--
Alex Payne - API Lead, Twitter, Inc.
http://twitter.com/al3x
I can no longer get the user timeline without a) asking them for a
username and b) using a proxy account.
It is unfortunate again because I have created www.twollo.com which
requires a users username and password and I have been hoping to move
away from that, and now www.itsabot.com no longer has the
interactivity it once had.
I will have to work around it but it just won't be as good and I am
not to pleased because I have 4 more projects in the pipeline that I
am putting on ice.
Regards,
Paul
From an API point of view for itsabot I need to be able to detect the
current twitter user, whilst the rest of the functionality is accessed
through a proxy using my account and auth details.
I think that it would be good if http referrers to the api could be
whitelisted so that the request could be authenticated but only from
sites approved by twitter.
If there were a referral Whitelist it could be used to reduce the
number of proxy calls I need to make and could also be used to reduce
the chance that people use my proxy for nefareous means.
The good thing about cookies for GET requests is that I don't need to
ask twitter users for any of their details.
From a twollo point of view, several thousand users have used their
password details on the service, now I have to manage and secure this
so that it can auto follow on their behalf. In light of recent
incidents by other services (although it hasn't deterred users of
twollo) I would like to see methods where users can trust my
application to add followers, for instance, without the need for their
twitter details.
Kind regards,
Paul Kinlan