1: When it says 15 requests per 15 minute window, does this really mean I can only send 15 requests per 15 minutes?
2: Do I really need to set up a Twitter bot to send basic requests like getting a list of a user's followers? Is there a way to get the data through a URL, like in most web APIs? I'm making software that will be used by other people, so it can't have a bot auth token in the code.
I know I'm pretty much asking if what it blatantly says is true, but I'm just having trouble believing that the Twitter API is really this bad.
It sounds like you are specifically asking about the friends and followers endpoints. Yes, this is limited to 15 requests in a 15 minute window. Other endpoints / features have different rate limits.
The Twitter API requires authentication. You do not need to set up a "bot", but you will need a registered Twitter developer account, and a Twitter app, in order to use the API. If your app will be used by other people, you would need to implement Sign-in with Twitter to enable them to authenticate with your app; you can then store their access token (until or unless they revoke it) to make requests on their behalf. This is pretty standard for any multi-user web app.
Related
The question seems duplicated, yet it's not. The question seems silly and it is. If I want to search for a certain word in tweets, I would send a request to the Twitter API. I can send the request:
Using user authentication: which requires logged in user.
Using application authentication: which doesn't require a logged in user and uses an application ID (public and private keys).
Now, Facebook, Twitter and other social networks for that matter provides API Rate Limit per user and per application (globally). Suppose that I want to search for the word "stackoverflow" from two application instances (one on iOS and the other on Android). Is the API limit divided on both of them? or each has its own full limit?
For example, assume that social network "X" provides up to 150 requests/app/15 min window. Do I have that 150 requests for each running instance of the application or I have a total of 150 requests for all instances?
Hope I made it clear enough.
Found the answer here: Question about app-only auth and rate limits for an iOS app in API v1.1
The number of users or "instances of use" of your application are not figured in to rate limits for app-only auth. A method with a limit of 180 requests per 15 minute window is intrinsic to your application, regardless of whether it's on device A, device B, device C, website 1, website 2.
I currently have a bunch of apps that go and make simple anonymous calls to the twitter API, and grab several differing timelines. Obviously, twitter is changing things up with 1.1, and is demanding authenticated calls using oauth. Does that mean each of my users need a token (their own account) to do call, or do I need one app token for all of them? Should I be using the twitter api included with iOS 5? Note: These are not the user's timeline...just several news feeds on twitter. Am a bit confused. Any pointers would be appreciated.
This is a good question, I struggled with this myself.
You can use Twitter API client via PHP and then json_encode the user timeline you want and parse it. This is not the best practice, but is a work around I had to do for an app on which I wanted to only display tweets no other action was need, like getting links, retweets, etc.
hope this serves.
Let's say I am making a sign up form in which I asked user's twitter ID. How do I verify if the ID entered by user belongs to him/her? In case of verifying email we simply send a verification link which user has to click so how do I verify twitter ID? I have never used twitter before.
The only reliable and practical way to verify that twitter account X belongs to user Y this to do full on “3 legged” OAuth authentication. That being said, you may want to consider if you might be OK with just taking the user at their word on it.
Getting OAuth to work and securely storing the resulting tokens is much easier nowadays than it once was, but is still non-trivial.
Reasons to verify the twitter account, in increasing reasonableness:
You will be making enough server side requests, on behalf of multiple users, that you run up against Twitter’s API Rate Limiting. (Having multiple auth-tokens will allow for a higher API rate)
You need to automagically send tweets and/or follow accounts on the user’s behalf
N.B. do this as opt-in and be ultra clear about when/why you will be doing this, or you will face the justified fury of scorned users
Don’t verify the account if you’re looking to do these things:
You need to send tweets and/or follow accounts on the user’s behalf, and the user will be able to perform a browser based confirmation workflow for each of those actions; use Twitter’s Web Intents for this.
If you just want to pull in real time data for user’s avatar, bio, or recent Tweets Twitter supplies some prefab widgets for you.
All of the authenticated Twitter API Calls can be done client side with JavaScript. Twitter has a js framework, which does not require you to handle and store tokens on your server, to help you with that.
An alternate contact method for password resets, notifications, etc.
Private communication between users on twitter requires mutual following, many users probably never check their Direct Messages (or even know what a DM is), and any messages would be limited to 140 characters. Just use email for all that kind of nonsense.
If you’re just gathering this info to display it on a user’s profile page, in an “other places on the web” kind of way, integrating and maintaining all the server side OAuth pieces is likely too much bother. Just make sure you have a reasonable and clear TOS and an obvious way for 3rd parties to report any of your users who may be claiming a twitter account that is not their own.
If you’re still interested in OAuth, Twitter's Dev page has plenty of resources, including a nice overview of a generic “Sign In with Twitter” “3 legged” OAuth work flow.
I have a corporate website that I want to pull in tweets to, but i'm getting a rate limit using the http feed. So, I want to use an authenticated method to get the tweets.
Do I really have to register an application to do this, even though it's not really an application and my users will never be entering or changing the twitter account info.
Also, my corporate site doesn't have a public address, and registering an application through twitter appears to require a public url. So how can I get around this? Do I have to create a "fake" application with a public url, just to generate my keys?
Thanks for any help on this.
If your site is behind a proxy server along with all your users, using Javascript/jQuery won't help. All the requests will still be coming from the same IP and will hit a rate limit, as you're doing now.
The other issue is that you don't need to register an app to request a feed. Apps are only needed for Oauth, and getting a feed doesn't need that.
The best way to deal with this is to get the feed with a server script, store it on the server, and then deliver the server copy to the web pages. If you request the feed less than 150 times per hour, you won't have a limit problem.
If you want more than a single feed, you can use the streaming API to get all the tweets for up to 400 keywords or from up to 5,000 users. This still doesn't need a registered app, since the streaming API still allows Basic Auth.
Just wanted to post this for future reference and in case anyone else has the same question. The solution to my problem, was to register an application on twitter. But since I'm just using a single user, you don't have to do the regular OAuth steps of generating a request for a key, getting the response etc. Every app you register in twitter get's its own "Access Token" that you can use to retrieve tweets etc. So, this is what I ended up doing to solve the problem I was having.
Additional details: My main concern was having to do the OAuth steps of requesting an access code etc... Since my application is only a single user implementaion (just pulling in our company related tweets from company held twitter accounts), it just seemed unneccesary to have to do all of that. But what I found was that when you register an app on twitter, you get a private access token for each app. You can view a little information about that here: https://dev.twitter.com/pages/oauth_single_token.
It sounds like you are pulling the feed down over http on the server? You could just limit the updates so you don't hit the rate limit.
I would recommend instead doing this on the client side. There are a lot of very easy to use embeddable java script twitter clients out there. The rate limiting problem would dissapear as the feed would be coming from the desktop and not the server (unless they just kept refreshing it).
The Twitter developer wiki lists a few.
JQuery plugin for Twitter
Tweet (another JQuery plugin)
I have a little app that mines data on social networks and returns interesting results (e.g. the latest conversations around a certain topic). However, the front end requires that the users connects with the various services first via oauth, before these services' APIs can be scanned.
I would like this process to be automated on the server, so that a person using the app does not need to auth with Twitter, Fb, Linkedin in etc just to get results from those services. Is this possible?
No. This is not possible. The OAuth specification requires a user to first authenticate with the service and then authorize your application to request data on the user's behalf.
For twitter there is a hack: search, search, search! and 'connect' the tweets yourself :-)
This hack works for apps like http://jetwick.com