About three and a half months ago, we mentioned that Twitter was going to pull the plug on their out of date API, which used very insecure authentication, in favour of switching to the newer OAuth system, which offers increased security for users by being able to control what applications can access information and post tweets from your account.
The time is getting ever closer to the “switchover”, with Twitter already preparing itself by performing short-lasted tests, to see how the switch will actually affect users. They plan to gradually reduce the usage of the older system, by slowly giving out error messages to any requests received until the end of August, when all requests will be blocked entirely.
As such, Twitter has released a timetable of how they expect things to go down, to make it easy for frustrated users to understand why their app choice doesn’t work for them:
- Basic Auth will be completely shut off on August 30th.
- Beginning Aug 17, basic auth rate limiting will decrease by 15 requests on each week day (10% drop per weekday)
- Aug 16, 8am Pacific – we’ll shut basic auth temporarily off for 10 minutes
- Aug 31, 5pm Pacific – we’ll shut basic auth temporarily for 10 minutes
- On August 30th, all basic auth requests will be served with a 401 HTTP status code.
For developers only just getting ready for the transition now, you may want to consider using XAuth, a similar interpretation to OAuth, except that it does not use the conventional “browser authentication”, and instead sends the PIN required for verification directly back to your application, allowing for a clean user interface for the user.
