tags:

views:

217

answers:

3
+2  Q: 

Is it OK to save Twitter passwords for easy login via the Twitter API?

I'm writing a tool in our web app to allow our users to tweet certain things about our app via the Twitter API. In all the documentation I've seen the Twitter API has you submit the user's username and password via XML or JSON. It would make sense from a usability standpoint to save the username and password for easy reuse (so they don't have to log in everytime they tweet. Although I want to make sure we are allowed to do this before we actually implement the saved username/passwords.

Does anyone know if there are any laws that prevent us from doing this? Is this just what Twitter expects us to do?

+9  A: 

While you can certainly store people's usernames and passwords for use with the Twitter API, this is not the recommended approach. Try Twitter's OAuth Authentication instead.

OAuth is an authentication protocol that allows users to approve applications to act on their behalf without sharing their password.

Twitter will eventually deprecate basic (username/password) authentication in the future. Mid-2010 is likely.

Ryan McGeary  2009-12-21 19:33:55
Thanks! When I saw OAuth I assumed it was an alternative to logging in via REST. But now it all makes sense that OAuth is preferred and REST login is depreciated. On a related note, I read that REST login limits you to 150 requests/hour by default. I'm assuming if you go with OAuth that you don't have a limit?
Adam  2009-12-21 20:57:17
Your rate limits remain even with OAuth, though, you can apply to be white-listed here: http://twitter.com/help/request_whitelistingMore info on rate limits: http://apiwiki.twitter.com/Rate-limiting
Ryan McGeary  2009-12-21 21:03:03
Basic authentication will start depreciation in June 2010.
Eclipsed4utoo  2009-12-22 17:23:21
+1  A: 

I would stick with OAuth, the reason OAuth is beneficial is your site > will no longer need to handle Twitter passwords, store them, protect them, and deal with the legal consequences (Can't link because the work proxy blocks The Twitter wiki lol). Keyword: Legal. Don't store them.

RandomNoob  2009-12-21 19:36:29
A: 

I didn't find anything answering this question one way or the other in the Twitter T&C. In other words, it doesn't seem to be explicitly forbidden, as it is, for example, at Facebook.

But it's clearly undesirable to store other people's usernames and passwords to proxy for them.

fsb  2009-12-21 19:41:34

related questions

When to say when with a startup company?
Ethics of assisting other programmers, where do we draw the line?
Protection from screen scraping
Legalities of screen scraping
Pharmacological enhancement for job performance
Ethics of keeping a domain name hostage
Is it wrong to decompile code?
Should I charge my client extra for the source code?
What open computer science problem should remain unsolved?
What to do when asked to fake or fudge a demo to the customer? Any hints on pushing back?
Programming as a meaningful profession?
Is reverse engineering evil?
Ethics and Coding
How can you give users confidence that your application has no malicious intent?
Ethics of Open Source Copy of Proprietary Software
Would you work for an "Adult" Company?
Is it ethical to monitor users?
Under what circumstances is it acceptable to break a public interface?
What should you do when coming across a publicly accessible security vulnerability?
What should be included in a programmer's code of ethics?
Have you ever faced an ethical issue when creating an application?
Is it ethical/legal to bring your favorite code with you after a job?
Compromising my integrity ?
What are the ethics of time management while working for pay?
Found a critical bug, but the company doesn't care