Twitter API Changes Have Some Developers Up in Arms

Big changes for the use of Twitter's next API are garnering lots of criticism online from developers as the company takes more control of how its service is used.

There's no way that developers who are seething about Twitter's newly announced API changes could keep their comments to only a Twitter-friendly 140 characters.

Instead, some developers quickly took to the Web to post much longer attacks about the new Twitter API policies, including a key provision that will now require permission from Twitter if a client app will be used by more than 100,000 people. One critic even went so far as to advise Twitter developers to move away from the platform and seek another outlet that's less restrictive to work with.

The new API rules were unveiled Aug. 16 by Twitter's director of consumer products, Michael Sippey, in a post on the company's developer's blog. They didn't come completely out of the blue, however. Back in June, Sippey wrote a more generalized post telling developers the company would "soon introduce stricter guidelines about how the Twitter API is used" in an effort "to deliver a consistent Twitter experience."

The new changes will come as part of the release of Version 1.1 of the Twitter API in the coming weeks.

Based on the criticisms being launched online at Twitter since Sippey's announcement, though, the anger and disgust from developers about those "stricter guidelines" might be more than the company expected.

Among the key changes affecting developers are:

Required authentication on every API endpoint: "Currently, in v1.0 of the Twitter API we allow developers access to certain API endpoints without requiring their applications to authenticate, essentially enabling them to access public information from the Twitter API without us knowing who they are," wrote Sippey. "For example, there are many applications that are pulling data from the Twitter API at very high rates (scraping, bots, etc.) where we only know the IP address of the applications." In the new version of the API, Twitter will now require every request to the API to be authenticated, wrote Sippey.

A new per-endpoint rate-limiting methodology: In the existing Version 1.0 of the Twitter API, there is a built-in limit to the number of authenticated requests applications can make--350 calls per hour, according to Twitter. "This 'one size fits all' approach has limited our ability to provide developers more access to endpoints that are frequently requested by applications, while continuing to prevent abuse of Twitter's resources," wrote Sippey. To better control those issues, Twitter will now provide per-endpoint rate limiting on the API for up to 60 calls per hour per endpoint. "Based on analysis of current use of our API, this rate limit will be well above the needs of most applications built against the Twitter API, while protecting our systems from abusive applications."

Changes to Twitter's "Developer Rules of the Road," especially around applications that are traditional Twitter clients: A key shift will be that "display guidelines" for Twitter app developers will now become "display requirements," wrote Sippey. "We will require all applications that display Tweets to adhere to these," instead of being just guidelines. "If your application displays Tweets to users, and it doesn't adhere to our Display Requirements, we reserve the right to revoke your application key."

In addition, Twitter will also now require that developers have their applications certified by Twitter before they can be preinstalled on mobile handsets, SIM cards, chipsets or other consumer electronics devices. "If you ship an application preinstalled without it being certified by Twitter, we reserve the right to revoke your application key," wrote Sippey.

Twitter also has new rules about the number of users an app can serve, including a requirement that developers having more than 1 million users for their apps will have to work directly with Twitter to ensure proper operations.

Twitter client applications built by developers that access the home timeline, account settings or direct messages API endpoints or that use Twitter's User Streams product, will now require the company's permission to serve more than 100,000 users, according to the blog post.

Client apps that already use those endpoints and currently exceed 100,000 users won't be shut down, wrote Sippey. Instead, they'll be permitted to operate as they do today, until they reach 200 percent of their current levels, when they will have to get Twitter's permission to have more users.

A check of developer blogs online highlights the disdain that some of them are feeling about the new API rules.

"I sure as hell wouldn't build a business on Twitter, and I don't think I'll even build any nontrivial features on it anymore," Marco Arment, a Web app and iPhone software developer and creator of Instapaper, wrote on his blog. "And if I were in the Twitter-client business, I'd start working on another product."