Twitter edges out third party clients with tighter API rules

Twitter has revealed upcoming changes to the next versions of its API, which will tighten the restrictions around what a developers build for the microblogging platform can and can't do.
Written by Michael Lee, Contributor

Twitter is now in the process of upgrading its API and tightening up the guidelines on how it can be used, which may cause issues for those developing third-party clients and services around the microblogging platform.

Developers will soon be required to follow Twitter's previous Display Guidelines to the letter, which will be aptly renamed to the Display Requirements when Twitter moves from API v1.0 to v1.1. The current guidelines set out clear standards for applications to link @usernames to user profiles, include options to retweet, reply and favourite, and other display-related elements.

Developers will also be required to have their application certified by Twitter if they are building applications that will be pre-installed on "mobile handsets, SIM cards, chipsets or other consumer electronics devices". Twitter's reasoning is that it wants to ensure that the developer is "providing the best Twitter experience possible". Applications that aren't certified risk having their API keys revoked, essentially rendering the application useless when it ships.

Twitter will now also require those developers that need a significant number of user tokens for API calls, to first seek permission to the API. This limit has been set at 100,000 individual tokens, however, Twitter has stated that applications that already have more than this limit will be able to stretch this to 200,000, so long as the application is compliant with its Rules of the Road — Twitter's name for its API Terms of Service. After the 200,000 limit, developers will not be able to add additional users without Twitter's permission, but they will be able to maintain their application.

For applications with an even larger user base that require more than one million user tokens, the developers responsible must work directly with Twitter. This policy has been in place previously, but the previous figure was five million, as reflected in Twitter's yet to be updated Rules of the Road.

These changes are expected to affect services that tend to mimic or reproduce Twitter's existing consumer client experience. These include Storify, Favstar.fm, Tweetbot and Echofon. LinkedIn has already been blocked by Twitter — a move that has been debated as suicidal for Twitter's ecosystem, especially as users reportedly still want a choice in which Twitter client they use.

But there are some other significant changes that will affect even smaller apps or services. Twitter will soon require every API request to be authenticated to keep track of who or what is making API calls. At the moment, Twitter said that there are many applications that pull data from the API at high rates, and because the company only knows the IP addresses of the applications, it opens up the door to malicious use. Applications that already use OAuth to make API calls won't be affected, but all other apps will need to be updated by the March 2013 move to v1.1.

Twitter will also change the limits on the number of API calls that applications are allowed to make per hour. Under v1.0 of the API, applications can make 350 calls per hour, regardless of whether they are for posting tweets, displaying them or simply looking up a user profile. The new proposed limits will become more specific depending on the type of call that is being made: 60 per hour for most individual API calls, but 720 per hour for more routine calls, such as those related to searches and user look-up. Which calls fall into the 60 or 720 rate limits are expected to be fully documented once v1.1 is released.

Editorial standards