WHAT’S NEW Requires authentication
on every API endpoint Has a new per-endpoint rate-limiting methodology Changes to the Developer Rules of the Road, especially around applications that are traditional Twitter clientsSource: https://dev.twitter.com/sites/all/themes/twitter_commons/images/circles-bird.png
Secure Passwords not
shared with 3rd party applications, increasing account security Standard Lots of libraries and example code compatible with Twitters OAuth implementation. Application-user authentication This is the most common form of resource authentication in Twitters OAuth 1.0A implementation to date. Your signed request both identifies your applications identity in addition to the identity accompanying granted permissions of the end-user youre making API calls on behalf of, represented by the users access token Application authentication This form of authentication is announced but not yet supported. Stay tuned. Note: Can’t easily move to 2.0 due to tokens not expiring being Twitter common practice and other issuesSource: http://en.wikipedia.org/wiki/OAuth
Authentication is required so
that twitter can know exactly who is pulling data to: prevent malicious use of the Twitter API gain an understanding of what types of applications are accessing the API to evolve it to meet the needs of developers Note: Perhaps to provide more granular developer billing opportunities for Twitter?
For developers who are
already using OAuth when making API requests, all of your authentication tokens will transition seamlessly from v1.0 to v1.1. If your application is currently using the Twitter API without using OAuth, you will need to update your application, it may already be broken. Key Deadline: March 2013.
1.0 API limited requests
to 350 calls per hour, regardless of the type of information Per-endpoint rate limiting allows developers more access to endpoints that are frequently requested by applications, while continuing to prevent abuse of Twitters resources
Applications for one endpoint
more restricted Applications that use multiple endpoints will run into rate limiting issues less frequently Most individual API endpoints will be rate limited at 60 calls per hour per-endpoint High-volume endpoints related to Tweet display, profile display, user lookup and user search will be able to make up to 720 calls per hour per endpoint
Display Guidelines will become
Display Requirements Pre-installed client applications must be certified by Twitter Developers must engage with Twitter directly for a large amount of user tokens And lots more ‘rules’…
MANDATORY NOT OPTIONAL MOBILE TWEET
All applications that display Tweets must link @usernames to the appropriate Twitter profile display appropriate Tweet actions scale display of Tweets appropriately based on the device. If your application displays Tweets to users, and it doesnt adhere to Display Requirements, Twitter reserve the right to revoke your application key.
Restrictions on how tweets are
displayed, particularly those banning tweets appearing in a stream with updates from other services, appear broad enough to require substantial changes to a wide range of apps. Note Twitters own apps are not best practice here.Source http://www.techrepublic.com/blog/cio-insights/twitter-api-changes-why-its-time-for-developers-to-adapt/39749448
HTTP 404 ON TIMELINE FEEDS?
NO MORE RSS IN API 1.1 In March of 2012 Twitter “Please note that there is no announced retirement of support for the RSS response "unversioned endpoints,” format in API v1.1.” GET statuses/public_timeline v1 REST ATOM response format Note: These changes reflect changes to display requirements In early October and authentication 2012, Twitter turned off requirements – RSS feeds no these endpoints. longer allowed as they cannot enforce display requirements
1.1 Api clients pre-installed
on mobile handsets, SIM cards, chipsets or other consumer electronics devices. Long lead time required to update pre-installed client BB6/7 WP7/8 applications Twitter want to make sure that the best Twitter experience possible is provided before the application ships. If you ship an application pre- installed without it being certified by Twitter, they reserve the right to revoke your application key. iOS5/6 Android 2-4
“Additionally, if you are building
a Twitter clientapplication that is accessing the home timeline,account settings or direct messages APIendpoints (typically used by traditional clientapplications) or are using our User Streamsproduct, you will need our permission if yourapplication will require more than 100,000individual user tokens”
Don’t add or remove
functionality from Tweets, change Tweet actions to other verbs, etc. Twitter clients have a ceiling of 100,000 users, among other restrictions. TOS changes to ‘traditional clients’ Never surprise users. tweets for a user, or actions like unfollow should be user initiated Don’t resyndicate data. don’t take twitter data and expose it via an API, or post it to other cloud services. Avoid spammy automation. Be sure to thoroughly read Automation Rules. Respect a user’s privacy and sharing settings. Don’t facilitate or encourage the publishing of private or confidential information. Don’t try to circumvent rate limits. Make sure there is a clear separation and distinction between advertisements and Twitter content. Register one API key for your application. Don’t use a single API key for multiple use cases Don’t register multiple keys for the same use case.
Why is Tweetbot for Mac
$20?“Because of Twitter’s recent enforcement of token limits, we only have a limited number of tokens available for Tweetbot for Mac. These tokens dictate how many users Tweetbot for Mac can have. The app’s limit is separate from, but muchsmaller than, the limit for Tweetbot for iOS. Oncewe use up the tokens granted to us by Twitter, wewill no longer be able to sell the app to new users.Tapbots will continue to support Tweetbot for Mac for existing customers at that time.”
“Exporting Twitter Content IFTTT
CEO Linden Tibbets: • In recent weeks, Twitter announced policy to a datastore as a service changes that will affect how applications and or other cloud based users like yourself can interact with Twitter’s data. As a result of these changes, Recipes service, however, is not using Twitter Actions and your ability to post new tweets via IFTTT will continue to work permitted.” just fine. All Twitter Triggers, disabled No ability to push tweets to places like email, Evernote Matthew Panzarino, TNW and Facebook • At this point, any third party developer using All Personal and Shared Twitter’s platform for their product should Recipes using a Twitter probably take a very hard look at the capabilities of their apps. If there’s any Trigger will also be removed. chance that they might overlap with Twitter’s desire to be the only way that people read tweets…it might be time to get out. http://tnw.to/d0Axs via @thenextweb
More or less a
reaction to the changes in Twitter philosophy, developer rules and terms of service We are selling our product, NOT our users You own your content Our financial incentives are aligned with members and developers App.net employees spend 100% of their time improving our services for you, not advertisers We are operating a sustainable, predictable business We respect and value our developer community Our most valuable asset is your trust
Twitter’s restrictions on how
developers’ access its platform are inevitable but don’t mean the demise of third party apps and services Some rework may be required because of Twitter’s intentions Design apps to operate in order not to violate Twitter’s policies Some of Twitter’s changes could be perceived as an attempt to drive traffic from third party services to Twitter’s own website and apps, driving sponsored content “developers should not build client apps that mimic or reproduce the mainstream Twitter consumer client experience” - Twitter CEO Dick Costolo Twitter is mainstream now. It’s a totally different animal to what it was three years ago Some of the developers who are more independent minded perhaps hanker after a return to that, but it’s not coming back