twitter api & oauth 101 tvug october 2009
TRANSCRIPT
![Page 1: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/1.jpg)
Twitter & OAuth 101What’s this twit all about?
Andy Badera (@andrewbadera)[email protected]
http://blog.badera.us/TVUG October 2009
![Page 2: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/2.jpg)
Background
![Page 3: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/3.jpg)
The Numbers
79.7M users as of October 4th (all inclusive; ~50M “official”)
$153M in funding as of end of September
28,000+ applications
30,000+ developers
$23M+ invested in third party app startups
![Page 4: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/4.jpg)
Growth April 2008-2009
Via TechCrunch
![Page 5: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/5.jpg)
APIs
REST API
Search API
Streaming API
![Page 6: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/6.jpg)
REST API
api.twitter.com
Returns: XML, JSON, RSS, ATOM
Read timelines
Send tweets
Read/send Direct Messages
![Page 7: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/7.jpg)
Search API
http://search.twitter.com/
Returns: JSON, ATOM
Trends
Terms (“from:andrewbadera”)
Geolocation (“near:albany within:5miles”)
![Page 8: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/8.jpg)
New Stuff
Geolocation (improved)
Group Lists
Retweet API
Address Book
Apple Push
Search API cleanup
![Page 9: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/9.jpg)
Fab Four
![Page 10: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/10.jpg)
Platform Team?
![Page 11: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/11.jpg)
Trademark Controversy
![Page 12: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/12.jpg)
What’s safe to use?
Avoid “Twitter”
Avoid bird graphics
Avoid similar UI
Biz sez: “Use ‘tweet.’”
![Page 13: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/13.jpg)
Goals
Register a new OAuth application
Retrieve timelines
Send Tweets
Send/Receive Direct Messages
Query Search API
![Page 14: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/14.jpg)
.NET & Twitter
Expect-100 Continue (HttpWebRequest) Request.ServicePoint.Expect100Continue = false;
302 Redirects if ( response.StatusCode == HttpStatusCode.Redirect ) { this.Url = new Uri( uri, response.Headers["Location"] ).ToString(); this.CookieContainer.Add( response.Cookies ); }
64-bit IDs (ulong - Convert.ToUInt64(“”))
LinqToTwitter http://www.codeplex.com/LinqToTwitter
Tweetsharp http://code.google.com/p/tweetsharp/
DotNetOpenAuth http://dotnetopenauth.net:8000/
![Page 15: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/15.jpg)
RateLimit
Ratelimit: 150 REST GETs/hour
X-RateLimitX-RateLimit-RemainingX-RateLimit
Whitelisted: 20000
![Page 16: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/16.jpg)
Whitelisting
http://twitter.com/help/request_whitelisting
Turnaround time
![Page 17: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/17.jpg)
In the beginning, HTTP Basic
HTTP Basic Authorization
Simple
Familiar
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
![Page 18: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/18.jpg)
Basic Auth Pulls a Fail Whale
![Page 19: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/19.jpg)
Downsides of HTTP Basic Auth
Base64(byte[] “username:password”)
Giving credentials away to third parties
Password change
Trust
Rate limit by application IP
![Page 20: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/20.jpg)
O-wot?
Secure API authorization
Blaine Cook (Twitter)
Chris Messina (Ma.gnolia)
Currently: OAuth 1.0A
OAuth.net
Shannon Whitley’s OAuthBase.cs
![Page 21: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/21.jpg)
How OAuth Works
Shared secret
Nonce
Timestamp
![Page 22: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/22.jpg)
OAuth & Twitter
Moves burden of ratelimit to user account
Read/write (typical)
Sign-in with Twitter
“Guns for cash” – one time auth
![Page 23: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/23.jpg)
Timelines
![Page 24: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/24.jpg)
That’s cool, but …
![Page 25: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/25.jpg)
Real-time Search
User-Agent!
![Page 26: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/26.jpg)
Common OAuth Gotchas
![Page 27: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/27.jpg)
Technical
Parameter sorting
Parameter URL encoding
Server clock
![Page 28: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/28.jpg)
Social
OAuth is not a panacea!
Use common sense!
![Page 29: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/29.jpg)
OAuth Best Practice
“As with OpenID, OAuth is difficult to implement correctly and securely. Pick a good, dependable library to take a dependency on instead.”
--Andrew ArnottDotNetOpenAuth Authorvia email
![Page 30: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/30.jpg)
Q&A
Thanks for your time.
Any questions?
![Page 31: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/31.jpg)
Drinks!
JJ Rafferty’s
Route 9
North of Latham Traffic Circle on right
Next to Price Chopper parking lot
Across from Red Robin
![Page 32: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/32.jpg)
Bibliography
Alex Payne slideshare presentation: “Twitter API 2.0”, http://www.slideshare.net/al3x/twitter-api-20
Mashable: “Twitter’s Value: 5 Eye-popping Stats”, http://mashable.com/2009/10/04/twitter-stats/
Biz Stone blog entry: “May the Tweets Be With You” http://blog.twitter.com/2009/07/may-tweets-be-with-you.html
![Page 33: Twitter API & OAuth 101 TVUG October 2009](https://reader034.vdocuments.mx/reader034/viewer/2022042700/555a87b9d8b42abb628b4f5c/html5/thumbnails/33.jpg)
Resources
Twitter API docs http://apiwiki.twitter.com/
Twitter Dev list http://groups.google.com/group/twitter-development-talk
API blog http://apiblog.twitter.com/ (not well updated)
@andrewbadera (http://twitter.com/andrewbadera)
http://blog.badera.us/