Twitter just announced Wednesday afternoon some API changes that gives users more oversight when granting third-party applications access to their account, but it’s already proving to be a headache for developers of those apps.
Going forward, third-party applications that need access to your direct messages (DMs) will have to ask for permission again, according to a blog post penned by Jodi Olson, head of PR for the Twitter platform. By the end of the month, any apps that don’t need access will automatically have it revoked.
Additionally, whenever users are about to grant a third-party application access to their account, Twitter will detail to the user exactly what information the app is requesting: from the timeline to followers to direct messages, and everything in between.
Sounds gravy, right?
Not according to responses in this Google Groups discussion of the changes.
In line with the changes described above, Twitter has also told developers that “only applications which direct a user through the OAuth web flow will be able to receive access tokens that allow access to direct messages. Any other method of authorization, including xAuth, will only be able to receive Read/Write tokens.”
In other words, developers whose clients currently use xAuth have a little less than two weeks to integrate OAuth flow instead, if they want their users to still be able to access direct messages.
Here’s a sampling of the first few responses from developers, bolding added by us:
“The new permissions level is welcomed by me and a good idea. Removing the ability for xAuth to access DMs is insanity, pure and simple. I presume your iOS and Mac clients will be switching off xAuth access as well then?” (Rich)
“In the past, I've seen several occurrences where popular clients weren't affected by the rules. Will we yet again see this, or will there not be an exception for those clients? The same question goes for Twitter's own apps: will they make the switch to OAuth, or will they keep using xAuth?” (Tom van der Woerdt)
“This is such a short timeframe for people to rebuild, QA and resubmit their apps that it will certainly mean some peoples apps will stop working while they are waiting for them to be 'approved' by their own QA, or their internal IT department, or their app store or market. I would request that you think about extending it. (@nuxnix)
“can you please give us more time to adapt to this. It is impossible to make the appropriate changes and submit to appstore within this timeframe.” (janole)
“That is a HUGE and MAJOR headache for existing apps and their thousands of users who are currently using any of the /1/direct_messages methods.“ (Dewald Pretorius)
Yikes. Not quite a warm reception.
Twitter hasn't been very good at making developers happy lately. The last major example was the company's decree a few months ago that developers stop making clients mimicking the microblogging site's basic functionality; with official applications like Twitter for Mac and Twitter for iPhone becoming readily available, it's clear that the company wants to rule that market all by itself.
Then there was the whole UberMedia fiasco in February.
We’ve reached out to Olson to gather Twitter’s response, and she tells me a response from Developer Advocate Matt Harris is forthcoming.