REST API Changelog
April 18, 2010
April 13, 2010
- Update (REST + Documentation): added the friendships/incoming and friendships/outgoing calls to get pending follow requests for protected users.
- Update (REST + Documentation): added a set of X-FeatureRateLimit headers to responses from users/search to provide information about the method's feature-specific rate limit.
March 22, 2010
- Update (REST + Documentation): allowing up to 100 results to be returned via the users/lookup call without a secondary rate limit.
- Update (Documentation): documented that the users/search endpoint is limited to 60 calls per hour.
March 21, 2010
- Update (REST): added the geo/nearby_places call which is the recommended call to retrieve places to attach to statuses/update.
- Update (Documentation): added a note to geo/reverse_geocode that this endpoint exists for informative reasons, and to get personalized data, end users should use geo/nearby_places.
- Update (REST): added the users/suggestions call to get the list of categories that Twitter's suggested users fall into.
- Update (REST): added the users/suggestions/category call to get the list of suggested users in a particular category of Twitter's suggested users.
March 18, 2010
March 11, 2010
- Update (REST): added the users/lookup to do a bulk user lookup (up to 20 at a time)
- Update (Documentation): removed the [COMING SOON] notices on the statuses/update call with regards to the new geo features.
- Update (Documentation): removed a notice that statuses/public_timeline will be removed on 5 April 2010 (aka its not going anywhere).
March 5, 2010
March 2, 2010
March 1, 2010
February 26, 2010
- Update (REST): added documentation for xAuth (browserless token exchange).
- Update (Documentation): made a note on oauth/access_token pointing to xAuth.
February 25, 2010
February 17, 2010
February 8, 2010
February 5, 2010
- Fixed (Documentation): modified the documentation to statuses/update to note that geo-tagging requires the use of the decimal point as the decimal separator (as opposed to the decimal comma).
January 26, 2010
January 12, 2010
- Fixed (Documentation): updated the return values page to reflect the addition of the contributors_enabled, contributors, and lang values in the user objects.
- Fixed (Documentation): statuses/show to talk about the contributors and the geo field.
January 7, 2010
- Fixed (Documentation): updated social graph method documentation to recommend using cursors.
January 5, 2010
December 25, 2009
- Fixed (Documentation): removed the COMING SOON notices around geolocation in verify_credentials.
December 16, 2009
- Fixed (Documentation): changed the endpoint listed in DELETE list/subscribers to be correct.
- Fixed (Documentation): documenting the presence of the notifications_enabled and blocking elements of friendships/show.
- Fixed (Documentation): documenting that retweets are stripped from statuses/user_timeline when calling XML or JSON, but appear as RTs in Atom and RSS.
- Update (REST): geotagging API now tracks how many decimal points of accuracy are given to it, and then makes sure to return with the same amount - up to 8 digits.
December 7, 2009
November 19, 2009
- Feature (REST): retweet API
November 13, 2009
- Feature (REST): users/search introduced to access the People Search API.
- Update (REST): update to trends/available to optionally accept lat/long parameters to retrieve a sorted list of locations.
- Update (REST): update to serialized XML and JSON formats for trends/available.
- Update (REST): removed support for pagination from the /friends/ids and /followers/ids methods. (announcement)
October 30, 2009
September 30, 2009
- Feature (REST): blocks/create and blocks/destroy now take the same disambiguation parameters that blocks/exists takes. (issue 1060)
- Fixed (REST): the count parameter is now being properly obeyed statuses/friends_timeline is being obeyed. (issue 1063)
September 29, 2009
- Fixed (REST): status timeline methods will now return 404 errors if you ask for a non-existent screen_name instead of an unauthorized error. (issue 1066)
September 24, 2009
- Fixed (REST): documented cursor-based pagination for statuses/friends and statuses/followers.
September 15, 2009
- Fixed (REST): Retrieving statuses/friends, statuses/followers, friends/ids, and followers/ids for user A, who is a public user (has not protected his/her tweets) and who has blocked user B, now works for user B if B is making authenticated calls. Prior to this, user B would receive "unauthenticated" errors. This behavior was not deemed consistent with the reality that retrieving statuses/friends, statuses/followers, friends/ids, and followers/ids from A works with unauthenticated calls.
- Fixed (REST): provided an alternative to the unreliable pagination mechanism for /followers/ids and /friends/ids. (issue 1019)
September 10, 2009
- Fixed (REST): Blocking an unknown user now returns a 404 instead of a 500. (issue 972)
- Fixed (REST): 403 is now returned when attempting to update a status and limits are hit. (issue 795)
- Fixed (REST): statuses/friends, statuses/followers, friends/ids, and followers/ids for protected users require proper authentication.
July 15, 2009
- Fixed (OAuth): Including the oauth_signature parameter to the authorize redirect no longer causes an error. (issue 768)
- Fixed (OAuth): Changing accounts during OAuth authorize no longer loses the oauth_access_type value. (issue 813)
- Feature (OAuth): The PIN code for desktop apps now includes a Luhn ("mod-10") check digit. (issue 823, more info)
July 1, 2009
- Fixed (OAuth): The oauth_access_type parameter was not respected in all cases. (issue 767)
- Fixed (OAuth): Allow international domain names for OAuth URLs via punnycode input. (issue 772)
- Feature (REST): API updates are now identified as being from API rather than web.
- Feature (REST): The rate limit has been changed form 100 to 150. (documentation)
June 29, 2009
- Fixed (Search): Searches for accented and non-accented words are now combined. (issue 503)
- Fixed (REST): The new friendships/show method no longer returns 502 on large users. (issue 757)
- Feature (Search): Added Farsi/Persian to the list of available languages.
June 25, 2009
- Feature (REST): Added screen_name and user_id attributes to direct_messages/new for disambiguation (issue 550, documentation)
- Feature (REST): Added new friendships/show method (issue 474, documentation)
- Fixed (REST): Partially fixed issue with tiling background images via the API (issue 650)
- Fixed (OAuth): Added a more helpful error message when you try to use a request token in place of an access token.
- Fixed (OAuth): Improved error handling when invalid data is submitted in place of a token.
- Fixed (REST): The JSON returned in maintenance mode now correctly contains null rather than NULL (issue 703)
- Fixed (Mail): Improved outbound email reliability (for apps parsing DM/friend emails)
June 24, 2009
- Fixed (Search): Searches for never-used phrases incorrectly returned an error rather than 0 results. (issue 740)
- Fixed (Search): The combinations of some operators with since_id incorrectly returned an error, now it returns results. (issue 742)
June 23, 2009
- Fixed (Search): Search errors are now returned in the API format requested (issue 509)
June 9, 2009
- Feature (OAuth): Updated OAuth to 1.0a and added a PIN-based desktop workflow for OAuth apps. (announcement)
June 4, 2009
June 2, 2009
- Fixed (OAuth): Internet Explorer users were not being correctly redirected back to the originating site when using the authenticate method. (issue 644)
- Fixed (OAuth): Internet Explorer users were seeing a warning about insecure items on OAuth pages.
- Fixed (REST): The source parameter was incorrectly being reported as 'from web' in all cases (issue 634)
May 29, 2009
- Fixed (OAuth): Using the force_login parameter would incorrectly return an old token in some cases (issue 559)
May 27, 2009
- Fixed (REST): Social graph methods now correctly return 5000 items per page when the page parameter is used (issue 613)
May 13, 2009
- Fixed (REST): Background images uploaded via the API now take effect immediately (issue 451)
- Fixed (OAuth): Using the authenticate method with force_login=true incorrectly returned the old users token.
- There is still a known issue where the user is asked to accept the application each time. A fix is pending.
- Feature (OAuth): When retrieving the access token via the access_token call the screen_name and user_id are returned as well.
May 11, 2009
April 30, 2009
- Feature (REST): The in_reply_to_status_id can now reference any mentioned user. (announcement)
- Feature (REST): The social graph methods now support pagination via the page parameter so you can work with very large users. (issue 518)
April 23, 2009
- Fixed (REST): Basic authentication now works with passwords containing a colon. (issue 496)
- Fixed (REST): Error message during downtime now matches documented response. (issue 300)
- Deprecated (REST): Support for the oauth_callback parameter has been removed due to security vulnerability. (discussion)
- Fixed (OAuth): OAuth images are properly served from through HTTPS. (issue 476)
April 22, 2009
- Fixed (REST): When sending Direct Messages reaching the limit now returns HTTP 403 instead of HTTP 500.
- Fixed (REST): When uploading a new background image via the API the result was not immediately reflected. This has now been fixed.
- Feature (REST): Support the user_id and screen_name parameters for friendships/create, friendships/destroy, notifications/create, and notifications/leave.
- Feature (REST): Support the max_id parameter for direct message pagination.
April 15, 2009
- Fixed (OAuth): All application image updates were reporting the image was too large. This has been corrected.
- Fixed (REST): Changing your profile image on the web was not reflected in the API. This has been corrected.
- Fixed (Search): The atom results did not contain a language element for each status. A twitter:lang element has been added.
April 14, 2009
- Fixed (OAuth): non-ASCII characters in POST parameters were incompatible afte the April 9th change. That incompatibility was corrected.
- Fixed (REST): The since_id parameter now works on the /direct_messages/sent method
April 9, 2009
- Fixed (OAuth): Accented characters in statuses were causing signature error for OAuth clients. This has been corrected.
- Fixed (REST): Attempting to direct message yourself failed and returned a direct message from cache. You can now direct message yourself again.
April 8, 2009
- Changed (REST): The since parameter and If-Modified-Since header are no longer supported.
- Fixed (REST): Methods documented as requiring GET were allowing POST and not counting the rate limit correctly. These methods now require GET and return an error message if POST is used.
- Fixed (REST): The /users/show.$fmt method now thorws a 404 error if no recognized parameters are given.
- Fixed (REST): The deprecated email parameter was being silently ignored, an error is now returned.
- Fixed (OAuth): Rate limiting was incorrectly by IP only when using the Authenitcation header. This has been corrected.
- Fixed (OAuth): Error messaging for OAuth clients is now more detailed.
- Fixed (REST): Direct message objects were not returning the large user representations in json responses. They will now begin doing so.
- Fixed (REST): Calls to direct message XML methods were incorrectly displaying the nilclass root tag. This has been corrected.
- Feature (REST): Added /direct_messages/show/$id.$fmt method (where $id is the direct message id and $fmt is xml or json)
- Feature (OAuth): Added provisional support for "Sign in via Twitter" for OAuth applications. An official annoucement will follow after full support is available.
April 1, 2009
- Feature (REST): User objects are now returned with all possible attributes everywhere in the API. Previously, only some methods returned the "full" or "extended" representation of User objects.
March 26, 2009
- Feature (REST): statuses/replies now includes mentions
- Feature (REST): Added rate limit HTTP response header X-RateLimit-Reset.
- Fixed (REST): The since_id parameter on direct messages had recently stopped working and was repaired.
March 26, 2009
- Feature (REST): Added rate limit status to HTTP response headers as X-RateLimit-Limit and X-RateLimit-Remaining
- Fixed (OAuth): Fixed an issue where application icons were not being saved. Icons missed will show up eventually but developers can re-upload to fix the issue.
- Feature: Added a /friendships/add/[screen_name]page for 3rd party sites to refer web users to for following new people.
March 23, 2009
March 16, 2009
- Feature (OAuth): The OAuth closed beta has ended and OAuth is now open to all for a more extensive beta.
March 5, 2009
- Feature (Search): You can now search for ticker symbols like $DIA.
- Feature (OAuth): Added an oauth_access_type parameter to the authorize URL so applications can specify read/read+write per user.
- Fixed (OAuth): There was a delay after an application was approved where requests would not work. This has been corrected.
March 3, 2009
- Fixed: The /friends/ids and /followers/ids no longer require authentication for protected users.
- Fixed: The /friends/ids and /followers/ids now support the callback parameter for JSON.
- Fixed: Statuses ending in "..." are no longer incorrectly trimmed when displayed on twitter.com.
March 2, 2009
- Fixed: New accounts would silently allow over sized values in some profile fields and the bad data would later be truncated. The system now correctly reports an error.
February 25, 2009
- Fixed: The new /user/show calls with user_id and screen_name parameters were incorrectly returning the wrong data due to a caching bug.
- Feature (OAuth): Added the ability to regenerate the client key and secret in the event the secret gets leaked.
- Feature (OAuth): Added support for callback urls with query strings.
- Fixed (OAuth): The approval page incorrectly said all application needed update access. Now this is correctly displayed per application.
- Fixed (OAuth): The oauth_callback parameter is now retained if the user choses to sign in as a different user.
February 24, 2009
- Fixed: Calls to /friendships/exists.json were returning incorrect results.
- Feature: The /users/show call now accepts the parameters user_id and screen_name to allow disambiguation of numeric screen names.
- Security (OAuth): Misconfigured applications could use insecure PLAINTEXT signatures. This has now been explicitly disallowed.
- Fixed (OAuth): Changed OAuth tokens to work correctly during database replication delays.
- Feature (OAuth): Removed the approval process for new applications. New applications will be allowed by default and we will review and revoke as needed.
February 13, 2009
- Security (OAuth): Fixed a bug where the application authorization form did not require the POST request come from the same domain.
- Feature (OAuth): Added the ability to use non-http callback URLs for iPhone development.
- Fixed (OAuth): Improved error messaging on OAuth protocol failures.
- Fixed (OAuth): Changed access token generation to prevent truncation problems reports via feedback.
February 10, 2009
- Fixed: updates to the name and location fields would silently fail when the data was too long and would later be truncated. The methods now correctly report an error.
February 3, 2009
- Feature: new API methods for retrieving lists of user IDs from the social graph, /friends/ids and /followers/ids.
January 21, 2009
- Fixed: the /statuses/replies method did not support the count parameter to control the number of statuses returned. Support for the count parameter was added.
January 12, 2009
- Fixed: some methods were defaulting to JSON when no format was specified. A format must be specified for all API calls.
- Security: it was possible to discover the currently logged-in user via an unauthenticated call to the /statuses/user_timeline method. This is a potential privacy concern, and was disabled.
- Fixed: Atom feeds for timelines incorrectly reported all user profile pictures as image/png.
- Fixed: Requests with &id= and no value returned a user rather than an error. Now an error is returned.
January 7, 2009
- Fixed: source parameters specified when posting on the web (for example, as part of a link from a "Tweet This"/"Share This On Twitter" button) were being ignored.
- Fixed: /friendship/exists.json was returning "true" and "false" as strings, not boolean literals, as they should in a proper JSON response.
December 22, 2008
- Fixed: /account/update_profile_background_image should now properly set the background image, regardless of the authenticating user's theme selection.
- Fixed: accounts that have been disabled by Twitter support will no longer be returned by the /users/show API method; expect a 404 status code for these accounts.
December 17, 2008
- Fixed: the profile_background_image_url and profile_background_tile attributes weren't always present in extended User objects (ex: from /users/show)
- Fixed: passing a callback parameter will no longer result in a 200 response code, as it was breaking some applications. Please use suppress_response_codes=true if you need this behavior.
- Fixed: whitelisting approval emails now contain the IP addresses we approved, not just the usernames.
- Security: ensured that client-provided callbacks are always sanitized (only alphanumeric characters and underscores) to prevent Flash cross-domain policy attacks.
December 11, 2008
- Feature: new API method /account/update_profile to update name, location, email, url, description attributes.
- Fixed: /users/show should now return all attributes of a user object in XML.
- Fixed: /statuses/replies should return fresher data in the case that a user that you do not follow has replied to you.
- Fixed: /account/verify_credentials returns an extended user object (includes all attributes returned in /users/show).
December 10, 2008
- Fixed: return a User object from the /account/verify_credentials method, for consistency.
- Feature: passing a callback or suppress_response_codes parameter in your request will ensure that a 200 response code is always returned. This is necessary for some Flash and JSON applications running in the browser that don't have access to HTTP responses with anything other than a 200 response code.
December 9, 2008
- Fixed: Senders of direct messages can now delete those messages.
- Fixed: public_timeline.json allows callbacks.
- Fixed: updating a user's profile background image via the API wasn't applying the image to the user's profile design settings.
- Feature: ability to turn tiling of a profile background image on or off when updating the image via the API.
- Fixed: irregular/truncated attributes in responses from /users/show
December 8, 2008
- Fixed: unauthenticated users couldn't retrieve the rate limit status for their IP
- Feature: return "in_reply_to_screen_name" attribute with all Status objects.
December 3, 2008
- Fixed: user-defined callbacks on JSON requests will no longer include spurious other callback names from previously cached requests.
- Feature: added the ability to user the count parameter with the direct_messages methods to limit result set size.
- Fixed: invalid count parameters during pagination no longer return an HTTP 500 error and are instead ignored.
- Fixed: user-defined callbacks on JSON requests were omitted when returning non-200 response codes (ie, errors).
- Fixed: statuses posted on the web interface (ex: http://twitter.com/home?status=foo) can now specify a custom source parameter.
December 1, 2008
- Fixed: since_id is no longer ignored if it isn't present in the requested timeline
- Fixed: pagination no longer ignores count parameter when used with the page parameter
November 19, 2008
- Fixed: /status/friends now correctly returns HTTP 401 rather than HTTP 404 when credentials are missing or incorrect.
- Fixed: HTML error page no longer returned to API requests when the user has an active mobile session.
November 14, 2008
- Fixed: error messages returned by the API will be returned in the format of the original request. For example, if you request /statuses/user_timeline.json and your request incurs an error, you'll get a response describing that error in the form of a JSON hash.
- Security: statuses of protected users are no longer leaked by adding them as favorites via the API.
- Fixed: /users/show and other methods will now show you the attributes of a protected user you are not authorized to see, but not that user's current status. Previously, you were not allowed to see any data about protected users with that method, but this behavior diverged from that of the Twitter website, where a protected user's location, description, and so forth are visible to anyone.
- Fixed: user-defined callbacks on JSON requests will no longer be omitted from requests that have been page-cached on Twitter's side. If you were only seeing your callback intermittently when requesting JSON, this should be resolved.
- Fixed: a higher daily limit for the number of statuses you can mark as a favorite. This should help out favorite-related bots.
- Fixed: more informative error messages when marking a status as a favorite via the API fails.