Twitter API outrage: Break our rules and we'll break app kneecaps
New limits on tweet software likened to North Korean regime
Twitter is tightening the rules for building applications that use its messaging platform, sparking outrage from twits and developers.
Director of consumer product Michael Sippey blogged about changes to version 1.1 of the Twitter software interface that gives the social networking site greater control over how and where tweets are published and re-published, and also a stronger grip on the look-and-feel of third-party Twitter apps.
The changes seem designed to make it easier for the blue birdy biz to manage its publishing system and cut costs by establishing greater consistency.
The new rules alter the number of API calls third-party apps can make from different “end points” – meaning a twit's devices or PCs running that application.
Under API 1.1, apps accessing just one individual “API endpoint” will have their number of authenticated requests limited to 60 calls per hour, down from the current 350 – regardless of the type of information that the application was requesting. Sippey snippily describes this as "well above the needs of most applications built against the Twitter API".
The Tweet-o-sphere has seized on this as a capping of limits, however apps which require multiple “high-volume endpoints" will have their call number bumped up to 720 per device per hour for calls related to tweet display, profile display, user look-up and user search – a move probably aimed at bigger businesses.
This will probably help consolidate Twitter further, because it increases the amount of calls to core pieces of data and display info.
Twitter’s getting tough on its Developer Guidelines, which now become Display Requirements. Highlights of the new requirements and – again on call volume – are that devs will need approval from Twitter if their apps make more than 100,000 individual authentication tokens for Twitter client apps. The authentication tokens are used to access the home timeline, account settings, direct message API end points or User Streams to pull data.
Twitter’s also capping growth for current applications at 100,000 tokens. Those that reach 200 per cent of their user token count won’t be allowed to grow further.
Every application request will need to be authenticated using OAuth. API 1.0 doesn't require secure authentication so it’s hard to see who's pulling data from Twitter.
Sippey wrote: “To prevent malicious use of the Twitter API and gain an understanding of what types of applications are accessing the API in order to evolve it to meet the needs of developers, it's important to have visibility into the activity on the Twitter API and the applications using the platform.”
The Twitter-client look and feel is also getting boxed in. Among the new rules is one that requires apps displaying tweets to link to the appropriate Twitter profile. Apps must also display all the usual Twitter actions – retweeet, reply and favorite.
Apps that don’t follow these display rules could have their application key snatched back by the Twitter police.
The changes have upset plenty, not only because of the thickly worded nature of Sippey’s blog post that many have struggled to interpret.
Among those annoyed are Aaron Levie, chief executive of Box, a cloud collaboration company. “Twitter’s API has more rules than North Korea,” he tweeted. Marco Arment, creator of Instapaper – an app that lets you keep book mark and read articles on computer, iPhone/iPad and Kindle, issued a retaliatory de-construction of the changes here. He also tweeted about what it means for his apps: “I suspect that I’ll have to remove Twitter from most of Instapaper’s 'Liked By Friends' functionality.”
No matter what the feeling, Twitter’s fellow travellers will have six months to move their app from the old to the new API once it’s introduced. ®
Sponsored: 2016 Cyberthreat defense report