Twitter Basic Auth Will Truly Disappear August 30

Previously set to go away today, using the Twitter API with basic authentication will instead be phased out over the next two weeks. During that time, any application still using the older method should switch to OAuth, which has been the preferred method for some time.

This morning Twitter's countdown clock hit all zeroes. However, Twitter will not immediately shut off Basic Auth, a method of authentication that requires users to share their passwords with 3rd party applications. Instead, Basic Auth will be phased out, slowly lowering rate limits. Twitter will also continue short tests of Basic Auth shutdown, as it did last week. The schedule is laid out in a post to the Twitter API Announcements mailing list:

- Basic Auth will be completely shut off on August 30th.
- Beginning Aug 17, basic auth rate limiting will decrease by 15 requests
on each week day (10% drop per weekday)
- Aug 16, 8am Pacific - we'll shut basic auth temporarily off for 10
- Aug 31, 5pm Pacific - we'll shut basic auth temporarily for 10 minutes
- On August 30th, all basic auth requests will be served with a 401 HTTP
status code.

Twitter is showing care, for both its developer and user communities, in its approach to the move to OAuth. OAuth is the better option for users, as access can be taken away and passwords can't be stolen. Happier users make happier developers, but Twitter also has given developers plenty of time. The move was first announced in April. For developers in need of help moving to OAuth, Twitter has a guide.

Be sure to read the next Security article: Location Stalking Via Your Tweeted Photos


Comments (8)

[...] Twitter shut off basic authentication in August. Yet, that did not put an end to sharing one’s password with other services. Mobile apps still request your credentials, as opposed to redirecting to Twitter as part of the “OAuth dance.” And the same was true with Apple’s Twitter integration. Why aren’t some playing by Twitter’s new rules? [...]

[...] shut off basic authentication in August. Yet, that did not put an end to sharing one’s password with other services. Mobile [...]

[...] that doesn’t rely on oAuth to log you in feels like a bad fit. By the end of the month, Basic Auth will be no more. Design issues (which can always be improved upon in the future) aside, if you’re looking to [...]

[...] service can shut down or limit how you use its API at any time. Going back to Twitter, it recently stopped allowing basic authentication to its API, causing a few (very outdated, mind you) applications to stop [...]

[...] that developers who believe they’re being erroneously restricted make contact. Like Twitter’s move away from basic authentication, a change to an extremely popular API is tough to institute perfectly. There’s bound to be [...]

[...] When Twitter shut off basic authentication last year, it gave over four months notice, though the original heads up was half that. The company twice extended the deadline and finally required OAuth starting August 30, 2010. [...]

[...] authentication requirements may remind developers of 2010’s Twitter switch to OAuth. The company gave developers months of notice, but still ended up postponing the changes multiple [...]