely on getting the screen_name this way? Am I missing another reason for needing to call verify_credentials? Thanks, - Scott Carter @scott_carter http://bigtweet.com
[twitter-dev] Re: Intermittent network failures?
Hi all, There is currently a back-end issue and our operation folks are working on it. Hopefully it will be resolved soon. I'll update you when I know more. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 10, 2009, at 11:51 AM, João Pereira wrote: Hi, I'm also having some problems working with twitter API since the past few hours. Even with the Web interface I'm not able to complete a follow action, for example. It's there anything going on? On Fri, Jul 10, 2009 at 6:59 PM, Jeffrey Greenberg > wrote: I'm not sure what these are but I see them often enough to wonder about the reliability of the network between Twitter and my app. The portion of my app the speaks with Twitter runs on Amazon AWS/EC2. I see a small variety of Curl failures that occur throughout the day. I'm not clear whether these reflect Twitter issues, EC2 issues, or my app. I'd appreciate any illumination as to which of these might be Twitter issues and which are not... I see 5 different Curl failures and take together with the various Twitter Api I am using, there 23 different variants all together. Here they are: Curl error: 0. url: http://twitter.com/followers/ids.xml?user_id=18057710&page=1 Curl error: 0. url: http://twitter.com/followers/ids.xml?user_id=19966258 Curl error: 0. url: http://twitter.com/friends/ids.xml?user_id=14080067 Curl error: 0. url: http://twitter.com/friends/ids.xml?user_id=14623539&page=1 Curl error: 0. url: http://twitter.com/users/show.xml?screen_name=BryanMcKinney Curl error: 0. url: http://twitter.com/users/show.xml? user_id=10063932 Curl error: 7. couldn't connect to host url: http://search.twitter.com/search.json?q=neutrogena%20AND%20ultra%20sheer&rpp=100 Curl error: 7. couldn't connect to host url: http://twitter.com/followers/ids.xml?user_id=11601722&page=1 Curl error: 7. couldn't connect to host url: http://twitter.com/followers/ids.xml?user_id=17825053 Curl error: 7. couldn't connect to host url: http://twitter.com/friends/ids.xml?user_id=13436432&page=1 Curl error: 7. couldn't connect to host url: http://twitter.com/friends/ids.xml?user_id=21937700 Curl error: 7. couldn't connect to host url: http://twitter.com/users/show.xml?screen_name=L4S7 Curl error: 7. couldn't connect to host url: http://twitter.com/users/show.xml?user_id=10108342 Curl error: 18. transfer closed with 150 bytes remaining to read url: http://twitter.com/users/show.xml?user_id=53631710 Curl error: 26. Failed to open/read local data from file/application url: http://twitter.com/friendships/create.xml?screen_name= /* OK this one is obviously a bug in my App */ Curl error: 26. Failed to open/read local data from file/application url: http://twitter.com/friendships/create.xml?screen_name=1WineDude Curl error: 52. Empty reply from server url: http://search.twitter.com/search.json?page=12&max_id=2500368394&rpp=100&q=stock+market+since%3A2009-07-05 Curl error: 52. Empty reply from server url: http://twitter.com/followers/ids.xml?user_id=11601722&page=1 Curl error: 52. Empty reply from server url: http://twitter.com/followers/ids.xml?user_id=15476479 Curl error: 52. Empty reply from server url: http://twitter.com/friends/ids.xml?user_id=27641196 Curl error: 52. Empty reply from server url: http://twitter.com/friends/ids.xml?user_id=37113325&page=1 Curl error: 52. Empty reply from server url: http://twitter.com/users/show.xml?screen_name=Cardenas79 Curl error: 52. Empty reply from server url: http://twitter.com/users/show.xml?user_id=1233581 ~ ~
[twitter-dev] Re: Changing domains for image hosting
Hi all, I'm working with our ops folks now to get SSL fixed on twimg.com. No need for running proxies … we're working on it. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 10, 2009, at 12:42 AM, Abraham Williams wrote: A temporary fix is to run a proxy on your own SSL domain and pull the photos through there. Abraham On Fri, Jul 10, 2009 at 02:18, Toucan wrote: Same here and it's already breaking our app today. We either give users the browser mixed-ssl error (bad) or re-write to SSL which makes images spin forever which also seems to break some javascript loads on FF (also bad). Since Toucan runs inside salesforce, we are always on SSL for every page. Can twitter turn on SSL for twimg, even if to buy time while we figure it out? One day notice really isn't a lot of time to develop a fix and try to get everyone to re-install their appespecially since for those of us that must serve every page with SSL, there is no good fix. We really appreciate your help! Diane On Jul 9, 9:47 pm, gotwalt wrote: > Any chance you'll enable SSL access of these images? At @cotweet we > rely on s3's SSL when pages are being served via HTTPS (login, account > changes, permissions, etc) in order to prevent security zone issues in > IE. I'd imagine that other web-based clients may face similar issues. > > Aaron -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Has something with OAuth changed?
Hi all, The issue has been fixed and from my testing it looks like things are back to normal. Sorry for the disruption; – Matt Sanford / @mzsanford Twitter Dev On Jul 9, 2009, at 4:38 PM, dean.j.robinson wrote: Thanks for the super speedy response Matt. On Jul 10, 9:26 am, Matt Sanford wrote: Hi all, Some changes were just deployed and it looks like there may be a bug. I'm looking into it now … hold tight and I'll update you all when I know more. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 9, 2009, at 4:25 PM, dean.j.robinson wrote: Everyone just magically got logged out of my hahlo4 beta, which was working fine an hour ago, and now when they reauthorize its not sticking. OAuth login works fine, redirect back to hahlo4, but all api calls are returning 401 status codes. Saw mention in another topic regarding whether twitter.com orwww.twitter.com should be used when making api call, all my calls are currently using https://twitter.com Anyone else experiencing anything similar?
[twitter-dev] Re: Has something with OAuth changed?
Hi all, Some changes were just deployed and it looks like there may be a bug. I'm looking into it now … hold tight and I'll update you all when I know more. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 9, 2009, at 4:25 PM, dean.j.robinson wrote: Everyone just magically got logged out of my hahlo4 beta, which was working fine an hour ago, and now when they reauthorize its not sticking. OAuth login works fine, redirect back to hahlo4, but all api calls are returning 401 status codes. Saw mention in another topic regarding whether twitter.com or www.twitter.com should be used when making api call, all my calls are currently using https://twitter.com Anyone else experiencing anything similar?
[twitter-dev] Re: tweeting more than 140 words
In the vien of "There's an app for that" … There's a ticket for that: http://code.google.com/p/twitter-api/issues/detail?id=807 — Matt On Jul 8, 2009, at 6:57 AM, Nick Arnett wrote: On Wed, Jul 8, 2009 at 5:19 AM, twittwit wrote: example is http://twitter.com/hashgoogle/status/2531249931 Huh... that one is 150 characters, which means it won't fit in a 140- character database column. Strange. Nick
[twitter-dev] Re: Problem with search api. BUG?
Hi there, The issue here is that the status is over 140 characters so it is truncated. You can see the same on http://twitter.com/SanAngeloEcoDev, where the tweets ends in "..." and only the direct status page includes the truncated section. This is something Twitter used to support but as far as I know it's something that should no longer be allowed. Please open a ticket at http://code.google.com/p/twitter-api/issues/entry and we'll look into how the overly-long status got there in the first place. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - $ echo "RT @txcomptroller: On the Money: See how Texas local governments earn stimulus dollars and learn how to tap into federal grants. http://sn.im/majgz"; | wc -c 148 On Jul 7, 2009, at 9:23 AM, xabi wrote: Hi there: I'm trying to do a search like this: curl -i "http://search.twitter.com/search.atom?q=txcomptroller"; and I get this: -- 8< 8< - http://twitter.com/ SanAngeloEcoDev/statuses/2516021916"/> RT <a href="http://twitter.com/ txcomptroller">@txcomptroller</a>: On the Money: See how Texas local governments earn stimulus dollars and learn how to tap into federal grants. http:// ... -- 8< 8< - As you can see the status ends with "http:// ...", but if you go to the real status "http://twitter.com/SanAngeloEcoDev/statuses/ 2516021916" you can see the whole status, in this example: "RT @txcomptroller: On the Money: See how Texas local governments earn stimulus dollars and learn how to tap into federal grants. http://sn.im/majgz " All the status is there! with the full URL at the end. So, is search API limited? Is this a BUG? What's wrong? Thanks in advance: xabi
[twitter-dev] Re: Deletion page in Firefox 3.5
Hi Mike, I opened a ticket for out front end team. Thanks for the bug report. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 7, 2009, at 8:39 AM, Mike wrote: As can be seen in the screenshot, the numbers on the page where you can delete your Twitter-account aren't correctly aligned in Firefox 3.5. Screenshot: http://i32.tinypic.com/21bt3p.png
[twitter-dev] Re: twitter_id en #JSON-badges
Hello, I think you need your twitter user id for the widget to work. You can get it from: curl http://twitter.com/users/show/Bertram61.xml In your case it is 19824024 Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 6, 2009, at 1:49 PM, Bertram61 wrote: Hallo, ik ben nieuw op twitter en zal graag via mijn site, d.m.v. module, daarvan gebruik willen maken. Nu heb ik op mijn site - Bloemhof Online.nl - een module gezet, alleen wordt er in de configuratie om `n twitter_id gevraagd, hoe kom ik daaraan? Voor #JSON-badges wordt iets gevraagd voor het invulveld? Hoe doe ik dat??? Misschien is bovengenoemde `n vraag??? Bedankt alvast voor het antwoord. Groeten van Bertram61 http://twitter.com/bertram61
[twitter-dev] Re: "Failed to validate oauth signature and token" using python/django libs
Hi Blaine, Failing the validate the signature when getting a request token is pretty rare. As you said the fact this all works from other libraries seems to point to a library issue. The most helpful things to see in these cases are: • The actual HTTP request and response that fails. By seeing the URL requested I can try and recreate the signature and find the mismatch. • The "signature base string" used to create the oauth_signature parameter. This usually requires adding some print statements to the oauth library you're using but can be really helpful. If you can send the HTTP request and response (headers and bodies) that will be a good start. If you're not sure how to get them from your library I recommend using a debugging proxy like Charles [1]. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://www.charlesproxy.com/ On Jul 3, 2009, at 2:10 PM, Blaine Garrett wrote: Hi, I get the 401:Unauthorized Error every time I attempt to get a request token. When I attempt to go to the URL directly in the browser (not yet accessed to preserve nonce) I get a body of "Failed to validate oauth signature and token". I am using the Leah's oauth client listed at http://oauth.net/code as well as the python-twitter (0.7-devel) and oauth-python-twitter (v0.1) I was able to get these same libraries to work on a different project but not on the current one I am working on. I have refreshed my tokens numerous times and also tried the working ones from the other project. I also tried the tokens from this project on the other project that was working and that WORKED. As such, I am guessing it is an issue with my setup or some other lib I am working with. Both projects however have Python Versions 2.5.2 and should otherwise be the same setups. Domain the project is on is http://articulture.blainegarrett.com if the matters for some odd reason. Any thoughts? Here is the code I am using to call the libs if it helps: oauth_consumer = oauthtwitter.OAuthApi(consumer_token, consumer_secret) request_token = oauth_consumer.getRequestToken() # httplib exception bubbles from within here authorization_url = oauth_consumer.getAuthorizationURL(request_token) Thank you! ~Blaine -- Blaine Garrett gchat : bla...@jrcorps.com aim: zombiediv y!: zombiediv
[twitter-dev] Re: automatic hashtag links breaking hexadecimal characters in web interface
Hi there, I let the person working on that stuff know and he said he'll get a fix out very soon. Thanks for the error report; – Matt Sanford / @mzsanford Twitter Dev On Jul 6, 2009, at 1:29 AM, Mario Menti wrote: Hi there, it looks like the web interface is attempting to create hashtag links from hexadecimal characters, inserting an inbetween the ampersand and the hash character, which obviously breaks the display of these characters on the web. For an example, see this post: http://twitter.com/Anritsu/status/2441744413 Cheers, Mario.
[twitter-dev] Re: 403 on Direct Message
Hi there, I'll echo Jason's comment; by including the Authorization header you've exposed your password, please change it. You included the headers from your request below, but do you by chance have the body of the response available? Many times the error message in the body will give us a pointer to the exact cause. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 6, 2009, at 7:53 AM, JDG wrote: Unfortunately, I can't help you, but I do want to remind you to change your password now, as the entire twitter dev community has it at this point :) On Mon, Jul 6, 2009 at 08:02, Jason Korkin wrote: Hello, I am getting a 403 error when I attempt to send a response back to a user who sent a direct message. I am using Basic Authentication. Below is a verbose dump from my PHP curl script. Any ideas what I'm doing wrong here? Thanks, Jason Sending DM to spdyme * About to connect() to twitter.com port 80 * Trying 168.143.162.100... * connected * Connected to twitter.com (168.143.162.100) port 80 * Server auth using Basic with user 'stfbf' > POST /direct_messages/new.xml HTTP/1.1 Authorization: Basic c3RmYmY6c3R1ZmZidWZm User-Agent: StuffBuff-DMC-1.0 Host: twitter.com Pragma: no-cache Accept: */* Content-Length: 17 Content-Type: application/x-www-form-urlencoded user=spdyme&text=< HTTP/1.1 403 Forbidden < Date: Mon, 06 Jul 2009 13:44:17 GMT < Server: hi < Last-Modified: Mon, 06 Jul 2009 13:44:17 GMT < Status: 403 Forbidden < Pragma: no-cache < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 < Content-Type: application/xml; charset=utf-8 < Content-Length: 188 < Expires: Tue, 31 Mar 1981 05:00:00 GMT < X- Revision: 010382b250edb838a5150b55e06469f866883024 < X-Transaction: 1246887857-86063-25318 < Set-Cookie: lang=; path=/ < Set-Cookie: _twitter_sess =BAh7CToJdXNlcmkEsI8mAzoTcGFzc3dvcmRfdG9rZW4iLWE1ZTJiOTYzZTdi%2 50AZDg0YmJiYWU0ZWRlYjQ1Y2Q4Yzg1NGI1MTE5NTA6B2lkIiU2MzBkNDAxNWY3 %250AYjU3NTAx MTc5ZjU2MGRhN2RjN2ZiZCIKZmxhc2hJQzonQWN0aW9uQ29udHJv %250AbGxlcjo6Rmxhc2g6OkZ sYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D-- ad71aed68a8cb2f1cbb226dbe9a0d27052819 7f3; domain=.twitter.com; path=/ < Vary: Accept-Encoding < Connection: close * Closing connection #0 -- Internets. Serious business.
[twitter-dev] Re: [twitter-api-announce] API Changes for July 1, 2009
Yes, that is what I meat. The ones that used to say "from web". — Matt On Jul 2, 2009, at 2:21 PM, Rafa wrote: > "Feature (REST): API updates are now identified as being from API > rather than web." > -> I assume you mean API updates that did not specify a source... > R > > On Thu, Jul 2, 2009 at 2:17 PM, Matt Sanford wrote: > > Hello, > > Sorry for the delayed email but deploys ran a little late > yesterday. Without further ado, here are the changes launched on > 2009-07-01: > > * Fixed (OAuth): The oauth_access_type parameter was not respected > in all cases. > Issue: http://code.google.com/p/twitter-api/issues/detail?id=767 > > * Fixed (OAuth): Allow international domain names for OAuth URLs > via punnycode input. > Issue: http://code.google.com/p/twitter-api/issues/detail?id=772 > > * Feature (REST): API updates are now identified as being from API > rather than web. > > * Feature (REST): The rate limit has been changed form 100 to 150. > Documentation: http://apiwiki.twitter.com/Rate-limiting > Issue: http://code.google.com/p/twitter-api/issues/detail?id=474 > > Thanks; > – Matt Sanford / @mzsanford > Twitter Dev > > > > >
[twitter-dev] Re: How to calculate time remaining for rate limit
Yup. In all likelihood your programming language or environment already has a function for getting the current epoch time and you can just subtract the two to find out the number of seconds remaining. — Matt On Jul 2, 2009, at 2:10 PM, danksoft wrote: So I would just get the UTC time convert it to a date and find the difference in time between UTC time and time now? On Jul 2, 1:33 pm, Matt Sanford wrote: Hello there, The reset-time-in-seconds is a the UNIX time (a.k.a Epoch time, number of seconds since 1970-01-01 UTC) at which the rate limit will reset. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 2, 2009, at 1:05 PM, danksoft wrote: Hi, I'm creating a small app like TweetDeck and was wondering how to calculate the correct time when your rate limits reset... The XML I parsed is: 1246568101 So in order to convert seconds to minutes you do seconds 0.0167 * 1246568101 Therefore, 1246568101 seconds = 20776135.01666 minutes Which is not right if limits are reset every 60 mins.
[twitter-dev] Re: How to calculate time remaining for rate limit
Hello there, The reset-time-in-seconds is a the UNIX time (a.k.a Epoch time, number of seconds since 1970-01-01 UTC) at which the rate limit will reset. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 2, 2009, at 1:05 PM, danksoft wrote: Hi, I'm creating a small app like TweetDeck and was wondering how to calculate the correct time when your rate limits reset... The XML I parsed is: 1246568101 So in order to convert seconds to minutes you do seconds 0.0167 * 1246568101 Therefore, 1246568101 seconds = 20776135.01666 minutes Which is not right if limits are reset every 60 mins.
[twitter-dev] API Changes for July 1, 2009
Hello, Sorry for the delayed email but deploys ran a little late yesterday. Without further ado, here are the changes launched on 2009-07-01: * Fixed (OAuth): The oauth_access_type parameter was not respected in all cases. Issue: http://code.google.com/p/twitter-api/issues/detail?id=767 * Fixed (OAuth): Allow international domain names for OAuth URLs via punnycode input. Issue: http://code.google.com/p/twitter-api/issues/detail?id=772 * Feature (REST): API updates are now identified as being from API rather than web. * Feature (REST): The rate limit has been changed form 100 to 150. Documentation: http://apiwiki.twitter.com/Rate-limiting Issue: http://code.google.com/p/twitter-api/issues/detail?id=474 Thanks; – Matt Sanford / @mzsanford Twitter Dev
[twitter-dev] Re: Followers Count doesn't add up with the actual followers
Hi Chris, Welcome to the group! Take a look at the current list of issues [1] … there are a few there related to this problem. Mark one of those with a star (click on the star next to the issue number) and you'll get updates when we make changes. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://code.google.com/p/twitter-api/issues/list On Jul 2, 2009, at 4:20 AM, Chris Prakoso wrote: Hi all, I am new with Twitter API Dev, so apologise if my question seems silly. I have a user that has followers_count = 6000+ But when I try to collect the user data of those followers by paging through the statuses/followers API, at the end of the pages (where no more items are returned back), I get only about 5800-ish users. Where are the other 200 go ? Am I missing something here ? Thanks for your help, Chris
[twitter-dev] Re: callback if user deny
Hi there, You might find the ticket on this interesting reading: http://code.google.com/p/twitter-api/issues/detail?id=545 Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 2, 2009, at 12:31 AM, rag twitter wrote: This is really odd...! On Thu, Jul 2, 2009 at 12:18 PM, Abraham Williams <4bra...@gmail.com> wrote: If a user denys an OAuth application Twitter currently does not return the user to the application or callback. There is no way to change this. Abraham On Thu, Jul 2, 2009 at 01:30, rag twitter wrote: > > Hi All, > > Call back URL working fine if user allow to connect the > application, but callback url not working if user deny the > application. > How do I achieve this ? > > -rag > -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Search twitter for within certain timestamp
Hello, The maximum allowed value is 100. Check out the documentation at http://apiwiki.twitter.com/Twitter-Search-API-Method%3A-search Thanks; — Matt Sanford / @mzsanford On Jul 1, 2009, at 6:19 PM, Mehroz Raza wrote: Thanks for your replay guys i menage to it using Published feild in XML results. i have another problem if you guys can help me there. in my application i am trying to pull xml dataset using following link http://search.twitter.com/search.atom?lang=en&rpp=150&q=+google Problem is i cant get more than 100 results in the tables even though i have given 150 rpp. can you please explain why is that? On Tue, Jun 30, 2009 at 6:14 PM, Doug Williams wrote: Raza, Twitter search only gives since: and until: operators granularity at the day level. Any parsing on more specific (hour, day, second) timeframes is left to the client. Thanks, Doug On Tue, Jun 30, 2009 at 2:41 PM, Raza wrote: Hi, I am trying to search the twitter like http://search.twitter.com/search.atom?lang=en&q=+google+since%3A2009-06-30+until%3A2009-06-30+ what i want to do is to search giving date in the format -MM-DD HH:MI:SS... how can i do that? thanks Raza -- Best Regards, Muhammad Mahroze Raza, Software Engineer, The Resource Group (Private) Limited, Lahore, Pakistan. mailto:mahroze.r...@trgcustomersolutions.com Mob +92-322-4426410 P (Pak) +92-42-111-874-874 Ext 2617 P (US) +1-202-289-9898 Ext 2617
[twitter-dev] Re: searching for stocktwits (searching for "$$")
Hi Ryan, The search.twitter.com system does not support $$ or a wild-card for all stock symbols. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 1, 2009, at 1:49 PM, Ryan wrote: I'm using the API and am trying to search for stocktwits (those tweets which contain the string "$$" or "$" followed by a ticker symbol). I can easily search for "$aapl" for example, and it works fine. But if I search for "$$" the API never returns any results, so I must be searching for it incorrectly. (Searching for "%24%24" doesn't work any better.) What is the correct string to search to get the desired result? Also is there a generic search term? as in "$***" where the asterisk is any character? Thanks for the help.
[twitter-dev] Re: Security Best Practices
On Jul 1, 2009, at 10:17 AM, DWRoelands wrote: Mark, Thanks for weighing in. Much appreciated. Here are my thoughts. I see two separate issues here: User Authentication vs. Application Authentication. User Authentication: Ensuring that the Twitter user is who they say they are. Application Authentication: Ensuring that the Application is who it says it is (i.e. the tweet is really coming from "TweetDeck" and not some other application pretending to be TweetDeck). User Authentication: I understand that Basic Auth, as is, is not a secure solution. Transmitting unencrypted credentials in the clear is never a great idea. What about combining Basic Auth with a form of public/private key encryption? Using PGP as an example, Twitter could publish it's public PGP key. Applications using Basic Auth would have to encrypt the username and password with that key and submit the encrypted username and password as the Basic Auth credentials. Twitter decrypts them server side and processes authentication normally. Developers wouldn't have to include any sensitive information in their source code, and the credentials would always be transmitted in an encrypted fashion. PGP is a fairly robust standard, with lots of free resources available to the development community across many languages. Rather than breaking with the HTTP specification for Basic authentication we offer HTTP over SSL for encrypted access. That adds the benefits you enumerate above plus: * Requires very little coding from developers (most libraries support it) * Built on an open standard * Prevents re-using an Authentication header (even one encrypted) to essentially act like a user. * Bonus: Encrypts the contents so nobody else is reading your DMs on the wire Application Authentication: This is a thornier issue that I'm not sure how to solve without having to bundle some sort of sensitive information in the source code of an application. However, I think the issue becomes more manageable if User Authentication is separated from Application Authentication. This seems to be the crux of the issue from what I can tell. Isaiah from youhead enumerated some of the difficulties with that, especially for open source. I have no doubt that many of the folks on this list have good ideas on how to solve the second problem. Thoughts Regards, Duane On Jul 1, 12:46 pm, Matt Sanford wrote: Please, take your time and write a well thought out reply. One- line snarky comments, while fun to write and sometimes to read, steal time from everyone reading the list, including all of the Twitter API engineers. They also make the list look less inviting to new comers.
[twitter-dev] Re: Use Twitter for login & oauth/authenticate method
Hi there, A mobile version does not exist but it's on the roadmap. — Matt On Jul 1, 2009, at 10:21 AM, Isaiah Carew wrote: I'm still not sure I understand the option. Is there any reason why someone would choose NOT to check this box currently? Also, if you are in the process of redesigning the auth page, could I make a request: Could there be a super-lightweight version for mobile? No images, no scripts, inline css, fluid width, etc. Maybe it already exists and I'm doing something wrong. Feel free to point me in the right direction too. ;-) Isaiah On Jul 1, 2009, at 7:50 AM, Matt Sanford wrote: Hi Arnaud, That option during application creation is really more trouble that it is worth. Right now applications that have that option checked include an extra sentence to tell users the application will be using twitter for login, that's all. In the future we may restrict the /oauth/authenticate call to applications that have specifically chosen the option, so I recommend that any application using 'Sing in with Twitter' check the check box. We're also working on redesigning the authorization page and might do more with that value then. We will announce before hand if we make any changes, like requiring that value to use the authenticate method. It's not something we'll definitely do but it is something that may come up in the medium term you should be aware of. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 1, 2009, at 4:26 AM, Arnaud wrote: Hello, I’m using the oauth/authenticate method (one click login) and I was wondering if I had to check the "Use Twitter for login" option in my application options. The application is Browser based (using a callback URL) . I’m quite confused with this option as I don’t really understand what it is standing for? All the best, Arnaud.
[twitter-dev] Re: Security Best Practices
Hello again, I do not recommend having individual end users register for consumer keys/secrets [1] under any circumstances. So, with that out of the way, let us focus the discussion a bit more. What can we change about OAuth that would make this better? A complete technical [2][3] discussion on what we could add that would make this better is welcomed. More than welcome, it's pretty much required before we can help. The PIN flow was the first addition to address the inherent insecurity of the consumer key/secret all desktop applications [3]. This stopped applications from being able to collect tokens by using the consumer key/secret and a confidence scam (phishing like "GoodApp needs you to re-approve us"). It sounds like there is a fervent need for something more … what do people suggest? We're working hard on the problem but many of you are working from the consumer standpoint and probably have great feedback. Please, take your time and write a well thought out reply. One- line snarky comments, while fun to write and sometimes to read, steal time from everyone reading the list, including all of the Twitter API engineers. They also make the list look less inviting to new comers. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - People installing an instance of your server-side app are not 'end users', but other developers [2] - Not open-source hand waving. [3] - Closed source desktop apps have the same problem. Reverse engineering is not stopped when you don't include the source. On Jul 1, 2009, at 9:33 AM, DWRoelands wrote: Actually, since Twitter has said that Basic Auth will eventually go away, OAuth is going to be the only choice for authentication. Twitter has forced the choice by implementing OAuth in the way that they did. Why should a user who chooses to support open source by using an open- source Twitter client be punished by having to go through extra hoops that users of closed-source clients don't have to endure? Forcing users of open source Twitter clients to register their individual installations as Twitter applications is not a viable solution. Matt Sanford has even said so. No one is asking for "easy". I just want open source Twitter desktop clients to be able to compete with closed-source versions when it comes to security. Right now, that's not possible because of Twitter's implementation of OAuth. Regards, Duane On Jul 1, 11:23 am, Andrew Badera wrote: But that's the choice you're forced to make by OAuth, not Twitter. And it is YOUR choice. Personally, I would probably use the conventional mechanisms of open source: mailing lists, special interest and user groups. Pound the pavement and promote yourself. Who said it was going to be "easy"?
[twitter-dev] Re: Security Best Practices
Wow, so that's what our development list (and Stallman's name) have come to. Please don't make me close this thread. Let's keep is friendly and focused. — Matt On Jul 1, 2009, at 8:01 AM, Cameron Kaiser wrote: Not what I said in the least, but it's interesting that you should interpret it that way. Re-read what I said. If someone is open sourcing something, in the true spirit of open source, they shouldn't care about getting credit in the source parameter. Tell that to Richard Stallman. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Another visitor. Stay awhile. Stay forever! -- Professor Elvin Atombender --
[twitter-dev] Re: Security Best Practices
On Jul 1, 2009, at 5:10 AM, Philip Plante wrote: I do not feel you've made a mountain out of a mole hill here. This topic has been on my mind since I first encountered oAuth. I haven't seen any open source apps use oAuth yet. We have an open source application called Application X. The potential risk is that Application X becomes widely adopted, thus having a higher risk of being impersonated. For instance, malware could then use the tokens from Application X to obtain authorization from Twitter. This would require the user to authorize the impersonator via Twitter since it is likely a new session token would be generated. Potentially the user would likely trust this impersonator and not think twice about authorizing it because they will see "Application X" on Twitter.com. Once they click allow the impersonator has control of their account. Even if the malware doesn't spread quickly it would possibly be harder to track since it would appear to be communications from Application X. One thing the above description leaves out is that not only would the user have to approve the application, but that since it is a desktop application they would have to type the PIN number back into the MalewareApp. Perhaps the PIN-flow for desktop applications was not taken into account, or maybe the wording on the PIN pages should be stronger, but that's pretty much why we added the PIN flow. In my mind server-side applications should not publish a consumer key/secret. There is an assumption here that anyone savvy enough to install your wildly successful open source server-side application can register a key/secret … and that they probably want callbacks going to the correct site. This is not unlike the current Twitter/OAuth libraries, which all require you to get your own key. I am not one to cry fowl over an issue like this, just merely throwing this out here as an idea. Anyone else have any ideas how to secure open source oAuth apps? On Jul 1, 6:24 am, DWRoelands wrote: It seems as though revealing the Consumer Key and Consumer Key Secret of my application would be a pretty serious security risk. Anyone could write an application that impersonates mine, but they still would need an authorized user's Token and Token Secret in order to commit mischief. What sort of nastiness could one do in the Twitter environment with someone else's Consumer Key and Consumer Key Secret? Am I making a mountain out of a molehill here? If this is not a big deal, I'd like to hear so so I can continue working on my project as an open source endeavor. If this is a serious security issue, then I have to close the source for my project (and obfuscate the source). --Duane On Jun 30, 9:29 pm, Alex Payne wrote: That's a solution that better fits open source Twitter web services. For an open source desktop client like Spaz it certainly doesn't work. On Tue, Jun 30, 2009 at 16:37, DWRoelands wrote: Wait, the solution is that every -user- of an open-source Twitter client would have to register for their own set of -consumer- keys? That's not what you meant, is it? On Jun 30, 4:39 pm, Alex Payne wrote: The simplest solution is that every deployment of the tool will have to register for their own OAuth credentials. This isn't ideal. I'd inquire over athttp://groups.google.com/group/oauth On Tue, Jun 30, 2009 at 06:04, DWRoelands wrote: This is really an excellent question. If we're developing an open-source Twitter client, how are we supposed to handle the consumer_key and consumer_key_secret? On Jun 29, 7:58 pm, Support wrote: 2. Obfuscation of the application's registered "key" and "secret." Are there any best practices? What about an open source project? -- Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x -- Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x
[twitter-dev] Re: Use Twitter for login & oauth/authenticate method
Hi Arnaud, That option during application creation is really more trouble that it is worth. Right now applications that have that option checked include an extra sentence to tell users the application will be using twitter for login, that's all. In the future we may restrict the / oauth/authenticate call to applications that have specifically chosen the option, so I recommend that any application using 'Sing in with Twitter' check the check box. We're also working on redesigning the authorization page and might do more with that value then. We will announce before hand if we make any changes, like requiring that value to use the authenticate method. It's not something we'll definitely do but it is something that may come up in the medium term you should be aware of. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jul 1, 2009, at 4:26 AM, Arnaud wrote: Hello, I’m using the oauth/authenticate method (one click login) and I was wondering if I had to check the "Use Twitter for login" option in my application options. The application is Browser based (using a callback URL) . I’m quite confused with this option as I don’t really understand what it is standing for? All the best, Arnaud.
[twitter-dev] Re: how to get search result total?
Hi there, The "refresh=true" is something used by out web UI and it is not supported in the API. It's really just a short cut for a few calculations to make the Javascript on the page a bit shorter. It can only deal with results within the past few minutes so it's not very useful for most people and should go away in the future. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 30, 2009, at 7:40 AM, Abraham Williams wrote: I don't recall knowing of this "refresh" parameter. Where did you hear about it? Abraham On Mon, Jun 29, 2009 at 23:47, yoga wrote: thanks for the answer, Abe. I think there's a way, I just realize it. but somehow, I don't know why, only a few tweets that will reply the total result. the required parameter to get total result is since_id and refresh (=true). and, why "refresh" parameter not listed on twitter API documentation anyway? On Jun 30, 10:56 am, Abraham Williams <4bra...@gmail.com> wrote: There is no way to get a total count for search results. You can paginate and see the number of results that are in the search database but that will be limited to less then 2 weeks. Abraham On Mon, Jun 29, 2009 at 22:36, yoga wrote: hey there, twitter may have a powerful search API to get what we want, but is there any API to only get total of a search result? meanwhile, with API, I just can get max. 100 result per page. any explanation will be so thankful. regards, -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] API Changes for June 29, 2009
Two fixes and a small feature were launched today: • Fixed (Search): Searches for accented and non-accented words are now combined. Issue: http://code.google.com/p/twitter-api/issues/detail?id=503 • Fixed (REST): The new friendships/show method no longer returns 502 on large users. Issue: http://code.google.com/p/twitter-api/issues/detail?id=757 • Feature (Search): Added Farsi/Persian to the list of available languages. As always we've updated the change log at http://apiwiki.twitter.com/REST-API-Changelog Thanks; – Matt Sanford / @mzsanford Twitter Dev
[twitter-dev] Re: OAuth with a Console Mode Client
Hi Miles, If you register your application as a Desktop app with Twitter it will use the new PIN-based flow. The idea would be that a user will have to go to twitter.com the first time and approve your emacs plugin. When they approve it they will be presented with a PIN they then type back into your plugin. When the PIN is re-entered you can request an access token that you save and the user can use that from then on. For an example of a command line app that uses the flow check out the "oauth" command installed by the OAuth gem [1]. It pretty much outputs a URL and says "go here" followed by a prompt for the PIN. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://github.com/mojodna/oauth/tree/mergeable On Jun 29, 2009, at 1:06 PM, Miles wrote: Hello, I'm writing up a small Twitter client that runs inside of Emacs. I know there's already Twit.el, but I've been wanting to learn how to customize Emacs and it's been a fun project. I am mostly done and in the course of trying to set the "source" attribute on posts originating from my client, I realized that the Twitter API wants me to use OAuth. Right now I'm communicating with Twitter over HTTPS, there's no security issue there. Still, I'm looking through the OAuth documentation and it seems to be very slanted towards a GUI environment. Is there any sample code out there that demonstrates using OAuth that doesn't involve these web-page redirects? I'm using Curl to communicate with Twitter right now (as recommended by the API documentation). Any code that demonstrates using OAuth with Curl would be awesome. I started poking around but I'm starting to get the impression that this just isn't something that will work. Thank you, -- Miles
[twitter-dev] Re: OAuth IDN/Punycode domain names
Hello, That's something I should be able to fix. Please file an issue at http://code.google.com/p/twitter-api/issues/entry so I don't forget. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 27, 2009, at 5:58 PM, Harrison wrote: Hi there, I'm wondering if there are plans to recognise IDN domain names as valid in the OAuth application setup pages? My domain itself (http:// ✪➝.ws/) isn't recognised as valid URL format which is understandable, however the punycode version of the same domain name (http:// xn--2ci9n.ws/) also isn't recognised. This is suboptimal and requires me to do some ugly domain hacks to get basic callback functionality in place. Thanks.
[twitter-dev] Re: hello, my is Buboo SYSOP.
Hello there, It sounds like your IP address has been blacklisted by the Twitter operations department. Please email a...@twitter.com with the following information and we'll take a look: 1. The IP address you;re requesting from (included: 61.61.132.34) 2. A sample request showing the error (included: see below) 3. What are you doing with the Twitter API? (a link is very helpful) 4. When did this problem begin? 5. Was there anything prior to this problem that might have appeared abusive from the Twitter.com perspective? (like a bug making 1000s of requests) Thanks; — Matt Sanford On Jun 26, 2009, at 6:17 PM, kang wrote: hello, I come from taiwan http://buboo.tw SYSOP. my buboo server (61.61.132.34) can't send data to twitter api server.. === [r...@www ~]# telnet twitter.com 80 Trying 128.121.146.100... telnet: connect to address 128.121.146.100: Connection timed out telnet: Unable to connect to remote host: Connection timed out [r...@www ~]# telnet 168.143.162.68 80 Trying 168.143.162.68... telnet: connect to address 168.143.162.68: Connection timed out telnet: Unable to connect to remote host: Connection timed out === But from the other server (61.61.132.35) can send data to twitter api server. === [r...@www buboo]# telnet twitter.com 80 Trying 168.143.162.68... Connected to twitter.com (168.143.162.68). Escape character is '^]'. === What is the problem?
[twitter-dev] Re: PIN Authentication Examples?
Hi Duane, When you get the 401 what does the body say? Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 29, 2009, at 4:29 AM, DWRoelands wrote: I'm having a devil of a time getting my application to connect to Twitter via OAuth and the six-digit pin method. I've been working with the excellent OAuth library from ShannonWhitley: http://www.voiceoftech.com/swhitley/?p=681 I'm able to get an authorization link, open a browser, and get the six- digit PIN. However, I can't seem to submit that PIN back to Twitter without getting a 401 Unauthorized error. I added this method to Shannon's TWitter OAuth code: public bool ValidatePin(string PIN) { string response = WebRequest(Method.GET, string.Format ("{0}?oauth_verifier={1}", ACCESS_TOKEN, PIN), string.Empty); if (response.Length > 0) { //Store the Token and Token Secret var qs = HttpUtility.ParseQueryString(response); if (!string.IsNullOrEmpty(qs["oauth_token"])) this.Token = qs["oauth_token"]; if (!string.IsNullOrEmpty(qs["oauth_token_secret"])) this.TokenSecret = qs["oauth_token_secret"]; return true; } else { return false; } } Inevitably, I get 401 Unauthorized when submitting the "oauth_verifier" web request. I have a consumer key and a consumer key secret which work (as is evidenced by the fact that I can get an authorization link). Has anyone else encountered similar issues, or does anyone else have any guidance on this particular issue? Thanks in advance. --Duane
[twitter-dev] Re: two types of user_timeline request, one gives 401
Hello, The problem is that the second URL has two ?'s. That second one should be a & Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 26, 2009, at 1:44 PM, X10 wrote: I used to request a user timeline with /statuses/user_timeline/xtien.xml?count=24 where xtien is a user screen name. because this doesn't work when the screen name is numeric - Twitter sees the user name as the id, not the screen name - I changed it to /statuses/user_timeline.xml?screen_name=xtien?count=24 However, this gives a 401 response. The request is authenticated. Why is there a difference between both methods? Or what's wrong in the second request?
[twitter-dev] API Changes for June 25, 2009
Two features and five fixes were deployed today, 2009-06-25: * Feature (REST): Added screen_name and user_id attributes to direct_messages/new for disambiguation - Issue: http://code.google.com/p/twitter-api/issues/detail?id=550 - Documentation: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-direct_messages%C2%A0new * Feature (REST): Added new friendships/show method (issue 474, documentation) - Issue: http://code.google.com/p/twitter-api/issues/detail?id=474 - Documentation: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships-show * Fixed (REST): Partially fixed issue with tiling background images via the API - Issue: http://code.google.com/p/twitter-api/issues/detail?id=650 - Note: This was part one. There is a second part to complete the fix that is expected this week. The issue will be updated. * Fixed (OAuth): Added a more helpful error message when you try to use a request token in place of an access token. - Error Text: "Request token must be exchanged for an access token before use" * Fixed (OAuth): Improved error handling when invalid data is submitted in place of a token. - The generic HTTP 500 should now be replaced with a message that the token was not found * Fixed (REST): The JSON returned in maintenance mode now correctly contains null rather than NULL - Issue: http://code.google.com/p/twitter-api/issues/detail?id=703 * Fixed (Mail): Improved outbound email reliability (for apps parsing DM/friend emails) - Improved some retry logic related to transient errors such as timeouts. As always we've updated the change log at http://apiwiki.twitter.com/REST-API-Changelog Thanks; – Matt Sanford / @mzsanford Twitter Dev
[twitter-dev] Re: How-To: Get a Twitter Token via VB.NET
Hi, You might want to try Shannon Whitley (blog post on VB.NET/OAuth/ Twitter at http://www.voiceoftech.com/swhitley/?p=681) … he seems to work with Twitter, OAuth and VB.NET. He might be reading the dev list here, not really sure. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 25, 2009, at 1:51 PM, Obrzut wrote: Hi, I have been working on an program that will eventually access the Twitter site. But, I have found the very first stage of OAuth very cumbersome. Basically, I have the following code; Dim url As String = "http://twitter.com/oauth/request_token"; Dim xml As String = "" Dim OAuth As New OAuth_Twitter Dim O As New OAuth.OAuthBase Dim consumerKey As String = "CgZiTeNqGk2c0eZSdb9qg" Dim consumerSecret As String = "Sf7DGMTiK4cyU8qOuqOWX4yCNCwAdcRAlAj02cOA" Dim token As String = "" Dim tokenSecret As String = "" Dim Method As String = "GET" Dim outURL As String = "http://twitter.com/statuses/show/ 123.xml" Dim querystring = "" Dim URI As New Uri(url) Dim nonce As String = O.GenerateNonce() Dim timeStamp As String = O.GenerateTimeStamp() REM//Generate Signature Dim sig As String = O.GenerateSignature(URI, _ consumerKey, _ consumerSecret, _ token, _ tokenSecret, _ Method, _ timeStamp, _ nonce, _ "", _ querystring) querystring &= "&oauth_signature=" & HttpUtility.UrlEncode (sig) Dim test As String = url & "?" & querystring Dim UR As System.Net.WebRequest = System.Net.WebRequest.Create (test) Dim str As System.IO.Stream = UR.GetResponse ().GetResponseStream() - The program fails at the end - where str is dimmed as a IO.Stream and a GetResponseStream() is attempted. I get a 401: Unauthorised message - and the program terminates. I think I am doing some thing wrong here, but I do not know what? Do I have to use GenerateSignature() from the OAuth class twice? How about using GenerateBaseSignature()? I am really confuzzled. Ha! Does anyone here know anything about VB.NET and OAuth implementations in this language?
[twitter-dev] Re: Desperate for Help! Twitter API Blues...
Hi again, A nonce is expected to be unique for each request, that is really it's only function. You should not need the login/password anywhere, and if the library you're using requires that it's doing something incorrectly. I'm not much of a VB programmer, but I just read through your source and from the Form1 class it looks like you're writing a desktop application, is that correct? The other thing I noticed in Form1 is that you try to call OAuth.AccessTokenGet without ever getting a request token. I think one step you're missing here is OAuth.AuthorizationLinkGet, which gets a request token and returns the URL the user's browser should be sent to. Your code from Form1 does not appear to get the URL or send the user there, unless the source on this site is incomplete or I'm mis- reading it. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 25, 2009, at 12:04 PM, Obrzut wrote: Well, Hi again Matt. Basically, it is hard to describe exactly what my app is doing because it is using third party code. Firstly, this is the URL I am trying to access; url = "http://twitter.com/statuses/show/123.xml"; Then, here are the URL's for authentication that my API uses; Public Const REQUEST_TOKEN As String = "http://twitter.com/oauth/ request_token" Public Const AUTHORISE As String = "http://twitter.com/oauth/ authorize" Public Const ACCESS_TOKEN As String = "http://twitter.com/oauth/ access_token" I am using the C# Base Class with a VB.NET adapted C# Class to interface with the C# Base Class for OAuth. That is basically everything! It generates a URL too. BUT - I just tried something: I added http://:@twitter.com/etc... To the URL that asks for the Login Prompt and also changed the Nonce. I get a blank page then! Haha. You see - when I clicked CANCEL on the Login prompt - I would get the following output; /oauth/access_token? oauth_version = 1.0 & ;oauth_nonce = 9995405 &oauth_timestamp=1245956104&oauth_signature_method=HMAC- SHA1 & ;oauth_consumer_key =CgZiTeNqGk2c0eZSdb9qg&oauth_signature=DaoiZKL5EMak1RyvTsGzYhlKe7Y %3d Invalid / used nonce You see - the Nonces have been used for some reason? I changed the nonce from the original 6545405 to 9995405 and when I updated with a new nonce I got the blank page. When I tried to access the source code for you - I got the Login prompt again with the expired nonce. SO It seems the problem lies somewhere with updateing the nonces for each request? AND/OR Supplying Login Credentials? Perhaps this is what the 401 : Unauthorised error message from Visual Studio means during a Web Request? I will keep tinkering with the code by firstly adding my Twitter Username and Password to the URL as above - but also try updateing the nonce? Any ideas on how to do this? I have posted my code in the initial post. On Jun 25, 7:41 pm, Matt Sanford wrote: Hello again, The access token URL [1] should be accessed by your application to exchange a request token for an access token, not from a browser. You're seeing a login dialog because that is what browsers do with HTTP 401 (Unauthorized). Your description has been a bit confusing, is this the problem (excluding this browser thing): 1. Application gets a request token 2. Redirect the user to twitter.com/oauth/authorize … user clicks through to accept 3. User returns to your site 4. Your site called twitter.com/oauth/access_token 5. BOOM: twitter.com/oauth/access_token returns 401 Is that the flow? If so, the body of the 401 would be most helpful. If that is not the flow, please try and describe what you are doing so I can try and reproduce the error and look for bugs on our side. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] -http://twitter.com/oauth/access_token On Jun 25, 2009, at 11:33 AM, Obrzut wrote: I have read that document. Like I said in my initial post - I have read the tutorials and FAQs. Furthermore - I have converted a C# Class that utilises OAuth C# Base Class to VB.NET without a hitch. It works just fine - the only problem is that it is reaching a Login prompt that is asking for credentials that I do not have. A. Williams - did you even read my last post? I find it highly ignorant of you to refer me to the guide when I have successfully authenticated the OAuth procedure. That said, will anyone who cares to read my posts reply with some thing that is relevant and makes sense? I have given all the URL's needed - the parameters I am passing to Twitters oauth page - and I am getting a LOGIN PROMPT. Read my previous posts for more information. Kind regards, Obrzut On Jun 25, 7:23 pm, Abraham Williams <4bra...@gmail.com> wrote: I would recommend readinghttp://oauth.net/documentation/getting-startedso you have a thorough understanding of how Oa
[twitter-dev] Re: OAuth: Failed to validate oauth signature and token -please help
Hello there, Here are a few things you can try: * You shouldn't need the oauth_token parameter when requesting a request token, so you can remove that. * Make sure the oauth_nonce is a unique value (though we have a specific error message for that). * Also, always helpful, is letting us know what language, library and version you are using (if any). Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 25, 2009, at 8:50 AM, goodtest wrote: Hi, I am trying to follow the instructions of how to authenticate using oauth, but for some reason, when i try to get request_token, I get failed to validate signature and token. I am not sure what I am missing, can someone please take a second look at the following and let me know is missing? URL thats constructed: GET&http://twitter.com/oauth/ request_token &oauth_consumer_key = Xz2BKOKObTzpLrMXxJo2ww &oauth_nonce=blabla123&oauth_signature_method=HMAC- SHA1&oauth_token=&oauth_timestamp=1245887955090&oauth_version=1.0 URL after encoding and adding oauth_signature http%3A%2F%2Ftwitter.com%2Foauth%2Frequest_token%3Foauth_consumer_key %3DXz2BKOKObTzpLrMXxJo2ww%26oauth_nonce %3Dblabla123%26oauth_signature_method%3DHMAC-SHA1%26oauth_token%3D %26oauth_timestamp%3D1245887955090%26oauth_version %3D1.0%26oauth_signature%3D6odQgPJ5o%2FAuOIw0gt8CknlHIcc%3D Failed to validate oauth signature and token
[twitter-dev] Re: Desperate for Help! Twitter API Blues...
Hello again, The access token URL [1] should be accessed by your application to exchange a request token for an access token, not from a browser. You're seeing a login dialog because that is what browsers do with HTTP 401 (Unauthorized). Your description has been a bit confusing, is this the problem (excluding this browser thing): 1. Application gets a request token 2. Redirect the user to twitter.com/oauth/authorize … user clicks through to accept 3. User returns to your site 4. Your site called twitter.com/oauth/access_token 5. BOOM: twitter.com/oauth/access_token returns 401 Is that the flow? If so, the body of the 401 would be most helpful. If that is not the flow, please try and describe what you are doing so I can try and reproduce the error and look for bugs on our side. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://twitter.com/oauth/access_token On Jun 25, 2009, at 11:33 AM, Obrzut wrote: I have read that document. Like I said in my initial post - I have read the tutorials and FAQs. Furthermore - I have converted a C# Class that utilises OAuth C# Base Class to VB.NET without a hitch. It works just fine - the only problem is that it is reaching a Login prompt that is asking for credentials that I do not have. A. Williams - did you even read my last post? I find it highly ignorant of you to refer me to the guide when I have successfully authenticated the OAuth procedure. That said, will anyone who cares to read my posts reply with some thing that is relevant and makes sense? I have given all the URL's needed - the parameters I am passing to Twitters oauth page - and I am getting a LOGIN PROMPT. Read my previous posts for more information. Kind regards, Obrzut On Jun 25, 7:23 pm, Abraham Williams <4bra...@gmail.com> wrote: I would recommend readinghttp://oauth.net/documentation/getting-startedso you have a thorough understanding of how Oauth. On Thu, Jun 25, 2009 at 12:17, Obrzut wrote: WOW! Thanks! I'll try that! Just a side note - I extracted the URL and ran it thru a web browser - then it started popping open a Username / Password box? It stated; The server twitter.com at Twitter API requires a username and password. What is all this about? I ask, because, my twitter username and password do not work? When I ran the URL via the web browser object in VB.NET the document completed without any body of text. It just exited without a login prompt. Nothing. So, it seems the URL I am creating seems sound - as it created a Login prompt in google Chrome. But, I dunno what credentials I require for the login prompt? http://twitter.com/oauth/access_token?oauth_version=1.0&oauth_nonce=2 ... This is the URL I used to access the login prompt. Any pointers? On Jun 25, 6:04 pm, Bojan Rajkovic wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Obrzut wrote: "oauth_version =1.0&oauth_nonce=5048009&oauth_timestamp=1245948327&oauth_sig nature_method=HMAC- SHA1 &oauth_consumer_key =CgZiTeNqGk2c0eZSdb9qg&oauth_signature=vxFWk3JvGKdKI RYR31%2b2JC %2bh30o%3d" This is an example URL I am sending. Is there anything suspect you can see just by looking at it? It really would help me out no end. Kind regards, Obrzut You need to apply a lexicographical byte ordering to the OAuth parameters--that is, sort them alphabetically. I ran into this in the beginning, and scratched my head for a while until I read the OAuth standard. Cheers, - -- Bojan Rajkovic Biochemistry '10, Brandeis University PGP Signature Key ID: 0x8783D016 PGP Encryption Key ID: 0x2497B8B2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org iQIcBAEBAgAGBQJKQ647AAoJEO4IwQyHg9AWnVkP/2H5dQWnGSYXGGQV0YW6oswQ gBELIhWjHiq9lkQQbOrCUqV6hR4wycSa5hNfaW+YxQsVEuORTw1FAhiayJPRcVAH I8cgewOSgXG5CSbXfutPmfQFHZNdN3zgJMaS0sAwoyEik+nb/JePlUEkn7f9CPzb buqLAjadh0bLNdB/U2ld5FBgnAc1zQEJrGCePqfzYls3RTQm+dc6wtpzRnlKVDER hfsVh0E9OUZOIjEmaHsc7KUjoiATSB/j0LXrF+3x3BR/ISYkoLW0cJPQEscJVrG+ JbtJ3Q4H1uJpDn5iF4ENhzjZa1/v45w/zliXk8MeDixLC4jtTUE54oKZsYFjhL/v d1BMgmgTVCJq7Qj2jJNKjD/A2nriAErh/i/42850MsF9JCnff6d2kruXccdHM8Lv ExttUH9k6c0U4SBVYjjv+Np4OOwWDJvwNx3mXW5mgfLsCtMKdSDD+mm4/M9MHDxR sHo54jlWDXGYHrbAJLtCBp02UN3FTlieQ61QYniaUJcZOuzMoKkmVn4/uHMJT7SQ u+DxUMYaFEpot72IOzgFmAmeToGw1GWyeBzeZnkPq5li5Y+EyUCVKH8dxSj4omM+ qUHwvhI93cS6+mmh3L1KGsfg6uXl88xi1oP3d+k1N65nX4troGWE00VPROTbAPzk +UNJsrk9WkRuaif1le0b =M/IL -END PGP SIGNATURE- -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Desperate for Help! Twitter API Blues...
Hi, When you get an HTTP 401 there should be a body, Something like: "Failed to validate oauth signature or token", or the more informative "Invalid / expired token", or a host of other things. The "401 Unauthorized" is the HTTP status line itself and is the error we use for all OAuth failures. If you're using a library to access Twitter via OAuth perhaps it is not displaying the body message be default. If that's the case I recommend adding some print statements, using a debugging proxy (such as Charles), or watching via tcpdump (or equivalent) so you can see the body. Also helpful for debugging just about any error with the API is the full request and response headers. Look at this from my perspective … right now I have even less to go on than you. I don't know your code, what request you made, and I cannot debug interactively. Thanks; — Matt Sanford ProTip: When reporting bugs try to remember that no matter how frustrated you are you're asking someone who is not sitting with you and is not in the same frame of mind. This is like shouting at the police when you called them. Therapeutic? yes. Helpful? probably not. Good matrial for the show Cops? definitely. On Jun 25, 2009, at 9:45 AM, Obrzut wrote: The remote server returned an error: (401) Unauthorized. This is the exact error. I was not being hostile - just going out my wits end! *smiles* I've de-stressed by laying in bed for the past hour trying to forget about the Twitter API and OAuth. Ha! That said - shall I include the URL I am using with Parameters? Perhaps that will help, no? I'll get right on that.
[twitter-dev] Re: Desperate for Help! Twitter API Blues...
Hi there, Sorry for the trouble, but could you include the message you're getting in the body of that 401? Without the error message it's hard to tell what the problem is or where the source of all of this "suck" is. Thanks for the hostile tone though … it really got my morning going. Thanks; — Matt Sanford / @mzsanford On Jun 25, 2009, at 8:09 AM, catcalls wrote: Hi, http://www.aponetworks.com/dumpurge/index.html This is a link to the source code so far. It has my Keys / Tokens I received from Twitter in it. I customised a C# Class into a VB.NET class of my own. I also imported the standard C# OAuth DLL into the program to use. I still get an 401 Unauthorised when using this source code and I am really unsure why!? I cannot even view pages that do not require authorisation! Haha. This sucks - OAuth sucks - How am I supposed to view a simple xml page on twitter? I have followed all the tutorials to the letter and even copied loads of custom Twitter API code into my program and it STILL DOES NOT WORK! I am going out my box on this one guys. Srsly, some one take a look at the files and offer some help!
[twitter-dev] Re: issue with simple xml load file + twitter search API
Hi there, If you're accessing search.twitter.com from AWS please set the User-Agent header to something meaningful, like the name of your website or service. Without a User-Agent you will see 400s when accessing from AWS. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 24, 2009, at 11:42 PM, jey jey wrote: Hello I am tring to do a Api call using simple xml and twitter search API. Whwn I am trying to do so i am gettng the following errors Message: simplexml_load_file(http://search.twitter.com/search.atom?q= %40southwestair) [function.simplexml-load-file]: failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request Message: simplexml_load_file() [function.simplexml-load-file]: I/O warning : failed to load external entity "http://search.twitter.com/ search.atom?q=%40southwestair" here is the code that I am using for $brand = "southwestair"; $searchUrl = "http://search.twitter.com/search.atom?q=%40".$brand; $results = simplexml_load_file($searchUrl); $entry = $results->entry; //$result = $this->twitter->search($brand); $count = 0; print_r($entry); I am using Amazone aws server, PHP 5.2 version, in my server, allow_url_fopen is ON But its working in my local machine giving the results. Could please look in to this issu, let me know whats wrong with me thanks j0ban http://phpqa.blogspot.com
[twitter-dev] Re: Friendships.create returns successful but does not work
Hi there, This is a known issue and we're working on it. Check out the issues list at http://code.google.com/p/twitter-api/issues/list … or more specifically issue 749 [1] which will point you over to status.twitter.com. We'll update status.twitter.com as more information becomes available. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://code.google.com/p/twitter-api/issues/detail?id=749 On Jun 24, 2009, at 4:06 PM, NW wrote: I'm trying to setup a script to follow a specified user. When I run it it returns the user's information as described in the documentation as a successful result. However, when I go to look at the user account, it's not following anyone. This is the code I'm using in php: $ch = curl_init( 'http://twitter.com/friendships/create/ usernameToFollow.xml'); curl_setopt_array($ch, array( CURLOPT_HEADER => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_CONNECTTIMEOUT => 10, CURLOPT_TIMEOUT => 10, CURLOPT_FORBID_REUSE => true, CURLOPT_FRESH_CONNECT => true, CURLOPT_FOLLOWLOCATION => 1, CURLOPT_SSL_VERIFYHOST => 0, CURLOPT_POSTFIELDS => 'follow=true', CURLOPT_USERPWD => ':' ) ); $resp = curl_exec($ch); curl_close ($ch); Any idea what's happening here?
[twitter-dev] Re: Releasing a dormat screenname
Hi Mark, Email usern...@twitter.com (literally 'username', not the name you want). It usually takes some time since, as you can imagine, it's a lower priority than spam and other issues. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 24, 2009, at 1:54 PM, kprobe wrote: Doug has been just talking about spammers related to acct suspensions and just gave the rules for releasing a screen name. Who do we contact @twitter to get a dormant screen name released? Mark
[twitter-dev] Re: Oauth Error: 500 & Does Not Authorize
Hi Jeremy, Sorry for the delayed reply. The most helpful thing to send are the request headers, response headers and response body. With that I can generally troubleshoot most problems and none of it should be proprietary since it is just a log of what you're sending to Twitter. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 22, 2009, at 12:57 PM, King Kovifor wrote: Matt, Sorry for the double post. :) But, basically, I am using Abraham's OAuth class. What I am doing is getting a request URL and token, saving the token to a database (using a vBulletin specific method -- that part at least works). By token I save both oauth_token and oauth_token_secret. Basically the flow uses the same file, but checks for a returned token. Upon that, I send an OAuth HTTP request to https://www.twitter.com/statuses/update with a status parameter. The debug code prints out the last HTTP request code, and all the keys and tokens that I use. 500 showed up... Would you like to see the actual file? As I will send it, but at least a few lines will be invisible or confusing as it's vBulletin specific and illegal for me to send it. Jeremy On Jun 22, 11:56 am, Matt Sanford wrote: Hello, It's a bit difficult to provide much help based on the description below. Is it possible for you to provide the HTTP request and response headers (both are important) for the request returning HTTP 500? Given that information I can try and track down the request and find the cause of the problem. Also, in the future please do not double post to the the list. It slows down response times while we all process all of our incoming messages. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 21, 2009, at 8:32 PM, King Kovifor wrote: OK, so I have been having troubles with my aplication. I'm new to OAuth, so it's probably wrong somewhere on my end. I got it so that it recognizes that the token is coming from my application, so it takes me and says "Deny" or "Allow". So far, so good. Ok. Clicking on Authorize, I get the "Redirecting you to the application" notification, so it redirects. I do a test to send a tweet, but it hasn't worked. So I threw in some debug code and I'm getting an HTTP response of 500! Twitter's end apparently? And if I check "Connections" the application that I authorized, IS NOT THERE. Now, this is where I'm lost, on both... help?
[twitter-dev] Re: Search API to require HTTP Referrer and/or User Agent
Hi Jeff, If you have added a User-Agent header you shouldn't have any problems with the new restriction. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 24, 2009, at 10:00 AM, feesta wrote: Hi all, I'm fairly new to app development and am working with Google Appengine at the moment. My app (http://www.twitwheel.com/) makes two calls to the search API for each page view. I've just added the user agent to my urlfetch calls. Do I still need to worry about the 100/hour rate limit? I've only just started testing and am open to alternatives and suggestions. thanks! -Jeff Easter On Jun 17, 4:41 pm, Dewald Pretorius wrote: Setting theuseragentis not only in the best interest of Twitter. It's in your best interest as well. I've been setting myuseragentfrom almost day #1 of my service, and on several occasions it has helped me to get quick response and issue resolution from the API team for both REST and Search API issues, because they could easily locate and isolate my calls in their access logs. This is something only the spammers need to worry about. For bona fide services this is a big plus. Best, Dewald
[twitter-dev] Re: Search API since_id doesn't work with filter:links
Hi Chad, I believe this was caused by one of the two bugs I deployed fixes for today [1]. Both of these were incorrectly returning 403 with the message about old since_ids when it was not the case. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://apiwiki.twitter.com/REST-API-Changelog On Jun 24, 2009, at 1:09 PM, Chad Etzel wrote: On Wed, Jun 24, 2009 at 4:02 PM, Cameron Kaiser wrote: I believe this error occurs when the search result would generate more than one page of results and a since argument (since or since_id) is given. Certainly something like that is bound to at some point, even at 100 reqs/page. I'm not fond of this implementation, mind you; I'd prefer getting the most recent page, plus maybe a warning in a separate field, rather than deepsixing the entire request. No, I'm pretty sure that's not the case. I have several "high traffic" searches going that regularly return 100 items, and I know there are more. It never gives that response. -Chad
[twitter-dev] Re: getting error 400 during creting follow request
Hi, What is the body of the response you get back? Many times the error message is informative and will let us know where to start looking for possible bugs. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 24, 2009, at 10:57 AM, ankit1234 wrote: hi, i have been repetedly getting error 400 while trying to crete follow request. I am using this twitter lib http://github.com/jdp/twitterlibphp/tree/master . so basically the content of the code is something like this :- $postarg=false; $url="http://twitter.com/friendships/create/.xml";; // Initialize CURL $ch = curl_init($url); // Tell CURL we are doing a POST curl_setopt ($ch, CURLOPT_POST, true); // Give CURL the arguments in the POST curl_setopt ($ch, CURLOPT_POSTFIELDS, $postargs); // Set the username and password in the CURL call curl_setopt($ch, CURLOPT_USERPWD, ":"); // Set some cur flags (not too important) curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_NOBODY, 0); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // execute the CURL call $response = curl_exec($ch); // Get information about the response $responseInfo=curl_getinfo($ch); // Close the CURL connection curl_close($ch); // Make sure we received a response from Twitter if(intval($responseInfo['http_code'])==200){ // Display the response from Twitter echo $response; }else{ // Something went wrong echo "Error: " . $responseInfo['http_code']; } here is the link where i have put this code http://viraltwitters.com/test.php . I am not sure why this is happening..Error 400 represents bad request or reaching the api limit..i have a dedicated api and i am sure i have not hit the limit..at the same time the code seems correct..so i am completely clueless why is this happening. thanks
[twitter-dev] Re: Favoriting broken
Hi Craig, Adding and removing favorites being delayed is a known issue we're working on. Take a look at yesterday's post to http://status.twitter.com/ [1] for other things that might be affected. Keep an eye on status.twitter.com for updates. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://status.twitter.com/post/128844304/follower-following-delays On Jun 24, 2009, at 12:00 PM, Craig Hockenberry wrote: The issue appears to affect the website, as well. When you click on the star, it changes color, but doesn't show up in your favorites list. -ch On Jun 24, 11:25 am, Craig Hockenberry wrote: FYI: We've been getting reports of favoriting not working in our app. Tried it in a few other apps and it appears to be a system-wide problem: <http://code.google.com/p/twitter-api/issues/detail?id=747> -ch
[twitter-dev] Re: Search API since_id doesn't work with filter:links
Why yes, there is: http://code.google.com/p/twitter-api/issues/detail?id=742 — Matt On Jun 24, 2009, at 10:55 AM, Chad Etzel wrote: Hmm, yes. I am seeing the same thing with the geocode: and source: modifiers. Is this a bug? -Chad On Wed, Jun 24, 2009 at 7:57 AM, Mojosaurus wrote: Hi, My script polls Twitter APIs once every 15 seconds with a query like http://search.twitter.com/search.atom?q=video%20filter:links&rpp=100&since_id=2309008249 Starting 2009-06-23, this API returns http 403, with the following error message. since date or since_id is too old Did anything change in the last 24 hours? Is this a known issue, and when is it expected to get fixed? Any leads would be much appreciated. -- thanks, Ishwar.
[twitter-dev] Re: created_at format change
Update: We just deployed a fix for this bug. the format should be back to normal. Thanks; — Matt Sanford / @mzsanford On Jun 23, 2009, at 7:24 PM, Matt Sanford wrote: This was not intentional and I'm trying to get to the bottom of it now. Matt On Jun 23, 2009, at 7:05 PM, Chad Etzel wrote: Yeah, all of my timestamps are now busted and I'm just finding out... It looks like this was just a change in the Search API format, and not the REST API format? Is that correct? Going bonkers, -Chad On Tue, Jun 23, 2009 at 9:02 PM, Christopher Finke wrote: Around 7:45pm Central time, I noticed that the format of the created_at timestamp changed from "Fri, 15 May 2009 14:41:50 +" to "2009-05-15 14:41:50 UTC". Was this change intentional? If so, was it communicated anywhere? We had to rush out a fix to our app in order to change the format string we were using to parse the date. (The true issue, of course, is that Python needs a strtotime() like PHP. :-) Chris
[twitter-dev] Re: created_at format change
This was not intentional and I'm trying to get to the bottom of it now. — Matt On Jun 23, 2009, at 7:05 PM, Chad Etzel wrote: Yeah, all of my timestamps are now busted and I'm just finding out... It looks like this was just a change in the Search API format, and not the REST API format? Is that correct? Going bonkers, -Chad On Tue, Jun 23, 2009 at 9:02 PM, Christopher Finke wrote: Around 7:45pm Central time, I noticed that the format of the created_at timestamp changed from "Fri, 15 May 2009 14:41:50 +" to "2009-05-15 14:41:50 UTC". Was this change intentional? If so, was it communicated anywhere? We had to rush out a fix to our app in order to change the format string we were using to parse the date. (The true issue, of course, is that Python needs a strtotime() like PHP. :-) Chris
[twitter-dev] Re: deleted tweets ares retrieved in the search results
Hey there, For the record, I'm working to fix that in the near term. I know it's been a long time coming but I have a git branch under way to add it so I hope it's not too much farther off. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 23, 2009, at 5:17 PM, Abraham Williams wrote: Currently there is no way to remove tweets from search. On Tue, Jun 23, 2009 at 11:31, Borja Martín wrote: Hi, I deleted some tweets I posted using a certain hashtag during the development of my application but they are still being retrieved using the search api method. I guess the results are cached, so I wonder how long does it take to flush the cache or if there is any way to delete these tweets from the results. Thanks in advance -- def dagi3d(me) case me when :web then "http://dagi3d.net"; when :twitter then "http://twitter.com/dagi3d"; end end -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Oauth Error: 500 & Does Not Authorize
Hello, It's a bit difficult to provide much help based on the description below. Is it possible for you to provide the HTTP request and response headers (both are important) for the request returning HTTP 500? Given that information I can try and track down the request and find the cause of the problem. Also, in the future please do not double post to the the list. It slows down response times while we all process all of our incoming messages. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 21, 2009, at 8:32 PM, King Kovifor wrote: OK, so I have been having troubles with my aplication. I'm new to OAuth, so it's probably wrong somewhere on my end. I got it so that it recognizes that the token is coming from my application, so it takes me and says "Deny" or "Allow". So far, so good. Ok. Clicking on Authorize, I get the "Redirecting you to the application" notification, so it redirects. I do a test to send a tweet, but it hasn't worked. So I threw in some debug code and I'm getting an HTTP response of 500! Twitter's end apparently? And if I check "Connections" the application that I authorized, IS NOT THERE. Now, this is where I'm lost, on both... help?
[twitter-dev] Re: API rate limits behaving differently when querying the user's accunt vs. other users
Hi Shy, When you don't specify and ID we require authentication, when you do specify and ID (no matter the user) we do not. This is mainly because without authentication the non-ID version wouldn't make any sense. When authentication is required we return HTTP 401 (authentication required) and .NET does the same request again with the credentials. When you pass in an ID we respond with valid data since authentication is not required and .NET never actually sends the credentials. You can get around this by setting the header manually [1] or there is a HttpWebRequest.PreAuthenticate property [2], but it does not works like one would expect [3]. I recommend the header route. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://groups.google.com/group/twitter-development-talk/browse_frm/thread/14ac4568e4a1cb17 [2] - http://groups.google.com/group/twitter-development-talk/msg/be5e28a8e0b4fb33 [3] - http://groups.google.com/group/twitter-development-talk/browse_frm/thread/3d54172d7492cce3/74a5ddabe36d5d3c On Jun 20, 2009, at 1:32 AM, Shy Cohen wrote: Hi Matt, Here's the C# code that I use to fetch the data: HttpWebRequest webRequest = (HttpWebRequest) WebRequest.Create (requestUri); webRequest.Credentials = new NetworkCredential(myUsername, myPassword); webRequest.Method = "GET"; WebResponse webResponse = webRequest.GetResponse(); XDocument response = XDocument.Load(new StreamReader (webResponse.GetResponseStream(), Encoding.UTF8)); If requestUri is "http://twitter.com/friends/ids.xml"; then response.Headers["X-RateLimit-Remaining"] returns "1" If requestUri is "http://twitter.com/friends/ids.xml?user_id=17283842"; then response.Headers["X-RateLimit-Limit"] returns "100". Please note that 17283842 is the user ID for the authenticated user (in other words, the ID of my account). It seems that the difference is in whether I’m specifying the ID of the user for whom to get the list of friends implicitly (i.e. using the implicit ID of the signed-in user) or explicitly (i.e. by specifying it in the request). Seems like this might be a bug (at least in the sense that it's unexpected behavior that is confusing the user ;-). What do you think? Thanks, Shy. On Jun 19, 12:21 pm, Matt Sanford wrote: Hi Shy, When authenticated methods correctly reflect the whitelisting and unauthenticated methods do not the most common cause is a client side issue where the authentication is not being sent. This is the case with browsers, who wait for an HTTP 401 and then respond with credentials. Some HTTP libraries do this as well (.NET comes to mind). If you let us know what library/language you're using we might be able to help. Another good thing to do is take a look at your request headers … if there is no Authentication header you're not authenticated. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 19, 2009, at 9:39 AM, Shy Cohen wrote: My app, running under my white-listed creds, was hitting the 100/hr rate limit. I thought that maybe my white-listing did not go into effect, but TweetDeck was showing that I have 20K calls left. I ran the Twitterizer sample, and it was working fine too, showing the quota to be 20K. I was baffled. I started playing with this a little and I believe I finally found the issue! It seems that calls to fetch data about the currently logged in user (e.g.http://twitter.com/statuses/user_timeline.xml) are subject to the 20K rate limit, while calls to fetch other users' data (e.g. http://twitter.com/followers/ids.xml?user_id=&page=) are counted against the IP (or something else, but not the creds I’m providing). Is this correct? If so, what’s the reason behind it? Also, is there a way to get around this without white-listing my (dynamically assigned) IP address? Thanks, Shy.- Hide quoted text - - Show quoted text -
[twitter-dev] Re: user/show does not return 401
Hi Jonas, The issue here is that /users/show allows both authenticated and un-authenticated access. Unlike the bug you referenced [1], the RFC does not really mention what to do in that case to my knowledge. For resources that require authentication we respond with a 401, and the browser prompts for a username/password and re-sends and authenticated request. In the case of /users/show we return valid data when not authenticated so the browser does not bother. In most programming languages/libraries there is an option to preemptively authenticate, or you can manually add the Authorization header. Someone has even done this in Javascript [2], albeit in XUL since it lacks a cross-domain security issue. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://code.google.com/p/twitter-api/issues/detail?id=135 [2] - http://groups.google.com/group/twitter-development-talk/browse_frm/thread/70bbd259e4217dde On Jun 19, 2009, at 8:21 PM, Jonas wrote: > > When I send incorrect credentials with a user/show.json command I > expect to get a 401 code from twitter. However, when I do this from a > browser using xmlhttprequest I get 400 instead. Actually, for the > first 100 tries I get 200 codes, and there after I get 400 codes, > because there is a rate limit of 100 per hour. The point is, at no > time does authentication ever occur. > > Could this be a bug in twitter? > > As this post explains > > http://groups.google.com/group/twitter-development-talk/browse_thread/thread/35c3918ec2317e98/d05dd17c5a261dfa?lnk=gst&q=xmlhttprequest+401#d05dd17c5a261dfa > > the RFC dictates that the browser does not send credentials until it > first receives a 401. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Twitter Development Talk" group. To post to this group, send email to twitter-development-talk@googlegroups.com To unsubscribe from this group, send email to twitter-development-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/twitter-development-talk?hl=en -~--~~~~--~~--~--~---
[twitter-dev] Re: making API call to update status
Hi there, The read and read/write permission level is stored on a per-token basis. This is to prevent a user from authorizing your application as "read only" and you escalating it to "read and write" without their knowledge. You need to get a new token for the user in question to be able to write. You can also pass the oauth_access_type parameter in the user redirect [1] to specify. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://groups.google.com/group/twitter-development-talk/browse_frm/thread/d4fefae61f5e7019 On Jun 21, 2009, at 4:30 PM, James wrote: On Jun 4, 2:57 pm, Abraham Williams <4bra...@gmail.com> wrote: If an application is created using read-only an account grants access and then the application changes to read-write the user needs to grant access again in order for the application to post updates. I've changed my application to read-write, reset the consumer key/ secret, and re-authenticated as an end-user, and I'm still getting the 'Read-only application cannot POST' error. It's been several hours. Either Twitter is taking a while to propagate the changes, or there's something else to do that I haven't thought of On Thu, Jun 4, 2009 at 00:13, avinash srivastava wrote: looks like while setting up your application you have asked for read permission only. Check for access type in your application settings on twitter and make it read and write. Avinash On Thu, Jun 4, 2009 at 10:20 AM, Nasir wrote: Hi, Can any one help me to make api call after authentication using OAuth- php. Its gives an error (Read-only application cannot POST) Thanks -- Abraham Williams |http://the.hackerconundrum.com Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
[twitter-dev] Re: OAuth and pincodes...
Hi Chris, As it is currently written the PIN code will always be numeric, in part to handle the lowest-common-denominator of mobile handsets. There is no plan to change that. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 21, 2009, at 11:49 AM, Chris Kimpton wrote: Hi, To answer myself, yes it is. I guess I cannot assume that the twitter pin code will always be numeric - would be nice to give the user the numberpad if it is, but then they cannot switch to text... Regards, Chris 2009/6/20 Chris Kimpton Hi, A bit late to this party, so sorry for repeating stuff, but trying to get my old head around the twitter 1.0a OAuth changes. http://oauth.googlecode.com/svn/spec/core/1.0a/drafts/3/oauth-core-1_0a.html#auth_step3 http://groups.google.com/group/twitter-development-talk/browse_frm/thread/1c48fedf4ae7ed52/7d772dedcc756cbf#7d772dedcc756cbf I have a desktop client (an iphone app, Twitkwik) which 'now' supplies the user with a pin code after they authorise the app to use Twitter. My understanding is that the app should ask the user for the pin code and then send this (as oauth_verifier) when swapping the request token for an access token request. Does that sound correct? As far as I can tell, webapps can get round this by providing a callback. Thanks in advance, Chris
[twitter-dev] Re: API rate limits behaving differently when querying the user's accunt vs. other users
Hi Shy, When authenticated methods correctly reflect the whitelisting and unauthenticated methods do not the most common cause is a client side issue where the authentication is not being sent. This is the case with browsers, who wait for an HTTP 401 and then respond with credentials. Some HTTP libraries do this as well (.NET comes to mind). If you let us know what library/language you're using we might be able to help. Another good thing to do is take a look at your request headers … if there is no Authentication header you're not authenticated. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 19, 2009, at 9:39 AM, Shy Cohen wrote: My app, running under my white-listed creds, was hitting the 100/hr rate limit. I thought that maybe my white-listing did not go into effect, but TweetDeck was showing that I have 20K calls left. I ran the Twitterizer sample, and it was working fine too, showing the quota to be 20K. I was baffled. I started playing with this a little and I believe I finally found the issue! It seems that calls to fetch data about the currently logged in user (e.g. http://twitter.com/statuses/user_timeline.xml) are subject to the 20K rate limit, while calls to fetch other users' data (e.g. http://twitter.com/followers/ids.xml?user_id=&page=) are counted against the IP (or something else, but not the creds I’m providing). Is this correct? If so, what’s the reason behind it? Also, is there a way to get around this without white-listing my (dynamically assigned) IP address? Thanks, Shy.
[twitter-dev] Re: Private Email Addresses Exposed in Direct Message Email!!!!
Hi there, A fix is going out today. — Matt On Jun 19, 2009, at 7:51 AM, Dossy Shiobara wrote: How else are spammers going to "build their lists" and "harvest valuable data from Twitter" to "make money fast"? On 6/19/09 10:46 AM, Kee Hinckley wrote: Discovered by @ChicagoBungalow. What's the ETA on a fix? And oh shit, what about the Iranians! Subject: Direct message from TWITTERUSEROGESHERE Sender: Twitter -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70)
[twitter-dev] Re: oauth callback not working
Hi there, If you're using the OAuth gem it is automatically sending oauth_callback with a value of "oob", which tells twitter to use the PIN style. By passing the oauth_callback in you can override that default. An issue [1] has been files with the gem author. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://github.com/mojodna/oauth/issues#issue/7 On Jun 19, 2009, at 6:07 AM, Ryan Bigg wrote: Hi, when you do get_request_token you need to pass oauth_callback as an option (even though you set this up with your application) Ryan Bigg Mocra http://mocra.com On 19/06/2009, at 18:02, phillee wrote: I'm following the rails example for OAuth. I got to the point where the user can click authorize on twitter. However this leads to http://twitter.com/oauth/authorize with a number and "Enter the following PIN when prompted..." I've configured the app to be a browser app. Anything else I'm missing? Thanks!
[twitter-dev] Re: Green Profile Pictures
Hi there, It's users showing support for Iran. Check out http://search.twitter.com/search?q=%23iranelection+green and http://helpiranelection.com/ for information on the green avatars. Thanks; — Matt Sanford On Jun 18, 2009, at 5:03 PM, Dewald Pretorius wrote: I'm suddenly seeing a lot of profile pictures that have a sickly green hue. I know it's not an API issue, but just wondering if it's a bug with image processing, or just some new user fad.
[twitter-dev] Re: cannot authenticate to oAuth - php, abrahams code
Hi Peter, Can you give a little more information so people who search for this in the future can maybe find the same issue? Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 18, 2009, at 11:17 AM, Peter Denton wrote: its something on my end. Thanks for your help Matt. On Thu, Jun 18, 2009 at 10:41 AM, Peter Denton wrote: Hi Matt, No matter what I do, even if I delete cookies, sessions, I can not authenticate except once every few dozen attempts. This is the response I get. [request] => /account/verify_credentials.xml? oauth_version = 1.0 &oauth_nonce = 10f29b374a549c7d5bd0ad89ecc8b892 &oauth_timestamp = 1245346747 &oauth_consumer_key =MlC6u6i1v7zLofmbeQOw4w&oauth_signature_method=HMAC- SHA1&oauth_signature=E%2Fxi84w9QZGN8TBJJ%2BwjftrUgEI%3D [error] => Could not authenticate you. Thanks Peter On Thu, Jun 18, 2009 at 9:55 AM, Matt Sanford wrote: Hi Peter, I just tested Abraham's instance of his code at http://twitter.abrah.am and it worked correctly for me. Perhaps it is something token or application specific? Can you let me know the exact error message and the token you're using? Thanks; — Matt On Jun 18, 2009, at 9:50 AM, Peter Denton wrote: Hello, Is anyone else having issues authenticating with oAuth using Abraham's code? I have not been able to login since last night. Thanks Peter -- Peter M. Denton www.twibs.com i...@twibs.com Twibs makes Top 20 apps on Twitter - http://tinyurl.com/bopu6c -- Peter M. Denton www.twibs.com i...@twibs.com Twibs makes Top 20 apps on Twitter - http://tinyurl.com/bopu6c
[twitter-dev] Re: cannot authenticate to oAuth - php, abrahams code
Hi Peter, I just tested Abraham's instance of his code at http://twitter.abrah.am and it worked correctly for me. Perhaps it is something token or application specific? Can you let me know the exact error message and the token you're using? Thanks; — Matt On Jun 18, 2009, at 9:50 AM, Peter Denton wrote: Hello, Is anyone else having issues authenticating with oAuth using Abraham's code? I have not been able to login since last night. Thanks Peter
[twitter-dev] Re: What is the status of URL shortening by Twitter? (no more bit.ly)?
Hi there, Twitter disabled the automatic URL shortening if there is any slowness or other problem accessing the shortener. We make a best effort to automatically shorten but we don't want to return HTTP 500 simply because a shortening service failed to respond in time. As far as bit.ly goes, they do have an API [1] for getting all of the short versions of a long URL, so you might want to give that a shot. We've talked many times about the shortened/lengthened URL issue in search and hopefully we'll come up with a scalable solution at some point. It's not something I expect in the near term, however. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://bit.ly/apidocs On Jun 18, 2009, at 6:38 AM, Bjoern wrote: Hi, I just wanted to look into the URL shortening issues, but found that I could not get Twitter to shorten my URLs anymore. Has Twitter dropped the practice of using bit.ly? I am very interested in the reverse lookup - finding tweets that link to a given web site. I think it would have been next to impossible to do with bit.ly anyway, so if Twitter dropped it again, cheers to that! At least with tinyurl there was a high likelyhood that all tinyurls pointing to a given web site would be the same. As far as I can tell bit.ly does not even give you the option to create a "common" URL via the API - all URLs would be specific to the API caller. It would be great if eventually Twitter could support searching for URLs (and finding all of it's variants), similar to the recently announced TweetMeme API. The TweetMeme API is interesting, but too (rate) limited - also missing JSONP. Besides, it would really make sense if Twitter would support this directly. Björn
[twitter-dev] Re: adding hashtags to direct message API
Hi there, This may be a more simple misunderstanding. If you send a direct message that is a private message and will not show up in search. You can use hashtags in direct messages but they will never show up in the search results. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 17, 2009, at 11:03 PM, xp wrote: I take it back. actually the hashtag sent from api does work. it just does not show the link unless you do a #hashtag search. On Jun 17, 1:46 pm, Joel Strellner wrote: Sounds like you need to URL encode your string before you send it to the API. The hash symbol is a reserved character and has a special meaning in URLs. Your browser will not automatically encode it like it would for spaces, for example. On Jun 16, 11:07 pm, xp wrote: is there any way to add hashtags in direct message API call? thanks.
[twitter-dev] Re: Oauth PIN Code
Hi there, For "browser" applications where you have specified the callback URL twitter does fall back on that value unless you send the oauth_callback=oob. If you send "oob" (out of band) you are essentially asking us to go though the PIN flow despite our better judgement. The issue for many people is that the latest versions of the OAuth gem add "oob" if you don't provide a value. I opened an issue with the gem maintainer [1] and someone has helpfully included a patch in reply to that. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://github.com/mojodna/oauth/issues#issue/7 On Jun 18, 2009, at 3:16 AM, Ryan Bigg wrote: On further consideration, I really believe that twitter itself should do this, given that you set the callback when you're creating/editing the application AND you set it to "browser". It appears to me as if these options are purely cosmetic. I shouldn't have to set the callback when Twitter already knows what that callback is! - Ryan Bigg Mocra - Premier iPhone and Ruby on Rails Consultants w - http://mocra.com e - ra...@mocra.com p - +61 432 937 289 or +61 7 3102 3237 skype - radarlistener On 18/06/2009, at 6:36 PM, Lachlan Hardy wrote: I'm using the OAuth gem, but I had a similar problem. You need to ensure you are specifying the oauth_callback in your request. eg @request_token = @consumer.get_request_token(:oauth_callback => "http://example.com/auth";) instead of @request_token = @consumer.get_request_token
[twitter-dev] Re: Search API to require HTTP Referrer and/or User Agent
Hi Craig, I didn't know about the X-Twitter-Client headers, thanks for the info. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 17, 2009, at 10:09 AM, Craig Hockenberry wrote: Matt & Doug, Here's some more information to help fingerprint search requests: The MGTwitterEngine library sends the following X headers by default: X-Twitter-Client: MGTwitterEngine X-Twitter-Client-Url: http://mattgemmell.com/source X-Twitter-Client-Version: 1.0 These can be overridden by the developer. For Twitterrific, we're using: X-Twitter-Client: Twitterrific X-Twitter-Client-Url: http://iconfactory.com/twitterrific X-Twitter-Client-Version: iPhone 2.0 In addition, connections initiated from an iPhone will likely be going through CFNetwork. This API adds a user agent that contains the application name, version as well as the version of the framework and operating system. For example: User-Agent: Twitterrific/2.1a3 CFNetwork/445.6 Darwin/10.0.0d3 Hope this helps! -ch On Jun 16, 2:05 pm, Matt Sanford wrote: Hi there, While all of this flame is keeping my feet warm it's not really productive. This isn't Slashdot comments, let's try and remain on topic rather the getting into RFC debates. To be even more explicit than my previous email: Use the user-agent. Referrer will be taken care of by browsers and I see as a fallback for client-side JSON users rather than a replacement for a user-agent. The subsequent reply from Michael Ivey about how this helps is dead on. With no context at all I'm forced to block all of ECS/ AppEngine/Yahoo Pipes is one person misbehaves. Nobody likes that. Since search is not authenticated OAuth does not really help here. We may be forced to make search authenticated if we can't find a reasonable way to sort the good from the bad. This is a first attempt at helping us cut out poorly build spam scripts and shorten the time I spend researching each abuser. It saves time and lets me fix more bugs, assuming I don't spend the newly saved time in RFC debates, that is :) Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 16, 2009, at 12:39 PM, Stuart wrote: 2009/6/16 Naveen Kohli Redefining HTTP spec, eh :-) Whatever makes twitter boat float. Lets hope for the best. Just concerned that some firewalls or proxies tend to remove "referrer". What a completely ridiculous thing to say. It's not "redefining" anything. If Twitter want to require something in order to access their service they absolutely have that right. It's not like they're saying every HTTP server should start requiring these headers. It's true that some firewalls and proxies remove the referrer header, and some also remove the user agent header. I'm somewhat unclear on exactly how this stuff is supposed to help. If an application sets out to abuse the system they'll simply set the headers so they look like a normal browser. I don't see what purpose requiring these headers to be something useful will actually serve. IMHO you might as well "require" the source parameter for all API requests that use basic auth which is simple for all apps to implement; OAuth clearly carries identification with it already. -Stuart -- http://stut.net/projects/twitter On Tue, Jun 16, 2009 at 1:05 PM, Stuart wrote: It's optional in the HTTP spec, but mandatory for the Twitter Search API. I don't see a problem with that. Doug: Presumably the body of the 403 response will contain a suitable descriptive error message in the usual format? -Stuart -- http://stut.net/projects/twitter 2009/6/16 Naveen Kohli : Why would you make decision based on "Referrer" which is an OPTIONAL header field in HTTP protocol? Making decision based on something that is "REQUIRED" may be more appropriate. On Tue, Jun 16, 2009 at 12:33 PM, Doug Williams wrote: Hi all, The Search API will begin to require a valid HTTP Referrer, or at the very least, a meaningful and unique user agent with each request. Any request not including this information will be returned a 403 Forbidden response code by our web server. This change will be effective within the next few days, so please check your applications using the Search API and make any necessary code changes. Thanks, Doug -- Naveen K Kohli http://www.netomatix.com -- Naveen K Kohli http://www.netomatix.com
[twitter-dev] Re: Failed to validate oauth signature or token with OAuth while updating the status
Hi there, You may want to checkout the issues list for the PHP library. I found an issue there that seems to be the same: http://github.com/jmathai/twitter-async/issues/unreads#issue/6 Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 17, 2009, at 5:32 AM, Borja Martín wrote: Hi, I'm getting the following error while trying to update the user status who is supposed to be authenticated through OAuth: 'Failed to validate oauth signature or token' The thing is that this was working a few hours ago and if I try to call the credentials verfication api method it works fine although I'm using the same tokens: $this->_twitter_oauth->setToken($session->oauth_access_token, $session->oauth_acces_token_secret); # this works $info = $this->_twitter_oauth->get_accountVerify_credentials(); $info->response # this doesn't $info = $this->_twitter_oauth->post_statusesUpdate(array('status' => $status, 'in_reply_to_status_id' => $in_reply_to_status_id)); $info->response (I'm using the EpiTwitter/EpiOAuth php library grabbed from this post: http://www.jaisenmathai.com/blog/2009/03/31/how-to-quickly-integrate-with-twitters-oauth-api-using-php/) Did anyone else found this issue? Thanks in advance Regards -- def dagi3d(me) case me when :web then "http://dagi3d.net"; when :twitter then "http://twitter.com/dagi3d"; end end
[twitter-dev] Re: Search API to require HTTP Referrer and/or User Agent
Hi there, While all of this flame is keeping my feet warm it's not really productive. This isn't Slashdot comments, let's try and remain on topic rather the getting into RFC debates. To be even more explicit than my previous email: Use the user-agent. Referrer will be taken care of by browsers and I see as a fallback for client-side JSON users rather than a replacement for a user-agent. The subsequent reply from Michael Ivey about how this helps is dead on. With no context at all I'm forced to block all of ECS/ AppEngine/Yahoo Pipes is one person misbehaves. Nobody likes that. Since search is not authenticated OAuth does not really help here. We may be forced to make search authenticated if we can't find a reasonable way to sort the good from the bad. This is a first attempt at helping us cut out poorly build spam scripts and shorten the time I spend researching each abuser. It saves time and lets me fix more bugs, assuming I don't spend the newly saved time in RFC debates, that is :) Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 16, 2009, at 12:39 PM, Stuart wrote: 2009/6/16 Naveen Kohli Redefining HTTP spec, eh :-) Whatever makes twitter boat float. Lets hope for the best. Just concerned that some firewalls or proxies tend to remove "referrer". What a completely ridiculous thing to say. It's not "redefining" anything. If Twitter want to require something in order to access their service they absolutely have that right. It's not like they're saying every HTTP server should start requiring these headers. It's true that some firewalls and proxies remove the referrer header, and some also remove the user agent header. I'm somewhat unclear on exactly how this stuff is supposed to help. If an application sets out to abuse the system they'll simply set the headers so they look like a normal browser. I don't see what purpose requiring these headers to be something useful will actually serve. IMHO you might as well "require" the source parameter for all API requests that use basic auth which is simple for all apps to implement; OAuth clearly carries identification with it already. -Stuart -- http://stut.net/projects/twitter On Tue, Jun 16, 2009 at 1:05 PM, Stuart wrote: It's optional in the HTTP spec, but mandatory for the Twitter Search API. I don't see a problem with that. Doug: Presumably the body of the 403 response will contain a suitable descriptive error message in the usual format? -Stuart -- http://stut.net/projects/twitter 2009/6/16 Naveen Kohli : > Why would you make decision based on "Referrer" which is an OPTIONAL header > field in HTTP protocol? Making decision based on something that is > "REQUIRED" may be more appropriate. > > > On Tue, Jun 16, 2009 at 12:33 PM, Doug Williams wrote: >> >> Hi all, >> The Search API will begin to require a valid HTTP Referrer, or at the very >> least, a meaningful and unique user agent with each request. Any request not >> including this information will be returned a 403 Forbidden response code by >> our web server. >> >> This change will be effective within the next few days, so please check >> your applications using the Search API and make any necessary code changes. >> >> Thanks, >> Doug > > > > -- > Naveen K Kohli > http://www.netomatix.com > -- Naveen K Kohli http://www.netomatix.com
[twitter-dev] Re: Search API to require HTTP Referrer and/or User Agent
Hi all, Let me clarify a bit. For server-side processing please set the User-Agent header. I recommend using your domain name, or if you don't have one (which is odd) your appname. Something like "myapp.com" or "myapp". By using domain name we'll be able to check out the site and reach out to contact people if we suspect them of abuse. Spammers often don't respond to questions from the services they abuse, and if someone is using your user-agent falsely you'll have the possibility of saying "That's not me, I'm not on app engine". For client-side processing like TweetGrid the browser will send a User-Agent and referrer unless you're doing something exceedingly odd, so you should be fine. This change is mostly to combat an increasing amount of spam coming from "cloud" services like ecs and appengine. At first we'll only be applying this restriction to those IP addresses but it may need to be broadened as time goes on. If you're writing client software please add a user-agent in case we end up having to widen this in the future. This seems like a better plan than the Media Temple fiasco we went though last time we blocked a shared service for hosting spammers [1]. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - https://twitter.com/mzsanford/status/1924718435 On Jun 16, 2009, at 10:10 AM, funkatron wrote: Totally understand the need. I asked for clearer criteria because in message one, you state you'll require "a valid HTTP Referrer" or "a meaningful and unique user agent" I can probably define a valid HTTP Referrer as containing a URL that exists, but a meaningful/unique user agent is somewhat in the eye of the beholder. In the second message, you say you'll require "a valid HTTP Referrer and/or a User Agent" I'm not sure how to define a "valid" user agent. That's why I'd like to see *your* definition for these things so we can meet your criteria. -- Ed Finkler http://funkatron.com Twitter:@funkatron AIM: funka7ron ICQ: 3922133 XMPP:funkat...@gmail.com On Jun 16, 12:56 pm, Doug Williams wrote: All we ask is that you include a valid HTTP Referrer and/or a User Agent with each request which is easy to do in almost every language. Both would be helpful but we only require one at this time. We simply want to be able to identify apps and have the ability to communicate with the authors. Thanks, Doug On Tue, Jun 16, 2009 at 9:51 AM, Justyn Howard wrote: Thanks Doug - Any additional info to help us know if we comply? My dev is out of the country on vacation and want to make sure we don’t miss anything. On 6/16/09 11:33 AM, "Doug Williams" wrote: Hi all, The Search API will begin to require a valid HTTP Referrer, or at the very least, a meaningful and unique user agent with each request. Any request not including this information will be returned a 403 Forbidden response code by our web server. This change will be effective within the next few days, so please check your applications using the Search API and make any necessary code changes. Thanks, Doug
[twitter-dev] Re: Twitpocalypse and yajl
Hi David, Checkout the post by @chockenberry about the same issue with Twitterific [1]. He does not provide a patch but provides some good info on where the problem was. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://furbo.org/2009/06/15/brain-farts/ On Jun 16, 2009, at 9:58 AM, David Fisher wrote: Has anyone had any luck getting Brian Mario's Yajl gem working? http://github.com/brianmario/yajl-ruby/tree/master It seems to be breaking for me, but my code was working prior really well. I tried to patch it, and rebuild the gem, but I was getting errors installing. This is critical for me to fix asap. Thanks, David/@tibbon On Jun 14, 6:22 pm, Matt Sanford wrote: Hi there, Someone emailed me directly to mention that the gist linked to still has a hard coded string length (strtoul is using 10) that would stop working on the newly supported long numbers (up to 20 digits). I'm not quite sure why they emailed me directly but I'll withhold their name in case it was not an accident. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 12, 2009, at 5:30 PM, Steve Streza wrote: For those who didn't survive to the post-twitpocalyptic world thanks to YAJL, give this patch a shot. http://gist.github.com/129033
[twitter-dev] Re: Rate Limits - Am I Blacklisted?
Hi there, Since moving servers reset things it sounds like it's using the unauthenticated limit. We do that if there are no credentials or if the credentials are incorrect. You also mention that statuses/update (note the plural)is giving you a 401. That would make sense if the username/password were incorrect as well. Is this rate limit issue happening for an API method that allows unauthenticated access? If so it sounds like it would all fit. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 16, 2009, at 5:14 AM, betweeted wrote: I began noticing some strange behavior - 401 errors on status/update calls saying "We were unable to authenticate you". I racked my brain, checked and rechecked the username and password, then finally I decided to create a small script to check my ratelimit at account/rate_limit_status.xml and sure enough, I was at 0. I waited an hour, and I was at 54. Within minutes, however, I was back to 0. So, naturally I thought some bot had hijacked my scripts and was eating up my api calls. I downloaded server logs. There is no excessive activity at all. In any case, all my calls are authenticated, so they should be using the users api limit, not my servers. On a hunch, I uploaded the same rate limit checking script to a different host that I have access to (with a different IP). Guess what? 100 hits remaining. In fact, whether I authenticate the request or not, I'm still at 0 hits remaining whenever I try that same script on my server. But, if I try it somewhere else, I have all 100. Am I blacklisted?
[twitter-dev] Re: Create friends
Hi there, Thanks for including code, but the most helpful thing would be the error message you're getting. Looking over several pages of code it is a little tough to pick something out but the body of the response you get should give a reason why the method failed. Please collect that and let us know. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 14, 2009, at 11:07 PM, cbrechb...@gmail.com wrote: Hi, I am having trouble, in fact absolutely no success, using my php script create friendships. If you could find the error in my code/ give me a code that works I would greatly appreciate it! In the code below the update function works perfectly but the followers and create function don't work at all. Below is my code: $uname = $_POST['username']; $upass = $_POST['pass']; include("./Twitter.class.php"); $twitter = new Twitter(); $twitter->username = $uname; $twitter->password = $upass; // Show public timeline echo $twitter->followers('xml'); // Update your status echo $twitter->update('xml','Just increased my followers...'); // Start following a user echo $twitter->create('xml','commonsensegov'); As you can see I am using twitter.class.php which I have included below: http://www.gnu.org/ licenses/>. * * File:Twitter.class.php * Author: Brandon Trebitowski * Created: 02/26/2009 * Version: 1.0 */ class Twitter { var $username=''; var $password=''; var $responseInfo=array(); // Status Methods /* * Returns the 20 most recent statuses from non-protected users * who have set a custom user icon. Does not require authentication. * Note that the public timeline is cached for 60 seconds so requesting * it more often than that is a waste of resources. */ function public_timeline($format) { $request = 'http://twitter.com/statuses/public_timeline.'.$format; return $this->process($request); } /* Returns the 20 most recent statuses posted by the authenticating * user and that user's friends. This is the equivalent of /home on the Web. */ function friends_timeline($format='xml',$count=20) { $request = 'http://twitter.com/statuses/friends_timeline.'.$format; $postargs = "count=$count"; return $this->process($request,$postargs); } /* Returns the 20 most recent statuses posted from the authenticating user. * It's also possible to request another user's timeline via the id parameter * below. This is the equivalent of the Web /archive page for your own user, * or the profile page for a third party. */ function user_timeline($format='xml',$id=null) { $request = 'http://twitter.com/statuses/user_timeline.'.$format; if($id) { $postargs = "id=$id"; return $this->process($request,$postargs); } return $this->process($request); } /* Updates the authenticating user's status. Requires the status parameter * specified below. Request must be a POST. A status update with text identical * to the authenticating user's current status will be ignored. */ function update($format = 'xml',$status){ $request = 'http://twitter.com/statuses/update.'.$format; $postargs = 'status='.urlencode($status); return $this->process($request,$postargs); } /* Returns the 20 most recent @replies (status updates prefixed with @username) * for the authenticating user. */ function replies($format='xml') { $request = 'http://twitter.com/statuses/replies.'.$format; return $this->process($request); } // User Methods /* Returns the authenticating user's friends, each with current status inline. * They are ordered by the order in which they were adde
[twitter-dev] Re: Profile background image set from statuses/show
Hi there, You're not missing it, there is no such attribute. Please checkout the Goolge Code issue [1] and mark it with a star (next to the title) to get updates. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://code.google.com/p/twitter-api/issues/detail?id=587 On Jun 15, 2009, at 2:50 AM, Nil Gradisnik - gTwitter dev wrote: There are lots of useful properties in Twitter REST API Method: statuses show. But I can't seem to find the information about "is the profile background image is used or not" by user. It seems that this information is no available from API: http://twitter.com/statuses/show/id.format . Am I missing something here?
[twitter-dev] Re: Cancel Following request for protected users
Hi there, Please file a new Feature Request [1] and we'll see what we can do. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] - http://code.google.com/p/twitter-api/issues/entry?template=Feature%20Request On Jun 15, 2009, at 12:23 AM, kkp wrote: Hi, I am able to follow and unfollow users by usig API. it is working fine. I have a problem now.. when i send a following request to "protected updates type users(protected=true)" my request is showing pending in twitter UI. Now i want to cancel this request using the API. In Twitter site it is showing a message "Cancel Request" when i click this button my following request is cancel. I want to do this same using my application also. How can we cancel the "following request" to protected users using Twitter API? Any help can be appreciated. Thanks & regards kkp
[twitter-dev] Re: Twitpocalypse and yajl
Hi there, Someone emailed me directly to mention that the gist linked to still has a hard coded string length (strtoul is using 10) that would stop working on the newly supported long numbers (up to 20 digits). I'm not quite sure why they emailed me directly but I'll withhold their name in case it was not an accident. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 12, 2009, at 5:30 PM, Steve Streza wrote: For those who didn't survive to the post-twitpocalyptic world thanks to YAJL, give this patch a shot. http://gist.github.com/129033
[twitter-dev] Re: Twitpocalypse Announcement
Hi there, That is indeed what I meant. We are planning to skip some ids to force the 2^32 change during business hours. Twitter itself should be fine but I originally announced this to the list so people could make sure they'll also be fine. There is no change to the format of responses and the number will continue to grow upward. This was just fair warning that you might have used the Rails default definition (or some other method) that relies on signed 32-bit integers. The 'decide to do this' part is deciding to do this now by skipping ids rather than let it occur naturally 12 hours from now when people have been up for 24-hours and might not be at their best. Let's not allow the 'insulting' vagueness devolve into insulting tone, please. We're working on co-ordinating internally to do this at 21:00 GMT but like all things involving groups of people we may run a little late. Sometime after 21:00 GMT this is still planned. We'll update @twitterapi when the exact time comes. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 12, 2009, at 1:06 PM, Stuart wrote: 2009/6/12 J. Adam Moore : So do I just allocate as many bits as I can in my database to the id field and hope that it doesn't ever run out? I'm confused why you just announced that. Okay, so an overflow is happening. Is that your fault? Is this fixable on your end, my end. Is this just for people who are using 32-bit signed ints to store ids? Decide to do what? Roll it over like an odometer or increase the field size? Forgive me for being an idiot, but 'decide to do this' is just about vague enough to be insulting. I was happily under the assumption that this problem was considered long, long ago when the field size was initially chosen by who I also assumed to be smart people. I read it as "we're considering skipping a bunch of IDs so we hit the limit during today rather than sometime over the weekend. That way there will be people at Twitter able to react to support issues that might arise. As for what developers should do I think it's pretty obvious. If you're using a signed 32-bit integer to store tweet IDs you need to change that ASAP because judgement day is coming!!! -Stuart -- http://stut.net/projects/twitter On Jun 12, 10:23 am, Matt Sanford wrote: Hi all, The overflow of the 32-bit signed integer value for status ids (a.k.a "The Twitpocalypse" [1]) is fast approaching. The current estimate is around tomorrow at around 11am GMT, or 3:00am Pacific time in the case of Twitter. There is some discussion internally about accelerating things so we'll be in the office and able to cope. Nobody is their freshest at 3:00am, not to mention it would be nice to not have apps broken throughout the weekend if one-person developer teams don't notice. No decision has been made yet but I wanted to get something out to you all so you know what's going on in the event we decide to do this. Thanks; – Matt Sanford / @mzsanford Twitter Dev [1] -http://www.twitpocalypse.com/