The changes will purportedly be made to "deliver a consistent Twitter experience" and to prevent malicious use of the API, and will include:
- the requirement for every request to the API to be authenticated via OAuth
- a new per-endpoint rate limiting on the API, that will allow 60 calls per hour per-endpoint for most individual API endpoints, and up to 720 calls per hour for high-volume endpoints related to Tweet display, profile display, user lookup and user search
- Tweet Display Guidelines have now become Display Requirements, and will also be introduced for mobile applications
- pre-installed client applications will have to be certified by Twitter
- developers building a Twitter client application that is accessing the home timeline, account settings or direct messages API endpoints or are using our User Streams product will need Twitter's permission if their application will require more than 100,000 individual user tokens. The developers of those apps that already use those endpoints and are currently over those token limits, will be able to maintain and add new users to your application until they reach 200% of your current user token count. "Once you reach 200% of your current user token count, you'll be able to maintain your application to serve your users, but you will not be able to add additional users without our permission," says Michael Sippey, Twitter’s Director of Consumer Products.
Many developers have already piped up to point out that Twitter has basically set up a lot of new rules, the breaking of which almost always results in the revocation of their application key.
As Instagram creator Marco Arment has pointed out in a blog post, Twitter has left themselves a lot of wiggle-room with the rules.
"Effectively, Twitter can decide your app is breaking a (potentially vague) rule at any time, or they can add a new rule that your app inadvertently breaks, and revoke your API access at any time. Of course, they’ve always had this power. But now we know that they’ll use it in ways that we really don’t agree with.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.