I understand that the Twitter API documentation is fairly substantial, but I was wondering if there is simple way to access Twitter API which is similar to Facebook's API?
For instance, we can access facebook's APi as follows:
https://graph.facebook.com/btaylor?access_token=dfjsmdjfsmjfsmljfd
Notice the parameter access_token appended to the URL.
Can we do something similar in Twitter's API ?
For instance:
http://search.twitter.com/search.json&access_token=dklfjsdkljfskldf
Is it possible? Or am I missing something?
Best Regards.
If you just need to search Twitter, then you don't have to use the API. For example, if you want to search for "django", simply request https://search.twitter.com/search.json?callback=?&q=django and you'll get your json.
Using the API requires that you first use OAuth to authenticate (Basic authentication is no longer supported). If you are familiar with the Facebook API, then perhaps you are familiar with oAuth already, as the Facebook API also uses OAuth.
Once you have the authorization info for your user, you don't pass it in URL, but in the request header, along with the URL for what you want, such as http://api.twitter.com/1/statuses/home_timeline.json if you want the user's home timeline.
If you've registered a Twitter application, then you can use Twitter's API console at http://dev.twitter.com/console to see what various requests and responses look like.
Here's a full header example:
GET /1/users/show.json HTTP/1.1
Accept: */*
Connection: close
User-Agent: OAuth gem v0.3.4.1
Authorization: OAuth oauth_nonce=\"ijasef982JIOase09u23f90ha3f9u53OWEIFH249A1X\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1287510730\", oauth_consumer_key=\"091oi0uJH23h080hfaAF2z\", oauth_token=\"1515151-X09WeowihwefOIWEOFIHWEFo09823408924f08heFK\", oauth_signature=\"Jht%2FEk98092j3fSAI0923fLXpw%3D\", oauth_version=\"1.0\"
Host: api.twitter.com
Related
I'm currently building out an API in Python Flask and am working on my authentication layer. Everything seems to be working aside from my request to retrieve an access token from Facebook's API.
I'm redirecting to https://graph.facebook.com/oauth/authorize after my own authorize endpoint is hit and the response is HTML. On browser, this obviously works, but since my intention is to use this API as the backend of an IOS app, I'm looking for an endpoint that returns the url, rather than the html, of the facebook login. Is there another endpoint I should be using?
Any help would be greatly appreciated.
Thanks,
Chris
Okay, nevermind, I realized that I was redirecting my API to the authorization URL when I should be returning the URL so that the user on the client side can then be redirected there.
I'm performing the server side oAuth2 flow.
I noticed that google has added a cool feature for their oAuth2 signin API which is redirect_uri=postmessage so we don't show the real redirect_uri on the browser url bar and the authorization code won't be included in the redirect url.
For linkedin, when the users accepts to share his personal data with the app, the response url looks like :
http://dev.localhost.com:8080/auth/linkedin?code=xxxxxxxxxxx&state=yyyyyyyyyyyyy
it's the same for Google unless we replace the real redirect_uri by postmessage.
If the redirect_uri + the response code is set in the url Every malicious script could be able to retrieve the returned code from the url and perform its own authentications.
So, is there any way to hide the return parameters and the redirect_uri for LinkedIn and Facebook ?
LinkedIn and Facebook are not vulnerable to malicious scripts accessing the redirect_uri.
Assuming you use the recommended response_type=code both APIs require you make a request from your server that includes your API secret and the code value in order to get the users token. LinkedIn describes this in Exchange Authorization Code for a Request Token and Facebook describes this in Exchanging code for an access token.
Additional security with Facebook can enabled with requiring that every request be signed with your API secret. Additional protection in general can be had by using a strong Content Security Policy to help prevent malicious scripts from running in the first place. And be sure to host your site exclusively over TLS to prevent your own JavaScript from being modified.
I want to use http://api.twitter.com/1/blocks/create.json?screen_name=xxxxxxx (Twitter API) to block particular friends or followers from my account with the use of Twitter & Account Framework in iOS 5,
So what should i do to solve this issue, because i just want to use Twitter account , don't want to use OAuth.
It generate an error like : HTTP/1.1 401 API is secure. Needs security Credentials
The Twitter API requires OAuth authentication. However, if you're happy with targeting iOS 5 and up you can use the in-built Twitter framework to perform the OAuth calculations on your behalf, which will save you a lot of time. Take a look at the documentation for TWRequest:
http://developer.apple.com/library/ios/#documentation/Twitter/Reference/TwitterFrameworkReference/_index.html
Actually you need to put parameters of post requests in the body. This is described in the OAuth tool description under Request query:
This tool is available on the right of every rest API documentation page like this if you are logged in
You can use apigee console for twitter to test it but you will get the same error unless you include the screen_name parameter in the body
We want to update our user profiles with information from LinkedIn (should the user choose to import this information). However, we want to this this authorization using Oauth2, but accordoing to LinkedIn's website only Ouath 1.0a is supported for their REST API: https://developer.linkedin.com/apis
Any way around this?
As LinkedIn is providing OAuth 2 access using their JavaScript API you could dive into their Javascript code and somehow get to the file, that has the OAuth 2 endpoints in it:
l.api = "https://api.linkedin.com/v1";
l.login = "https://www.linkedin.com/uas/connect/user-signin";
l.authorize = "https://www.linkedin.com/uas/oauth2/authorize?immediate=true";
[...]
l.logout = "https://www.linkedin.com/uas/connect/logout?oauth_token={OAUTH_TOKEN}&api_key={API_KEY}&callback={CALLBACK}";
l.userspace_renew = "https://www.linkedin.com/uas/js/authuserspace?v=0.0.2000-RC1.20001-1400&api_key={API_KEY}";
For requesting resources, probably the endpoints in their REST API documentation could be used.
However, note that it is probably forbidden by their terms of use to use these endpoints without their JS API and could result in your client being sanctionized. You could contact them and ask for permission.
I've created a Play 2.x client in Scala and Java which supports OAuth/CAS/OpenID/HTTP authentication and user profile retrieval : https://github.com/leleuj/play-pac4j.
For OAuth support, it's based on Scribe and supports LinkedIn, Facebook, Twitter, Google, Yahoo, DropBox, Github, Windows live, WordPress...
I am working in mobile environments that do not support Javascript. Is it possible to add Facebook Like functionality to a page, probably doing server-side requests to Facebook?
For a more detailed example, if I go to http://ogp.me/, there is a Like button towards the bottom of the page. Clicking on that uses Javascript, optionally signing into Facebook if the relevant cookies aren't there.
I want to provide the same functionality, but without using Javascript (clue: need to support Blackberry browsers).
My intention was to use OAuth 2.0 with standard redirects, to get an access token with which to call the Graph API.
Once I have an access token, I was expecting something like
curl https://graph.facebook.com/me/likes?access_token={a-valid-access-token}&category=Website&url={url-encoding-of-url-to-like}
where the access token has the publish_stream permission granted to it. So to be more explicit:
curl https://graph.facebook.com/me/likes?access_token={a-valid-access-token}&category=Website&url=http%3A%2F%2Fogp.me%2F
That attempt returns me a 403 response, and I've not found anything else in the fine manual
The graph api does allow you to like a graph object (see Graph API Docs / Publishing) using:
https://graph.facebook.com/OBJECT_ID/likes
However the graph object must have an existing likes connection - and there's currently no way of creating such a connection via the graph api.
But if the like connection already exists you can get the pages graph object id using FQL:
SELECT id FROM object_url WHERE url='http://youtargeturl.lnk'