Previously set to go away today, using the Twitter API with basic authentication will instead be phased out over the next two weeks. During that time, any application still using the older method should switch to OAuth, which has been the preferred method for some time.
This morning Twitter's countdown clock hit all zeroes. However, Twitter will not immediately shut off Basic Auth, a method of authentication that requires users to share their passwords with 3rd party applications. Instead, Basic Auth will be phased out, slowly lowering rate limits. Twitter will also continue short tests of Basic Auth shutdown, as it did last week. The schedule is laid out in a post to the Twitter API Announcements mailing list:
- Basic Auth will be completely shut off on August 30th.
- Beginning Aug 17, basic auth rate limiting will decrease by 15 requests
on each week day (10% drop per weekday)
- Aug 16, 8am Pacific - we'll shut basic auth temporarily off for 10
- Aug 31, 5pm Pacific - we'll shut basic auth temporarily for 10 minutes
- On August 30th, all basic auth requests will be served with a 401 HTTP
Twitter is showing care, for both its developer and user communities, in its approach to the move to OAuth. OAuth is the better option for users, as access can be taken away and passwords can't be stolen. Happier users make happier developers, but Twitter also has given developers plenty of time. The move was first announced in April. For developers in need of help moving to OAuth, Twitter has a guide.