Twitter API Version 1.1 Required Authentication on API endpoint; Changes to Developer Rules; Limit Access by 3rd Party Apps

Twitter in the coming weeks will release version 1.1 of the Twitter API with following changes "required authentication on every API endpoint; a new per-endpoint rate-limiting methodology; and changes to our Developer Rules of the Road, especially around applications that are traditional Twitter clients."Authentication requiredTo prevent malicious use of the Twitter API and gain an […]

Twitter in the coming weeks will release version 1.1 of the Twitter API with following changes "required authentication on every API endpoint; a new per-endpoint rate-limiting methodology; and changes to our Developer Rules of the Road, especially around applications that are traditional Twitter clients."

Authentication required
To prevent malicious use of the Twitter API and gain an understanding of what types of applications are accessing the API in order to evolve it to meet the needs of developers, "version 1.1, will require every request to the API to be authenticated."

Developers who are already using OAuth for API requests, "all of your authentication tokens will transition seamlessly from v1.0 to v1.1." Those, app using Twitter API without using OAuth, "will need to update before March 2013," Twitter said.

Per-endpoint rate limiting
Version 1.1, will provide per-endpoint rate limiting on the API. "While an application that only accesses one endpoint may be more restricted, applications that use multiple endpoints will run into rate limiting issues less frequently," Twitter said.

Most individual API endpoints will be rate limited at 60 calls per hour per-endpoint. "There will also be a set of high-volume endpoints related to Tweet display, profile display, user lookup and user search where applications will be able to make up to 720 calls per hour per endpoint."

In addition to the functional changes outlined above, Twitter also making changes to Developer Rules with v1.1:

Display Guidelines will be Display Requirements
"We'll require all apps that display Tweets to adhere to these. If your application displays Tweets to users, and it doesn't adhere to our Display Requirements, we reserve the right to revoke your application key," said Twitter.

Among them "linking @usernames to appropriate Twitter profile, displaying appropriate Tweet actions (e.g. Retweet, reply and favorite) and scaling display of Tweets appropriately based on the device."

Requiring pre-installed client applications on mobile handsets, SIM cards, chipsets or other consumer electronics devices to have their application certified by Twitter.

Additionally, if you are building a Twitter client app that is accessing the home timeline, account settings or direct messages API endpoints or are using User Streams product, you'll need Twitter's permission if your app will require more than 100,000 individual user tokens."

Third-party app with more than 100,000 users will be able to maintain and add new users to your application until you reach 200% of your current user token count (as of today). Once you reach 200%, you'll be able to maintain your app to serve your users, but "will not be able to add additional users without our permission."

Any third party app that currently has less than 100,000 users won't be able to expand more than that number without the thumbs up from Twitter.

API v1.1 migration period will have six months to migrate applications from v1.0 to v1.1.

"For developers already making authenticated calls to the API, this migration will be relatively easy, and should only involve updating the API endpoint, and testing apps behavior against the new rate limiting policies. For developers whose apps are accessing the API without authenticating, will need to update apps to use OAuth."

Twitter said that with the new API guidelines, "we're trying to encourage activity in the upper-left, lower-left and lower right quadrants, and limit certain use cases that occupy the upper-right quadrant."

twiiter ecosystem