Twitter Changes API, Fails to Notify Developers
SocialToo founder Jesse Stay has alerted us (and the rest of his blog readers) to certain Twitter API changes that may be detrimental to many developers.
Stay's main beef with the changes is that no one was notified of these changes (to verify_credentials(), incidentally). Stay further reported that an email response from a Twitter rep stated that the company "assumed (apparently incorrectly) that people were only using this method occasionally."
The change in the API limits the number of username/password verifications to 15 per hour. According to the afore-linked developer wiki, "Because this method can be a vector for a brute force dictionary attack to determine a user's password, it is limited to 15 requests per 60 minute period (starting from your first request)." The wiki language was changed June 29.
Granted, Twitter has had a bit of a media tsunami on its hands lately, but we still must note that no official announcement has been made about the API changes. This seems to be the case with other API changes, as well. For example, earlier this month, API request limits were increased from 100 to 150, as several blogs and end users noted at that time. No official announcement was made; the information was confirmed, as with this most recent change, through an update to the API wiki.
Although the company is usually tight-lipped, do you think developers whose apps and livelihoods rely on the service and the API deserve a dedicated blog? Google Code is a great resource that acknowledges the ecosystem of apps built around that company's APIs.
Even if Twitter can't afford to support developers with resources of a Googlesque stature, we do tend to feel that developers who rely on the API deserve advance warning of certain changes, even ones the company might consider minor. As it stands, app developers are subjected to a string of pleasant surprises followed by sucker punches.
Share
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
I was made painfully aware of the unpublicized API change yesterday. Long story, but suffice it to say it sucked.
Twitter stated that it wants to be the "heartbeat of the world". If that's the case they REALLY need to maintain a strong, open communication channel with the development community. Huge fail, Twitter!
So Twitter is in bad need of an experienced person to instill some lightweight but highly efficient process into the way it operates... What's new?
In addition to the reported changes I noticed that the 60 seconds time limit to refresh the Public Timeline via the API is gone!!
Well no wonder I've been having trouble debugging my app lately. Ugh, you'd think that for a whitelisted account things like this wouldn't be an issue ...
Thanks for that. And thanks for every comment, Digg, tweet, stumble and Delicious-ifying. I hope that you'll keep reading them in the year to come... and that you'll enjoy them as much as I enjoy drawing them.
So Twitter is in bad need of an experienced person to instill some lightweight but highly efficient process into the way it operates... What's new?
Thanks, Biz! Ah, the hours and days of blogger outages with no announcements or support... How well I remember them!
As an FYI, there is a dedicated blog for the API - http://apiblog.twitter.com/
And a mailing list to announce new changes.
However, this was not posted to the mailing list. Not only that, but Twitter recommends using this method for OAuth-enabled applications. Can't imagine why they would think it's under-utilized...
This change would be reasonable, though, if it was a limit per-user - that's not clear from the docs but it doesn't sound like that's the case from Jesse.