Twitter API has new third party sign-on method

Twitter has nearly finished migrating to a new authentication protocol, called OAuth

Users of obscure third-party Twitter applications may be surprised to find that their apps no longer work, if the app creators of those apps haven't been keeping up with changes in the Twitter API (application programming interface).

Microblogging service Twitter is in the final stages of migrating its sign-on service for third party applications to a different of authentication protocol, called OAuth.

Users logging through the Twitter Web site will not notice the difference, nor should users of third-party apps that have already made the switchover, including many popular ones such as TweetDeck, Twitterrific, Seesmic, and Twitter for Android. But if the app hasn't been updated in a while, and still requires a Twitter user name and password, then it will probably stop working correctly.

Over the past month, Twitter has periodically lowered the number of data requests that apps could make to Twitter each hour, as a way of weaning third-party application developers from the old authentication procedure, called Basic Auth. As of 8 AM Pacific time, Tuesday, Twitter will reject any requests from third-party applications that use Basic Auth.

"Basic Auth for Twitter is almost history. Rate limits are down to 15 requests/hour, and will be 0 by tomorrow," wrote Twitter creative director Doug Bowman in a short post on the Twitter site Monday. The rate limit for OAuth is 350 requests per hour.

Twitter announced the switchover last December, though it pushed back its deadline for the switch from the end of June to the end of August.

On a page explaining the reasons behind the change, Twitter gave several reasons that OAuth is superior to Basic Auth. The new protocol won't ask users to provide the password directly to third-party sites. It makes spoofing of applications more difficult. It will help Twitter fight spam, and it paves the way for more trusted services.

When a user signs onto a third-party application with OAuth, the app itself doesn't get access to the user name and password. Instead, Twitter itself will provide a sign-in module, which in turn provides a key to the application provider should the log-in succeed.

With this approach, users don't have to supply passwords to each third-party application, and won't have to manage multiple passwords for multiple services (though the Twitter help page on this topic notes that some third-party services, such as desktop applications or mobile apps for submitting messages will still require passwords).

To what extent third-party application builders have gotten the message about OAuth is unclear. As of earlier this week, some were still surprised at the lowered rate limit.

Others, however, got an early start.

"Despite a few early hurdles, I'm very glad I made the switch to OAuth early," said Dean Robinson, creator of the Hahlo mobile Twitter client. Robinson took the requirement as an opportunity to do a major revision of his software, fixing a number of other issues as well. Those using version 3 of Hahlo will now have to upgrade to the new version, version 4. He noted that the documentation that Twitter supplied was fairly straightforward.

"The support and knowledge about OAuth, in particular in the official [development] group, is significantly better than ... when I was trying to implement the changes. I'd be really surprised if anyone has had major issues in making the transition recently," Robinson said.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitysocial mediaMicrosoftinternettwittersocial networkingInternet-based applications and servicesAccess control and authentication

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joab Jackson

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?