I used to display a customized twitter feed on one of my clients sites using API v1. I got the JSON file using http://api.twitter.com/1/statuses/user_timeline/username.json and then parsed it. Now that twitter has switched to API v1.1 I am using this https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=my_screen_name and I get the error: {"errors":[{"message":"Bad Authentication data","code":215}]} due to the fact that I am not authenticated to make such a request. I have been looking through the documentation to no avail, any help figuring out how to use OAuth to authenticate my requests would be greatly appreciated!
Related
does anyone know if the new Google's Firebase can post tweets to Twitter?
I checked Google's Firebase website and it mentions that users can authenticate using their services. Once this authentication and authorization is done, I should have the required keys to access Twitter's API.
However, I was wondering if the Google's Firebase (Android SDK), can post tweets using one of its classes or methods automatically (without having to send an independent REST request from the Android app).
There is no API in Firebase that posts to Twitter.
But you can get the access token when the user signs in and use that to post to twitter in your own code. For more info, see https://firebase.google.com/support/guides/firebase-web#get_the_access_token_numbered
According to
firebase.auth.TwitterAuthProvider one can store the access token and secret to access the twitter APIs. Though Get the access token there is an explicit warning of Twitter API not directly invokable! The authdata structure will return everything needed for the twitter API. And then you need to use Android OAuth2 to set the proper parameters with the different Twitter APIs.
I have had a search around stackoverflow, but was unable to find an answer to my question, so I thought I'd ask.
I'm currently working on an iOS app where I would like to get a feed of a public timeline without the user of the app being required to have a twitter account.
I am successfully able to do this using twitters v1.0 of the API and all works perfectly. Simply making a request to http://api.twitter.com/1/statuses/user_timeline.json?screen_name=username retrieves all the information that I require.
However, since v1.0 has been deprecated and V1.1 requires authentication for each request, I get a bad authorization error using this API. Having looked at the Twitter documentation and how to generate OAuth request headers, I don't fully understand the "Getting a signing key" section of the documentation in the link below. (this is my first time working with Twitter's API and OAuth, I'm trying to gain a good understanding, before I start the implementation)
https://dev.twitter.com/docs/auth/creating-signature
As I understand it, the consumer secret can be found when logging into twitter.com/apps but I'm not sure where I would get the "OAuth Token Secret" in order to generate a valid signing key.
Since this is an iOS app, I know I could use the TWRequest class, but to my understanding, this would require the user to have twitter setup on their device.
I hope the above makes sense and any help would be appreciated.
Thanks
If you go to the Twitter application you have set up https://dev.twitter.com/apps
You should see your Access token secret under the heading Your access token. If you don't see this then you probably haven't generated an access token yet.
I am writing a custom API for twitter which will be used in Twitter for iPhone. what's the response my third-party API gives to twitter can make twitter think the user is logged in.
I know the twitter for iPhone auth step is using XAuth to /oauth/access_token, when it is set my API, I will gives the response 'oauth_token=191074378-1GWuHmFyyKQUKWV6sR6EEzSCdLGnhqyZFBqLagHp&oauth_token_secret=NpCkpRRC5hGEtikMLnQ2eEcEZ0SIVF5Hb2ZgIwmYgdA&user_id=191074378&screen_name=oauth_test_exec&x_auth_expires=0' directly to twitter for iPhone. but twitter tells me server intern error rather than a correct response. what is the incorrect part ?
Now that you have revealed your OAuth tokens anyone can copy them and use them to violate the Twitter TOS. You should go to dev.twitter.com and reset your OAuth tokens immediately. This is why it is called and OAuth Secret.
I'm developing a mobile app that will interact with a rails app that's essentialy a json api. Is it possible to use an external identity provider such as facebook or googleplus to secure the access to my API?
Users will upload a photo to a json rest service but the rails app would only allow the upload if the uses is authenticated with one of those providers.
I've checked omniauth gem but I don't know if that's the path to do it. I don't understand very well how oauth works so I'm trying to know if this would be possible to do.
Regards
Fak
The answer, in part depends on how you're going to provide Identity via the mobile app. The user's authentication, and their identity are de-coupled.
My guess is you're wanting the user to authenticate to the mobile app using the Google/Facebook sdk app side. To do so, you'll need to use that sdk to generate a token, which can then be saved to Rails. The token can then be required as part of each API request - which rails will validate.
The topic is a bit complex to fully describe the flow....but in essence: 1) Create the token on the mobile app using the mobile sdk, 2) save the user and token to Rails/database, 3) as part of every request check the access_token provided.
Since the topic of Oauth and request/identity providers takes some time to understand, I would first watch he following railscasts on securing an API. Once you're done with that one (and understand the concept), you can also watch this railscast.
Hope this helps.
The twitter api keeps refusing my credentials, no matter what shared library I use. Is there any reason for this?
Twitter no longer allows BASIC AUTHENTICATION on its API. You need to do OAUTH authentication. This is most likely the problem you are having. If you need further help, you need to post some code, what library you are using, and exactly what part of the API you are trying to access.