Twitter announces API update, new rules for developers
Posted on 17 August 2012.
Bookmark and Share
Twitter has announced the upcoming release of the newest version of its API and a number of new and stricter rules that have left many developers of apps for its platform disgruntled.


The changes will purportedly be made to "deliver a consistent Twitter experience" and to prevent malicious use of the API, and will include:
  • the requirement for every request to the API to be authenticated via OAuth
  • a new per-endpoint rate limiting on the API, that will allow 60 calls per hour per-endpoint for most individual API endpoints, and up to 720 calls per hour for high-volume endpoints related to Tweet display, profile display, user lookup and user search
  • Tweet Display Guidelines have now become Display Requirements, and will also be introduced for mobile applications
  • pre-installed client applications will have to be certified by Twitter
  • developers building a Twitter client application that is accessing the home timeline, account settings or direct messages API endpoints or are using our User Streams product will need Twitter's permission if their application will require more than 100,000 individual user tokens. The developers of those apps that already use those endpoints and are currently over those token limits, will be able to maintain and add new users to your application until they reach 200% of your current user token count. "Once you reach 200% of your current user token count, you'll be able to maintain your application to serve your users, but you will not be able to add additional users without our permission," says Michael Sippey, Twitter’s Director of Consumer Products.
The deprecation of the previous API version begins immediately after the release of the new version, and developers will have six months to migrate applications from v1.0 to v1.1, implement OAuth and test their app's behavior against the new limiting policies.

Many developers have already piped up to point out that Twitter has basically set up a lot of new rules, the breaking of which almost always results in the revocation of their application key.

As Instagram creator Marco Arment has pointed out in a blog post, Twitter has left themselves a lot of wiggle-room with the rules.

"Effectively, Twitter can decide your app is breaking a (potentially vague) rule at any time, or they can add a new rule that your app inadvertently breaks, and revoke your API access at any time. Of course, they’ve always had this power. But now we know that they’ll use it in ways that we really don’t agree with.






Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //