In order to limit malicious use, Twitter is closing ranks around its API and requiring application developers use authentication in its upcoming new release. The company announced Thursday afternoon in a blog post that it was introducing new restrictions in v1.1 to create a “more consistent Twitter experience” and to limit malicious use of the API.
“Currently, in v1.0 of the Twitter API we allow developers access to certain API endpoints without requiring their applications to authenticate, essentially enabling them to access public information from the Twitter API without us knowing who they are,” Group Product Manager Michael Sippey wrote.
“For example, there are many applications that are pulling data from the Twitter API at very high rates (scraping, bots, etc.) where we only know the IP address of the applications. To prevent malicious use of the Twitter API and gain an understanding of what types of applications are accessing the API in order to evolve it to meet the needs of developers, it’s important to have visibility into the activity on the Twitter API and the applications using the platform,” he added.
In order to know who is behind every API requests, Twitter will no longer allow anonymous access in the new version coming out in a few weeks. Developers of current apps using the Twitter API will need update their application and use OAuth before March 2013.
In addition to requiring authentication, v1.1 will limit individual API endpoint rates to 60 calls per hour per endpoint. Currently, applications can make up to 350 calls per hour regardless of the type of data the application is requesting – a policy that has led to abuse of Twitter’s resources, Sippey said.
Additionally, what had previously been display guidelines will become official display requirements that now will include mobile applications. Developers who fail to follow the rules will risk having their application key revoked.