Twitter Basic Auth Will Truly Disappear August 30

Adam DuVander
Aug. 16 2010, 02:05PM EDT

Previously set to go away today, using the Twitter API with basic authentication will instead be phased out over the next two weeks. During that time, any application still using the older method should switch to OAuth, which has been the preferred method for some time.

This morning Twitter's countdown clock hit all zeroes. However, Twitter will not immediately shut off Basic Auth, a method of authentication that requires users to share their passwords with 3rd party applications. Instead, Basic Auth will be phased out, slowly lowering rate limits. Twitter will also continue short tests of Basic Auth shutdown, as it did last week. The schedule is laid out in a post to the Twitter API Announcements mailing list:

- Basic Auth will be completely shut off on August 30th.
- Beginning Aug 17, basic auth rate limiting will decrease by 15 requests
on each week day (10% drop per weekday)
- Aug 16, 8am Pacific - we'll shut basic auth temporarily off for 10
minutes
- Aug 31, 5pm Pacific - we'll shut basic auth temporarily for 10 minutes
- On August 30th, all basic auth requests will be served with a 401 HTTP
status code.

Twitter is showing care, for both its developer and user communities, in its approach to the move to OAuth. OAuth is the better option for users, as access can be taken away and passwords can't be stolen. Happier users make happier developers, but Twitter also has given developers plenty of time. The move was first announced in April. For developers in need of help moving to OAuth, Twitter has a guide.

Adam DuVander Hi! I'm Developer Communications Director for SendGrid and former Executive Editor of ProgrammableWeb. I currently serve as a Contributing Editor. If you have API news, or are interested in writing for ProgrammableWeb, please contact editor@programmableweb.com Though I'm a fan of anything API-related, my particular interest is in mapping. I've published a how-to book, Map Scripting 101, to get anyone started making maps on websites. In a not-so-distant past life I wrote for Wired and Webmonkey.

Comments

Comments(8)

User HTML

  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

[...] Twitter&nbsp;shut off basic authentication&nbsp;in August. Yet, that did not put an end to sharing one&rsquo;s password with other services. Mobile apps still request your credentials, as opposed to redirecting to Twitter as part of the &ldquo;OAuth dance.&rdquo; And the same was true with&nbsp;Apple&rsquo;s Twitter integration. Why aren&rsquo;t some playing by Twitter&rsquo;s new rules? [...]

[...] that developers who believe they&#8217;re being erroneously restricted make contact. Like Twitter&#8217;s move away from basic authentication, a change to an extremely popular API is tough to institute perfectly. There&#8217;s bound to be [...]