Twitter enforces SSL encryption for apps connecting to its API

Summary:Twitter closes the end-user privacy gap in third-party apps that connected to its API in plaintext.

Developers whose apps are still using HTTP plaintext connections to connect to Twitter's API feeds may find their applications broken from today.

Twitter has enforced new rules for developers to enhance privacy for end users, which from 14 January will see it block connections to all its API URLs for apps that have not enabled TLS (Transport Layer Security)/ SSL (Secure Sockets Layer) encryption.

Twitter alerted developers about a month ago to the new requirements, including a 'black out' test run last week, which temporarily broke such HTTP-only apps and should have alerted most developers of the changes in store. The company issued another reminder yesterday

"Connecting to the API using the SSL protocol builds a safe communication channel between our servers and your application, meaning that no sensitive data can be accessed or tampered by unauthorized agents in the middle of this communication path," Twitter wrote on its developer blog in December.

The change has been enforced for all Twitter API URLs, including all steps of OAuth — which prevents user passwords from being captured in transit — and its various REST API resources.

The new rules for developers follow Twitter's efforts to bolster privacy for end-users, late last year enabling "perfect forward secrecy" for traffic on its main website, mobile website and API lists.

Following Google and Facebook, Twitter enabled SSL protected sessions in 2011, while the addition of perfect forward secrecy to its SSL implementation would thwart attempts at " retrospective decryption ".

Topics: Security, Social Enterprise

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.