Twitter Tightens API Rules: Increases Authentication, Decreases Requests Per Hour

4 minute read
Dan Berthiaume avatar

Twitter plans to release version 1.1 of the Twitter API in the coming weeks, and it involves a number of new user restrictions. Changes will include required authentication on every API endpoint, a new per-endpoint rate-limiting methodology, and tighter “Developer Rules of the Road,” especially around applications that are traditional Twitter clients.

Seeking Authenticity

In version 1.0 of the Twitter API developers have access to certain API endpoints without requiring their applications to authenticate, essentially enabling them to access public information from the Twitter API without Twitter knowing who they are other than their IP addresses. To prevent what Twitter calls “malicious” use of the Twitter API and to gain an understanding of what types of applications are accessing the API, in version 1.1 the company will require every request to the API to be authenticated.

For developers who are already using OAuth when making API requests, Twitter says all authentication tokens will transition seamlessly from v1.0 to v1.1. If an application is currently using the Twitter API without using OAuth, developers will need to update it before March 2013.

Rate-Limiting Endpoints

Twitter will cut the number of authenticated requests applications can make from the current 350 calls per hour to 60 calls per hour per-endpoint. According to Twitter, analysis of current use of its API shows this rate limit “will be well above the needs of most applications built against the Twitter API, while protecting our systems from abusive applications.”

There will also be a set of high-volume endpoints related to Tweet display, profile display, user lookup and user search where applications will be able to make up to 720 calls per hour per endpoint.

The Rules of the Road

Changes to Twitter’s official developer “Rules of the Road” will include a shift from display guidelines to display requirements (such as linking @usernames to the appropriate Twitter profile), requiring developers that are building client applications that are pre-installed on consumer electronics devices to have their application certified by Twitter and requiring developers to work with Twitter directly if they need a large amount of user tokens.

Bloggers Voice Displeasure

In addition to preventing misuse and gaining a better understanding of the API environment, Twitter says its new API guidelines are designed to encourage application development activity in areas such as social CRM, social analytics and social influence ranking, while limiting certain use cases for traditional Twitter cases and syndication.

Learning Opportunities

However, not all observers are quite so positive about these planned changes. Computerworld compiled a list of negative postings from IT bloggers about the changes. Comments included: “[It's] disappointing to see Twitter turning its back on the...community that played such a large role in its...expansion”; “the new requirements...may make it more difficult for third-party clients to differentiate themselves” and a “translation” of Twitter’s “weaselese” that boiled down to “We look forward to forcing you to build a service, then destroy any chance of making money from it.”

Not every blogger was negative, however. One blogger wrote, “I was left thinking a lot of the changes were reasonable and made sense…With concrete rules we can always ensure we are in compliance.” There was a caveat of “My only request to Twitter is that they keep the lines of communication...very open.”

Twitter Wants More Access, Control

Twitter appears to want to enable more access to its platform, but keep that access under tight control. In the past few months, Twitter has increased its accessibility with deals such as a partnership with social monitoring service Salesforce Radian6 providing Radian6 customers with direct access to Twitter’s “firehose” of 400 million daily tweets, and also licensed use of that “firehose” to Russian search engine Yandex.

Through deals such as these, Twitter increases its accessibility while dictating the terms of how it happens. By restricting how third-party developers use its API to build applications based on the Twitter platform, Twitter is greatly expanding the scope of this approach.

When Twitter releases version 1.1 of the API, it will simultaneously begin the deprecation of v1.0. From the day of the release, developers will have six months to migrate applications from v1.0 to v1.1.