Hacker News new | past | comments | ask | show | jobs | submit login

Is there an available history of Twitter's APIs over the years? IIRC it was initially open, and then they locked it down so many 3rd party apps for Twitter had to shut down, and now they're sort of opening it up again?

What's the deal?




They never "locked it down", they just rate limited some vital endpoints and never bothered to add endpoints for new, important features.

My own recommendation: disassemble any official app (for example, the Android one with apktool) and get the tokens and endpoints and do whatever the hell you want without paying a cent.


> They never "locked it down", they just rate limited some vital endpoints and never bothered to add endpoints for new, important features.

More importantly: they introduced a lifetime cap on the number of OAuth tokens that applications could create, which meant a lifetime cap on how many different users a Twitter client could support. Once you hit your Nth user, you could never have a new person authenticate that client.

That killed off basically every decent third-party Twitter client.


In the beginning you could post a tweet just by doing a http basic-authenticated post containing the tweet body, and there were unauthenticated rss feeds for most data feeds. These days you have to create app ids, tokens, etc etc etc. It really was a lot more open earlier.


Twitter was part of the reason I fell in love with development. The easy interaction with the whole platform changed my view on data. It broke my heart when they introduced v2


I feel like you could do this just watching network traffic, and judging by the fact that nobody's done it, I also feel like there's some mechanism preventing this that I'm not knowledgeable enough in the subject to be aware of.


You can't do this just watching network traffic because the apps use HTTPS + certificate pinning.

And you can do it if you want. I do it. I'm sure many more people do it.


Out of curiosity, what do you use the decompiled tokens/endpoints for?


The official twitter app is possibly using these premium endpoints, so it's token has access to those. If you "grab" that token(s) somehow, you can go ahead and use it in your app, I presume. I don't know how this will work when your app wants to connect to someone else's account, however.


You think all the russian bots are on the official API? Nope.


Nefarious purposes, mostly. I can crawl without rate limits (well, there are rate limits, but it's much harder to hit them), and I also can spam a lot without getting my account flagged (but it eventually gets flagged, of course).

By spamming I don't mean the usual "click on this link and I'll show you my tits" spam; if you create a useful bot that sends "expected" mentions (for example in response to mentions you receive, and not just spam) it will get banned in a matter of hours. With their "secret" tokens, it won't get banned.


A rooted device should suffice, but it is a painful procedure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: