I submitted two requests recently, just wonder how long the request process usually takes. And will I be notified if the requests get rejected?
~ Kudos
I heard back from them. In the email they mentioned I won't be granted access to One tap API until they have some additional user security in place and it may take a few months.
Related
Using Twilio Verify API to authenticate the user via SMS.
I do not want the user to keep doing the OTP process every time he opens the app - I want to keep him authenticated once he completed the OTP for the first time.
How do I do that - should I generate a token somehow after he logged in?
Appreciate any help.
Once you have authenticated the user you will want to store something that you can check to see whether they have authenticated. Normally this would be a token of some sort that can be used to access any remote services, but it doesn't have to be.
The answer marked as correct on this question is a good explanation of how to do this, but it should also be noted that storing a token in unencrypted storage is a potential security issue, so you should also pay attention to the highest voted answer with the links to secure storage libraries.
I am using Twilio's Verify API for authenticating my users through email and SMS by sending them an OTP.
So here are the observations and current situation.
SMS OTPs are almost instantly delivered
Email OTPs are sometimes instantly delivered and sometimes it takes 2 to 3 minutes.
There is no pattern in the slowness of Email OTPs
Talked to customer support but they failed to identify the root cause.
Has anyone else faced this type of peculiar issue while using Twilio's Verify API?
Thanks in Advance.
Robin
Just an update on how I solved this, since I feel it might be helpful for others (since no one answered it yet)
I talked to Twilio / Sendgrid support multiple times and we concluded that the slowness is due to one of the following reasons
There is a n/w delay on the system from which the API is being called. This can be debugged by loggin on to the sendgrid admin console and checking the time (and status) of each request
You might be using a free plan which limits your usage to 100 emails / day. Upgrade to essential plan that would assure a more reliable SLA. (My personal thought is that they are probably trying to move us into a paid subscription using diplomatic tactics. Anyways this again proves.. there is nothing like a free lunch)
If it is a problem with specific email addresses or providers, then it could be possible that the sender domain / address has been blacklisted or marked as spam.
In our case, we migrated to the essential plan and that solved our issue.
Thanks,
Robin
I'm using the Twitter/Social frameworks to build a small Twitter app. It's not really a client, but you can send tweets from it and do a handful of other things (like view followers).
My question is, am I subject to the 100,000 token user limit? I am using TWRequest to handle everything from posting tweets to pulling in followers/lists etc.
From what I can tell, the 100,000 user limit does not apply to this scenario (as I haven't needed to generate a token to access any of that functionality) and I'm not replicating twitters core functionality.
Any application that accesses the home timeline or direct message APIs consumers user tokens. However, your application seems to be for your own personal use. Therefore, you're not going to ever need 100,000 user tokens.
Let's say I am making a sign up form in which I asked user's twitter ID. How do I verify if the ID entered by user belongs to him/her? In case of verifying email we simply send a verification link which user has to click so how do I verify twitter ID? I have never used twitter before.
The only reliable and practical way to verify that twitter account X belongs to user Y this to do full on “3 legged” OAuth authentication. That being said, you may want to consider if you might be OK with just taking the user at their word on it.
Getting OAuth to work and securely storing the resulting tokens is much easier nowadays than it once was, but is still non-trivial.
Reasons to verify the twitter account, in increasing reasonableness:
You will be making enough server side requests, on behalf of multiple users, that you run up against Twitter’s API Rate Limiting. (Having multiple auth-tokens will allow for a higher API rate)
You need to automagically send tweets and/or follow accounts on the user’s behalf
N.B. do this as opt-in and be ultra clear about when/why you will be doing this, or you will face the justified fury of scorned users
Don’t verify the account if you’re looking to do these things:
You need to send tweets and/or follow accounts on the user’s behalf, and the user will be able to perform a browser based confirmation workflow for each of those actions; use Twitter’s Web Intents for this.
If you just want to pull in real time data for user’s avatar, bio, or recent Tweets Twitter supplies some prefab widgets for you.
All of the authenticated Twitter API Calls can be done client side with JavaScript. Twitter has a js framework, which does not require you to handle and store tokens on your server, to help you with that.
An alternate contact method for password resets, notifications, etc.
Private communication between users on twitter requires mutual following, many users probably never check their Direct Messages (or even know what a DM is), and any messages would be limited to 140 characters. Just use email for all that kind of nonsense.
If you’re just gathering this info to display it on a user’s profile page, in an “other places on the web” kind of way, integrating and maintaining all the server side OAuth pieces is likely too much bother. Just make sure you have a reasonable and clear TOS and an obvious way for 3rd parties to report any of your users who may be claiming a twitter account that is not their own.
If you’re still interested in OAuth, Twitter's Dev page has plenty of resources, including a nice overview of a generic “Sign In with Twitter” “3 legged” OAuth work flow.
I have a corporate website that I want to pull in tweets to, but i'm getting a rate limit using the http feed. So, I want to use an authenticated method to get the tweets.
Do I really have to register an application to do this, even though it's not really an application and my users will never be entering or changing the twitter account info.
Also, my corporate site doesn't have a public address, and registering an application through twitter appears to require a public url. So how can I get around this? Do I have to create a "fake" application with a public url, just to generate my keys?
Thanks for any help on this.
If your site is behind a proxy server along with all your users, using Javascript/jQuery won't help. All the requests will still be coming from the same IP and will hit a rate limit, as you're doing now.
The other issue is that you don't need to register an app to request a feed. Apps are only needed for Oauth, and getting a feed doesn't need that.
The best way to deal with this is to get the feed with a server script, store it on the server, and then deliver the server copy to the web pages. If you request the feed less than 150 times per hour, you won't have a limit problem.
If you want more than a single feed, you can use the streaming API to get all the tweets for up to 400 keywords or from up to 5,000 users. This still doesn't need a registered app, since the streaming API still allows Basic Auth.
Just wanted to post this for future reference and in case anyone else has the same question. The solution to my problem, was to register an application on twitter. But since I'm just using a single user, you don't have to do the regular OAuth steps of generating a request for a key, getting the response etc. Every app you register in twitter get's its own "Access Token" that you can use to retrieve tweets etc. So, this is what I ended up doing to solve the problem I was having.
Additional details: My main concern was having to do the OAuth steps of requesting an access code etc... Since my application is only a single user implementaion (just pulling in our company related tweets from company held twitter accounts), it just seemed unneccesary to have to do all of that. But what I found was that when you register an app on twitter, you get a private access token for each app. You can view a little information about that here: https://dev.twitter.com/pages/oauth_single_token.
It sounds like you are pulling the feed down over http on the server? You could just limit the updates so you don't hit the rate limit.
I would recommend instead doing this on the client side. There are a lot of very easy to use embeddable java script twitter clients out there. The rate limiting problem would dissapear as the feed would be coming from the desktop and not the server (unless they just kept refreshing it).
The Twitter developer wiki lists a few.
JQuery plugin for Twitter
Tweet (another JQuery plugin)