I am whitelisted in Twitter, and I have this "traffic heavy" application that just makes 2 request to find out how many users 2 people have.... the traffic currently is killing the 150 request limit per hour.
How do I authenticate my requests so that twitter knows I am whitelisted?
http://api.twitter.com/1/users/show.xml?screen_name=chavezcandanga
http://api.twitter.com/1/users/show.xml?screen_name=luischataing
I wish to authenticate those for this simple project http://250mil.com
Thanks!
See how to authenticate on the Twitter API Documentation, it explains every method available to authenticate and how to issue such authentication requests.
Related
Currently working on a service desk application that allows service desk users on our system to see more than they currently can on Jira. What i'm wanting to do is allow them to be able to comment on tickets and possibly add further tickets. I am currently doing this through basic auth, with a 3 legged auth I have made, that uses a jira account to pull tickets for them to see, and then their login to authenticate and then be able to comment on tickets. My issue is that I am having to re-authenticate each time, meaning i have to store the password in a static string somewhere after they have entered it to initially login. I have looked at the api documentation and as far as i can work out Oauth 2.0 is not an option (believe i read that its not supported for customer support desk users), and i cannot get api keys easily for them (if at all) as I would need system admin to generate api keys for all users and then it would be difficult to code.
Storing user password seems wrong, even as a char array. Any help would be massively appreciated!
Storing passwords in active session is not the best method, but it does the Job.
In our application we applied the following:
When user is authenticated the first time Jira sends back a response with a cookie that may look like this:
JSESSIONID=6AD97CC4450456CD968B22F7201220A7; atlassian.xsrf.token=BWP3-NZB2-6EDY-6C7K_d3ec7ed6f227879ac4cf6aee83f28e085e49227b_lin
We stored the user's cookie in their session and we use it every time we send a API request to Jira rest api on their behalf
As cookie is a valid authentication method for Jira service desk api.
Authentication
The JIRA Service Desk REST API uses the same authentication methods as
JIRA. The preferred authentication methods are OAuth and HTTP Basic
Auth (when using SSL). Other supported methods include: HTTP Cookies
and Trusted Applications.
Authentication in Jira Service-desk rest
Proof of Concept
Using postman, send an authenticated request to Jira using basic auth
After getting a 200 response, alter the Authorization in postman and change it from Basic Auth to No Auth and retry the same request.
You should be able to see the same result and if you expand the request headers, you'll find that postman has injected the cookie that was retrieved from the first basic auth request
Hope this helps.
I have recently implemented Microsoft OAuth2 to retrieve data from the Graph API (and more). Now I wan't to integrate with some of the social functions in the Yammer API but I can't find any info whether this is possible.
It seems unnecessary for me to have to force the user to auth against two different OAuth endpoints when judging from Yammer Embed, the Microsoft SSO is enough to authenticate in (Microsoft-owned!) Yammer as well.
Maybe I'm just not understanding OAuth enough, but it does mean that I will have to authenticate first against MS OAuth2, then to Yammer OAuth2.
EDIT: Just after I posted this, I found the "Yammer impersonation" page which I missed earlier: https://developer.yammer.com/docs/impersonation
It is very short on details, is this a viable way to avoid the user actively having to sign in to Yammer?
We have a paid Microsoft service including most applications, btw.
Further EDIT: I mainly want to use the API to get some statistics on nr of likes on a post etc., not really any personal info at this point.
If you register your app with AzureAD you can require scopes for the Graph API and the Yammer API at the same time. There will be then only one OAuth flow and one consent screen.
I am trying to set up a cache service and take use of the streaming api of Twitter. It confuses me, since this is a server-to-server use, why do I still need to use an access_token when no user are involved in the process, only the application?
So Twitter can have information on how are their API and services being used. Also, to prevent DoS and other kind of attacks
I'm trying to use OAuth with .NET (DotNetOpenAuth) to send updates to a Twitter account via a web application. I understand the basic workflow of OAuth and Twitter.
Where I'm confused if is it useful in a server web application? I don't want any user interaction.
But how it seems after an application start, the request token needs to be recreated and also an access token. This involves user interaction.
What is the correct workflow for my case?
Storing the request token or access token in config file?
Or the easist way, using HTTP basic authentication?
Thanks
If I understand you correctly your application will not be interacting with Twitter on behalf of your users but will be acting as the Twitter account for your application.
In this case there are 2 main factors to consider.
1) Do you want "from API" attached to each status as will be if you use basic auth or your applications name will happen if you use OAuth.
2) Do you want to put in the extra effort to implement OAuth.
If you decide to go with OAuth you would store your apps consumer key/secret and the accounts access token in configuration just like you would store the accounts screenname/password.
Your "request token needs to be recreated" phrase suggests you might be running into the problem where every time your user visits you need to re-authorize to Twitter, and perhaps you're looking for a way to access the user's Twitter account while he's not at your web site, and how can you do this when their token isn't fresh from being re-authorized. Is that right?
If so, the user isn't supposed to have to re-authorize Twitter every time they visit your site. The token is supposed to last a long time, which would also allow your site to access their Twitter account when they are not directly interacting with your web site. The problem may be that you haven't implemented the IConsumerTokenManager interface, but are instead using the default InMemoryTokenManager, which is for sample use only, since this memory-only token manager loses tokens every time the web app is restarted. Your own implementation of this simple interface should store and read the tokens out of some persistent storage such as a database.
Greetings!
I have some troubles enabling OAuth authentication for my web
application running on Ruby on Rails. I am using authlogic and
authlogic_oauth and that is, in the end, using OAuth gem and therefore
I decided to ask here. So shortly:
I succesfully "register" (i.e. obtain the first Access Token for the
user) but then, whenever I try to "login", I receive a differenct
access token for the same Google Account, the Authlogic-oauth plugin
fails to find the user and the login crashes. Maybe I don't understand
it right but is not the AT supposed to be the same every time. And can
it be a problem that I am accessing Google from http://localhost even
though the Customer keys are for different domain?
anyway, thanks for any reply ... I spend already 2 days with that
issue and debugging doesn't seems to lead me anywhere
Jakub
PS: I sent that question on Google Group oauth-ruby - sorry to anyone reading both channels
The AT is supposed to be different every time. OAuth is not an authentication protocol, it is an authorization delegation protocol. Try using OpenID instead: http://code.google.com/apis/accounts/docs/OpenID.html
Twitter does not give out different tokens which allows OAuth to be used as an authentication mechanism. LinkedIn doesn't do that meaning you may only use OAuth as an authorization protocol (which is what it was intended to do).
However, there is a useful API for pulling in data from LinkedIn. Of particular interest could be the Profile API.