Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Twitter API & OAuth 101 TVUG October 2009

4,536 views

Published on

Published in: Technology
  • Be the first to comment

Twitter API & OAuth 101 TVUG October 2009

  1. 1. Twitter & OAuth 101<br />What’s this twit all about?<br />Andy Badera (@andrewbadera)<br />andrew@badera.us<br />http://blog.badera.us/<br />TVUG October 2009<br />
  2. 2. Background<br />
  3. 3. The Numbers<br />79.7M users as of October 4th (all inclusive; ~50M “official”)<br />$153M in funding as of end of September<br />28,000+ applications<br />30,000+ developers<br />$23M+ invested in third party app startups<br />
  4. 4. Growth April 2008-2009<br />Via TechCrunch<br />
  5. 5. APIs<br />REST API<br />Search API<br />Streaming API<br />
  6. 6. REST API<br />api.twitter.com<br />Returns: XML, JSON, RSS, ATOM<br />Read timelines<br />Send tweets<br />Read/send Direct Messages<br />
  7. 7. Search API<br />http://search.twitter.com/<br />Returns: JSON, ATOM<br />Trends<br />Terms (“from:andrewbadera”)<br />Geolocation (“near:albany within:5miles”)<br />
  8. 8. New Stuff<br />Geolocation (improved)<br />Group Lists<br />Retweet API<br />Address Book<br />Apple Push<br />Search API cleanup<br />
  9. 9. Fab Four<br />
  10. 10. Platform Team?<br />
  11. 11. Trademark Controversy<br />
  12. 12. What’s safe to use?<br />Avoid “Twitter”<br />Avoid bird graphics<br />Avoid similar UI<br />Biz sez: “Use ‘tweet.’”<br />
  13. 13. Goals<br />Register a new OAuth application<br />Retrieve timelines<br />Send Tweets<br />Send/Receive Direct Messages<br />Query Search API<br />
  14. 14. .NET & Twitter<br />Expect-100 Continue (HttpWebRequest) Request.ServicePoint.Expect100Continue = false;<br />302 Redirects if ( response.StatusCode == HttpStatusCode.Redirect ) { this.Url = new Uri( uri, response.Headers[&quot;Location&quot;] ).ToString(); this.CookieContainer.Add( response.Cookies ); }<br />64-bit IDs (ulong - Convert.ToUInt64(“”))<br />LinqToTwitterhttp://www.codeplex.com/LinqToTwitter<br />Tweetsharphttp://code.google.com/p/tweetsharp/<br />DotNetOpenAuthhttp://dotnetopenauth.net:8000/<br />
  15. 15. RateLimit<br />Ratelimit: 150 REST GETs/hour<br />X-RateLimit<br />X-RateLimit-Remaining<br />X-RateLimit<br />Whitelisted: 20000<br />
  16. 16. Whitelisting<br />http://twitter.com/help/request_whitelisting<br />Turnaround time<br />
  17. 17. In the beginning, HTTP Basic<br />HTTP Basic Authorization<br />Simple<br />Familiar<br />Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==<br />
  18. 18. Basic Auth Pulls a Fail Whale<br />
  19. 19. Downsides of HTTP Basic Auth<br />Base64(byte[] “username:password”)<br />Giving credentials away to third parties<br />Password change<br />Trust<br />Rate limit by application IP<br />
  20. 20. O-wot?<br />Secure API authorization<br />Blaine Cook (Twitter)<br />Chris Messina (Ma.gnolia)<br />Currently: OAuth 1.0A<br />OAuth.net<br />Shannon Whitley’s OAuthBase.cs<br />
  21. 21. How OAuth Works<br />Shared secret<br />Nonce<br />Timestamp<br />
  22. 22. OAuth & Twitter<br />Moves burden of ratelimit to user account<br />Read/write (typical)<br />Sign-in with Twitter<br />“Guns for cash” – one time auth<br />
  23. 23. Timelines<br />
  24. 24. That’s cool, but …<br />
  25. 25. Real-time Search<br />User-Agent!<br />
  26. 26. Common OAuth Gotchas<br />
  27. 27. Technical<br />Parameter sorting<br />Parameter URL encoding<br />Server clock<br />
  28. 28. Social<br />OAuth is not a panacea!<br />Use common sense!<br />
  29. 29. OAuth Best Practice<br />“As with OpenID, OAuth is difficult to implement correctly and securely.  Pick a good, dependable library to take a dependency on instead.”<br /> --Andrew Arnott<br />DotNetOpenAuth Author<br /> via email<br />
  30. 30. Q&A<br />Thanks for your time.<br />Any questions?<br />
  31. 31. Drinks!<br />JJ Rafferty’s<br />Route 9<br />North of Latham Traffic Circle on right<br />Next to Price Chopper parking lot<br />Across from Red Robin<br />
  32. 32. Bibliography<br />Alex Payne slideshare presentation: “Twitter API 2.0”, http://www.slideshare.net/al3x/twitter-api-20<br />Mashable: “Twitter’s Value: 5 Eye-popping Stats”, http://mashable.com/2009/10/04/twitter-stats/<br />Biz Stone blog entry: “May the Tweets Be With You” http://blog.twitter.com/2009/07/may-tweets-be-with-you.html<br />
  33. 33. Resources<br />Twitter API docs http://apiwiki.twitter.com/<br />Twitter Dev list http://groups.google.com/group/twitter-development-talk<br />API blog http://apiblog.twitter.com/ (not well updated)<br />@andrewbadera (http://twitter.com/andrewbadera)<br />http://blog.badera.us/<br />andrew@badera.us<br />

×