
New APIs to power customer engagement in Direct Messages - technofide
https://blog.twitter.com/2017/new-apis-to-power-the-future-of-customer-engagement-in-direct-messages
======
electic
A big history lesson and a big WARNING for anyone who is thinking of building
anything with Twitter's APIs. Once this company, long ago, encouraged
developers to use their APIs to build products and utilities.

Developers heeded the call and flocked to the company's APIs. They built new
clients and innovative solutions to make Twitter truly useful. Twitter grew
fast with the developer's help and the developer's themselves did well. Many
raised millions of dollars in VC funding to make vibrant companies around the
Twitter ecosystem. Things were going well.

Then Twitter became greedy. Twitter decided to destroy the very companies that
grew Twitter's user base. They changed their TOS monthly outlawing various
product categories. They banned clients. They put restrictive quotas on their
APIs to starve out companies so they could reap their revenue for themselves.
Hundreds of products fell. Millions of developer hours were lost. The Twitter
ecosystem shrank and so did Twitter's user growth.

So if you're thinking about building anything with this company then be
warned. If anything you've built is remotely popular, then it is only a matter
of time before they come to pillage whatever you've built.

~~~
saurik
Twitter also did something that I find particularly interesting: they somehow
convinced developers that you needed them to bless your app and provide APIs
to build a client that accesses their service, even though those credentials
must be distributed _to the public with your client_. To people like me who
are old enough to have dealt with AOL, the idea that developers are willing to
buy into this fiction is absolutely insane: if the official Twitter client can
do it, then so can your client, and there is nothing Twitter can do to stop
you that doesn't also break their client (which they are generally _less_
willing to do than change their API on short notice!).

As far as I can tell the only thing that enforces this is what should amount
to an antitrust level of collusion between the mega-companies to restrict
access to products (via services such as the Apple App Store) that do things
that the other mega-companies dislike, as it is in all of their best interests
to maintain this same fiction. The reality is that client-side API keys are
totally meaningless and make no sense: in an attempt to believe they make
sense some developers then start to believe other crazy things like "if I
compile a token into my program other people can't read it as it is compiled"
or to insist "there must be some way to encrypt my binary to make sure that
other people can't get my API key", but this kind of broken thought only
happens due to a broken premise :/.

(That said, it isn't 100% clear to me that if someone released a true Twitter
client Apple would remove it, so if someone disagrees with that premise I am
all ears: that is simply the only theoretical mechanism I can see that would
seem to enforce this, and I feel like I have heard of this happening before,
but AFAIK the random apps in the App Store for abusing Tindr are all based on
reverse engineering the true API for the service, but it is also possible that
Apple cares less about helping Tindr or that Tindr has a different internal
mentality and culture surrounding this kind of thing; or it could even be the
case that these now have been removed and I haven't noticed yet as I don't
really pay much attention to track them, or even that I am wrong and they are
somehow more indirect in their implementation.)

~~~
mschuster91
> As far as I can tell the only thing that enforces this is what should amount
> to an antitrust level of collusion between the mega-companies to restrict
> access to products (via services such as the Apple App Store) that do things
> that the other mega-companies dislike

Actually, at least in the US you could be having legal problems... you're
circumventing access controls, which may or may not be a "hacking crime".
Also, by using the Twitter API you consent to its Terms and Conditions, so
they have legal grounds to sue you (for example via trademark law; you most
likely will advertise that your app supports Twitter login, but then Twitter
can sue you as you advertise Twitter compatibility while violating their T&C).

It's IIRC never been tested in court so it remains an effective FUD, even
without the Apple/Google store banhammer.

~~~
saurik
Where would someone even see these terms of service unless they have already
bought into the fiction? The terms of service on usage of the official Twitter
client could apply (saying you can't reverse engineer it), but if you are
reverse engineering something for straightforward interoperability there is a
lot of precedent, including for extremely similar services (such as the AOL
Instant Messenger Client); I think they would be hard pressed to do anything
more than ban you, just you personally, from Twitter.

~~~
mschuster91
It's the US government I'd be afraid of. Other governments even extradite
people like Kim Schmitz into the US, who never even set foot into the US, for
copyright infringement. Their justification is "he had used US servers".

Who says that this cannot be done with a 3rd party client developer? The
precedent is there, circumstances may be seen similar, all it needs is a
clueless DA and judge and boom you have a load of problems on your head.

------
cocktailpeanuts
Who really trusts Twitter at this point for anything developer related?

Not just talking about their API. Twitter never knew what they were doing, and
that used to be fine, but the difference now is people finally figured out
that Twitter doesn't know what they're doing.

They keep releasing all these new features that are all over the place (AND
worse than before). They should really stop, step back, and think about only a
few core fundamental problems and work on those instead.

~~~
andypiper
Thanks for the feedback. Can you be specific about the API features that
you're referring to that are "all over the place"?

I'm personally really excited about this, and this is probably the most
cohesive a strategy I've seen for the API platform. We're very focused on
fundamentals right now.

~~~
duskwuff
One really obvious one: Polls.

Polls were introduced in October 2015. There is _still_ no public API to
create them, view them, or vote in them -- for users using third-party
clients, polls are simply invisible.

~~~
andypiper
That's frustrating, I realise. It's probably the most common feature I'm asked
about regularly (alongside group Direct Messages). Polls are complicated to
add, as there are three aspects (creating, voting, and then seeing the
results), and they depend on cards, which are also not currently part of the
API. It would be good if we at least added the information that a poll is
attached to a Tweet to the Tweet JSON object, even if we can't do all the
other things right away. I'd suggest keeping an eye on the roadmap for where
we're going, but can't promise those things right now.

------
JamesMcMinn
As someone who uses Twitter's APIs heavily, this is both encouraging, and
slightly terrifying.

We draw down a lot of data from Twitter. Obviously, we always want more data,
so we got in contact with GNIP to see what we could afford (which, in itself
took a long time). As it turns out its incredibly expensive, and as a very
early startup, we couldn't afford any of their plans. We had no option but to
fall back to their standard, free APIs and make do.

There are plenty of people who would happily pay good amounts of money for
access to more Twitter data - there really are a million uses for it - however
Twitter's current prices are far too high for anything other than a VC funded
Silicon Valley startup to afford. I hate to think how many potential startups
and cool projects have been killed off instantly simply because Twitter's
prices are insane. You can get real-time global stock market tick data for a
year for less than Twitter charge per month for access to the decahose.

So, I'm glad to see Twitter being more open about their future plans, and
really happy to see they're moving towards a more self-service paid API for
those than want and can afford it. I just hope they make it affordable and
don't kill off too much in the process. The last thing they need is to upset a
lot of developers, again.

Twitter's API has always been something they've not leveraged enough. All they
had to do was keep it open, find a way of serving adds through 3rd party
clients, and I suspect there would have been an explosion of good clients that
could have made Twitter much easier to use for people who just can't figure
Twitter out. Twitter shouldn't be complicated, but it is, and by trying to
hold onto the brand as tightly as they have, they've prevented good developers
from making easy to use clients that could have brought in users.

I really want Twitter to succeed. I hope this is the start of a turnaround for
Twitter.

~~~
frabcus
In the market for Twitter data that we were in at ScraperWiki, it wasn't the
price per Tweet that was too much, but the minimum spend and the difficulty of
getting access to the data at all.

[https://scraperwiki.com/2014/08/the-story-of-getting-
twitter...](https://scraperwiki.com/2014/08/the-story-of-getting-twitter-data-
and-its-missing-middle/)

That aside, our treatment as potential partners was really bad. There just
wasn't a process for new ideas to be brought to Twitter management attention.
I wouldn't risk using their API for a business again.

------
sarreph
This is a good move, in a series of good moves recently, by the slowly-
becoming-irrelevant service.

I _want_ to get excited by this API change, I really do. But I can't help but
quash my own shower-thoughts about what I could do with this API, because
what's to say they let their 3rd-party devs down again?[0]

[0] - [http://www.theverge.com/2012/8/23/3263481/twitter-api-
third-...](http://www.theverge.com/2012/8/23/3263481/twitter-api-third-party-
developers)

------
janwillemb
They're aiming for the young or the forgetful developer, I assume? Twitter
shutting down the APIs a few years ago wasn't generally considered the best
way to get commitment from application developers.

~~~
andypiper
"shutting down the APIs" \- you mean, requiring authentication and adding
rate-limiting? which meant that we could get on top of the fail whale and
control platform stability?

The APIs have been open and usable all the time.

~~~
piquadrat
Maybe he meant adding arbitrary token count limits out of the blue that forced
countless 3rd party apps to close shop once they became successful? Or the
fact that new features like polls are absent in the public APIs, years after
they have been introduced?

I'm sure you're very excited about these new APIs for #brand #engagement, but
don't pretend that Twitter has been a great steward of its public API over the
last few years.

~~~
andypiper
I'm not pretending - I've been responsible for the public-facing APIs (since
2014). We've launched mute, accessibility text for images, multi image and
video upload, etc etc. We haven't added every single feature, but we've done
what we have done in a very methodical and careful way that ensures platform
stability. Polls are a complicated issue because they depend on cards, which
are also not currently part of the API. By publishing a roadmap for the first
time, we're providing visibility into what's coming. Thanks for the feedback!

~~~
piquadrat
In retrospect, my words were probably a bit harsh, sorry about that Andy. It's
never a nice feeling having one's hard work shittalked by strangers on the
Internet.

A roadmap is definitely highly appreciated. Something I'd love to hear from
Twitter is a definitive statement on 3rd party clients: are they a welcome and
supported part of the Twitter platform, or is their existence a historical
accident that have no role in the strategy going forward?

(I'm aware that such a statement is probably not in Twitter's interest to
make, but one can have dreams, right?)

------
victor9000
Fool me once, shame on you. Fool me twice? No thanks.

------
kragniz
>These APIs are designed to help businesses use the entire Twitter platform

If the only focus is on "customer experiences", why would I want to use this
network as a regular user? I don't want endless brands and marketing.

------
ungzd
More features for SMM and similar "almost spam" activities. I miss days when I
was able to post tweets by simple curl command and third-party clients for
reading Twitter were not banned.

------
0xCMP
I'm a little confused about this: I see there are better DM apis which I guess
is the big push here, but what is interesting to me is the new activity
webhook api.

Does that mean that a 3rd-party app will need a server to handle activity
notifications to replicate what twitter does on their activity page?

------
sparrish
Until they increase their API rate limits, this change is next to useless.

~~~
andypiper
We increased the rate limits for a range of the API endpoints in the fall last
year, in fact. The updates we announced today should also offer more and
better data to developers as they scale.

~~~
protomyth
You still cannot release a twitter client that doesn't get maxed at 100,000
users. Why bother implementing ideas when it will probably meet with the same
problem due to our success.

~~~
andypiper
Well, the platform is not just about client apps, people use Twitter's data
and features for all kinds of things. You're welcome to build on the platform
if you've got a good idea.

~~~
protomyth
Well, my good idea was a client app, so no, I'm (and I suspect a good group of
other) not welcome anymore.

Frankly, it should be a lot more about client apps and new ways to use the
information in a personal manner instead of creating an API that looks for all
the world like something I can use to automate my support staff on twitter and
fire a bunch of people.

------
scotchio
Two things I really want:

* Tweet count on a URL

* Read a tweet feed without auth

Also - the HN title is super misleading. The actual title is: "New APIs to
power the future of customer engagement in Direct Messages".

------
heavymark
Fool me once, shame on me. Fool me twice...

~~~
Pxtl
...

...

Can't get fooled again.

------
woliveirajr
It would be a good thing if, with this announcement, Twitter made a commitment
for how this would have a support for the future.

Like "this will be available for x months/years, you can make x requests per
minute/hour/day, you can buy a plan offering x for $x dollars" and so on.

Yes, that can limit some better offer in the future? Perhaps. But that make
things more stable, and people would commit more to twitter.

Can you change your terms in the future? Of course. But for newer customers.
The ones that sign up right now will have that promises kept. Good for
everybody.

~~~
andypiper
That's a really good piece of feedback that I'll be sure to pass along. In
terms of plans and pricing, we're not yet announcing those details, but stay
tuned as the new APIs we reference in the two blog posts today mature. We'll
continue to offer free access to the APIs as well.

~~~
AznHisoka
Will the free Search API have lower rate limits than they are currently?

~~~
andypiper
I cannot say definitively, but I don't believe there are plans to _lower_ any
limits. Additionally, given that the existing standard Search API has not been
significantly enhanced in several years and the replacement is going to be
based on the enterprise offerings, I'd expect the quality of the data to be a
lot better than what you receive on the search endpoint today.

------
la_oveja
I really hope Twitter goes bankrupt and we all switch to an open alternative.
That, or become an NGO.

------
codemac
Ah, customer service at Twitter had a good run. Back to the bots!

------
lexalizer
Yeah, thanks, but no thanks.

------
Clanan
Regarding Twitter's history of killing APIs and 3rd-party dev; is there a
bulletproof approach to setting up such an API/service with the guarantee that
it will not be killed/ruined, short of business closure? A one-sided contract,
so-to-speak?

------
toddkazakov
We're deprecating a legacy OpenID connect implementation and rebuilding the
entire user onboarding experience. Part of this requires rebuilding the
authentication layer. This is the first time I used their APIs. Instead of
sticking with the heard, twitter decided to stick to their OAuth1
implementation instead of adopting the standard today - OpenID. What's worse
is that they've come with the ingenious OAuth Echo, which requires you to ship
your mobile applications credentials embedded in the code, virtually public to
anyone who decides to poke around.

------
kh_hk
Omitting the obvious remarks on Twitter and APIs, this is clearly a good move.
Most companies have a twitter handle and the public has already absorbed that
fact, so it just seems more natural to offer a bot through twitter DM service
than, let's say, telegram. I wonder what took them so long, considering that
bots have also been natural to the twitter ecosystem for many years.

This can increase their growth and possibly, if a company bot goes over their
future non specified limits, they can cash in. Sorry, could not help myself :)

------
epaulson
Bummer that it's all webhooks. They're pretty fragile. It'd be much nicer if
Twitter had some kind of streaming API that you could connect to with a
sequence number and get any messages that you might have missed, or at least
any that they still have.

Basically, Kafka over Websockets would be ideal.

~~~
andypiper
In the early stages where we are now, we're finding the new architecture
pretty robust. There's an acknowledgement back on our side with webhooks
responses, so we can build features that ensure your apps never miss an
activity.

------
mschuster91
Hey, looks like it will finally be possible to send pictures in DMs from 3rd
party clients... can someone please confirm?

~~~
duskwuff
I wouldn't hold my breath. It's entirely possible that the new DM APIs will be
restricted to approved clients or accounts.

------
crorella
Twitter's swan song?

------
minikites
I'm sure this API will be great news to those people who are harassed with
hate speech every time they use Twitter. Since Twitter has an economic
incentive to ignore that problem (if they do fix it, then their "user
engagement" takes a nosedive) I don't think their future is particularly rosy.

