All about social networking
What is it exactly?? twitter is a free social networking and micro-blogging service At twitter you can follow somebody you like. people can follow you for any reason. Since its creation in 2006 by jack dorsey, twitter has gained notability and popularity worldwide. Twitter application programming interfaces are being widely used by third party applications running on different servers to allow their users to interact with twitter.
Flavors of twitter API’s Twitter offers two types of API’s Search API’s REST API’s The Search API methods give developers methods to interact with Twitter Search and trends data. Returns tweets that match a specified query. Tweets are text-based posts of up to 140 characters displayed on the author's profile page and delivered to the author's subscribers who are known as followers. Returns the top ten topics that are currently trending on Twitter. The Twitter REST API methods allow developers to access core Twitter data Access user information Update Status messages Access timelines
Rate limiting in Twitter API’s The Twitter API only allows clients to make a limited number of calls in a given hour. This policy affects the two APIs in different ways. Talking about REST API The default rate limit for calls to the REST API is 150 requests per hour. Rate limiting only applies to methods that request information with the HTTP GET command WHITELISTING can be done for application and IP address by filling out WHITELISTING form. You can thus make 2000 calls per hour Talking about Search API The Search API is rate limited by IP address. The number is quite a bit higher than 150 per hour Twitter does not disclose this number in order to discourage the unnecessary usage of Search. Consistent failure to avoid the rate-limiter will signal Twitter to automatically blacklist your application
How application works??
Oauth flow..
What happened in last slide? Well that was Oauth authentication But what exactly is Oauth authentication? I heard this for the first time.
What is OAuth? A simple open standard for secure API authentication. http://oauth.net
Specifically OAuth is... Need to log in to access parts of a website Authentication Need to log in to access parts of a website ex: bookmark a link, post a photo, add a friend, view a private message Token-based Authentication Logged-in user has a unique token used to access data from the site
Who is involved?
Who is it for? Service Providers - have an web API that needs authorization for certain functions Consumers - want to use an API that requires (or encourages) Oauth.
Goals…. Be Secure secure for end users easy to implement security features for website developers 3rd party developers don’t have access to passwords balance security with ease of use
Goals…. Be Open any website can implement Oauth any 3rd party developer can use Oauth open source client libraries
OAuth Setup Service provider gives documentation of authorization URLs and methods Consumer registers an application with the service provider
Sign in with Twitter It is the pattern of authentication that allows users to connect their Twitter account with third-party services It utilizes Oauth Although the flow is very similar, the authorization URL and workflow differs slightly as described below. The normal flow dictates that applications send request tokens to oauth/authorize in Twitter's implementation of the OAuth Specification. To take advantage of Sign in with Twitter, applications should send request tokens in the oauth_token paramater to oauth/authenticate instead.
Twitter URL’s for getting tokens Getting Request Token http://twitter.com/oauth/request_token Getting Access Token http://twitter.com/oauth/authorize
Register a Consumer Application Go to the following link https://twitter.com/oauth_clients/new
You will see something like this
Description of fields Application name Provide a name for your application Description Provide a brief description of your application Application website URL pointing to your application Organization For which organization are you providing this application Website Website of the organization Application type Type of your application. Check browser for our purposes Callback URL The URL where twitter shall redirect user after gaining authorization from user. Default access type Choose access types use twitter for login Mark this field if you wish to do so.
After registration?? Basic Steps Note down application consumer key Note down application consumer secret Consumer key and consumer secret will be used to authenticate your application, when user will try to use it. Start building application
Getting request token You will require to make call to http://twitter.com/oauth/request_token along with following GET parameters oauth_consumer_key This is they key you obtained after registering you application oauth_signature String constructed using chosen signature method oauth_signature_method supported method is "HMAC- SHA1” oauth_timestamp seconds since unix epoch ( use time() function in php ) oauth_nonce random string per timestamp used to stop replay atacks oauth_version 1.0 is used as a value
Authorization from user Response of previous request is a request token and request secret Redirect user to http://twitter.com/oauth/authorize along with oauth_token parameter in GET field. oauth_token is the request token we got from previous step. If user provides access to the application, twitter sends acccess token and access secret to our callback url we provide callback url while registering our application Save the access token and access secret in sessions for making subsequent requests for resources
Making API calls After we have got access token, we are now free to make various rest calls that required authentication Many REST API calls in twitter do not require authentications Check out http://apiwiki.twitter.com/Twitter-API-Documentation for the list of API’s that are available with twitter. If API call requires authorization, access token is sent along in authorization header of the call to a particular REST resource.
Format for response Developer chooses the format for response XML JSON You are free to choose any format while making request to any API. Eg. If you are requesting for any resource say www.twitter.com/<resource>.<format> . Making call to get user’s followers in xml format we can write the request url like this. http://twitter.com/users/show.xml
Dealing with response Once we get response in our desired format. We will require to extract information from that. If your desired format is XML, you can use inbuilt PHP function simplexml_load_string($content); to convert the response contained in $content into array. This array will contain different fields of response at its all indexes. Loop through the array to get the value for various fields of response.
Example API calls and responses We want to get list of friends of a user along with their status in xml format Make call to http://twitter.com/statuses/friends.xml with one of following GET parameters id. Optional. The ID or screen name of the user for whom to request a list of friends. user_id. Optional. Specfies the ID of the user for whom to return the list of friends. screen_name. Optional. Specfies the screen name of the user for whom to return the list of friends cursor. Optional. Breaks the results into pages. A single page contains 100 users. This is recommended for users who are following many users. Provide a value of -1 to begin paging. Provide values as returned to in the response body's next_cursor and previous_cursor attributes to page back and forth in the list. Example: http://twitter.com/statuses/friends/barackobama.xml?cursor=-1 Example: http://twitter.com/statuses/friends/barackobama.xml?cursor=1300794057949944903
Useful resources To know more about signing procedures visit http://oauth.net/core/1.0/#signing_process To know more about getting request tokens visit http://oauth.net/core/1.0/#anchor9 Visit to know more about Oauth http://oauth.net/core/1.0/ Visit to know more about Twitter API’s http://apiwiki.twitter.com/Twitter-API-Documentation
Thank You