Any time you making authenticated calls there is the possibility of return protected status/account info which should be considered secret. I personally always use https when interacting with the Twitter API. Better to be safe then running the risk of accidentally having security issues. Plus you don't have to worry about logic of when to use a secure connection and when not to.
Abraham On Sat, Oct 3, 2009 at 15:03, Andy Freeman <ana...@earthlink.net> wrote: > > The authenticated calls are signed with a 'secret' but don't return > secret information. > > The /oauth calls are also signed with a secret but do return secret > information. > > > > On Oct 3, 10:16 am, Adam Shannon <a...@ashannon.us> wrote: > > HTTPS is a secure and encrypted transfer protocol for HTTP. HTTPS is > > designed to "hide" sensitive data (passwords, credit card numbers) > > from malicious persons. So it's safe to say that whenever you will be > > transferring sensitive data (OAuth, passwords) you should use HTTPS. > > > > On Sat, Oct 3, 2009 at 12:03 PM, Andy Freeman <ana...@earthlink.net> > wrote: > > > > > When should I use https instead of http in twitter api calls? > > > > > I'd guess that it's okay to use http for oauth-authenticated /show/ > > > user and maybe /statuses/update, but what about the four oauth calls (/ > > > oauth/request_token, /oauth/authorize, /oauth/authenticate, and /oauth/ > > > access_token)? > > > > > Thanks, > > > -andy > > > > -- > > - Adam Shannon (http://ashannon.us) > -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham http://web608.org/geeks/abraham/blogs/2009/10/03/win-google-wave-invite This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
