/>
X

Twitter enforces SSL encryption for apps connecting to its API

Twitter closes the end-user privacy gap in third-party apps that connected to its API in plaintext.
liam-tung.jpg
Written by Liam Tung, Contributor on

Developers whose apps are still using HTTP plaintext connections to connect to Twitter's API feeds may find their applications broken from today.

Twitter has enforced new rules for developers to enhance privacy for end users, which from 14 January will see it block connections to all its API URLs for apps that have not enabled TLS (Transport Layer Security)/ SSL (Secure Sockets Layer) encryption.

Twitter alerted developers about a month ago to the new requirements, including a 'black out' test run last week, which temporarily broke such HTTP-only apps and should have alerted most developers of the changes in store. The company issued another reminder yesterday

"Connecting to the API using the SSL protocol builds a safe communication channel between our servers and your application, meaning that no sensitive data can be accessed or tampered by unauthorized agents in the middle of this communication path," Twitter wrote on its developer blog in December.

The change has been enforced for all Twitter API URLs, including all steps of OAuth — which prevents user passwords from being captured in transit — and its various REST API resources.

The new rules for developers follow Twitter's efforts to bolster privacy for end-users, late last year enabling "perfect forward secrecy" for traffic on its main website, mobile website and API lists.

Following Google and Facebook, Twitter enabled SSL protected sessions in 2011, while the addition of perfect forward secrecy to its SSL implementation would thwart attempts at "retrospective decryption".

Related

This stuff is better than compressed air for cleaning your dirty tech
img-6864

This stuff is better than compressed air for cleaning your dirty tech

Office Hardware & Appliances
Are you ready for the worst Economy Class airline seats in the world?
airline-seats.jpg

Are you ready for the worst Economy Class airline seats in the world?

Business
Google looks to reduce pushback bias in developers' software code review
close up programmer man hand typing on keyboard at computer desktop for input coding language to software for fix bug and defect of system in operation room , technology concept

Google looks to reduce pushback bias in developers' software code review

Developer