Twitter Basic Auth Will Truly Disappear August 30

Adam DuVander
Aug. 16 2010, 02:05PM EDT

Previously set to go away today, using the Twitter API with basic authentication will instead be phased out over the next two weeks. During that time, any application still using the older method should switch to OAuth, which has been the preferred method for some time.

This morning Twitter's countdown clock hit all zeroes. However, Twitter will not immediately shut off Basic Auth, a method of authentication that requires users to share their passwords with 3rd party applications. Instead, Basic Auth will be phased out, slowly lowering rate limits. Twitter will also continue short tests of Basic Auth shutdown, as it did last week. The schedule is laid out in a post to the Twitter API Announcements mailing list:

- Basic Auth will be completely shut off on August 30th.
- Beginning Aug 17, basic auth rate limiting will decrease by 15 requests
on each week day (10% drop per weekday)
- Aug 16, 8am Pacific - we'll shut basic auth temporarily off for 10
- Aug 31, 5pm Pacific - we'll shut basic auth temporarily for 10 minutes
- On August 30th, all basic auth requests will be served with a 401 HTTP
status code.

Twitter is showing care, for both its developer and user communities, in its approach to the move to OAuth. OAuth is the better option for users, as access can be taken away and passwords can't be stolen. Happier users make happier developers, but Twitter also has given developers plenty of time. The move was first announced in April. For developers in need of help moving to OAuth, Twitter has a guide.

Adam DuVander -- Adam heads developer relations at Orchestrate, a database-as-a-service company. He's spent many years analyzing APIs and developer tools. Previously he worked at SendGrid, edited ProgrammableWeb and wrote for Wired and Webmonkey. Adam is also the author of mapping API cookbook Map Scripting 101.



[...] Twitter shut off basic authentication in August. Yet, that did not put an end to sharing one’s password with other services. Mobile apps still request your credentials, as opposed to redirecting to Twitter as part of the “OAuth dance.” And the same was true with Apple’s Twitter integration. Why aren’t some playing by Twitter’s new rules? [...]

[...] that developers who believe they’re being erroneously restricted make contact. Like Twitter’s move away from basic authentication, a change to an extremely popular API is tough to institute perfectly. There’s bound to be [...]