Poll: how many of you use /statuses/friends_timeline/user.format?

[Alex Payne]

We're looking to trim up a few parts of the Twitter that cause our
database pain in an effort to maintain stability over the coming
weeks. It's been often been said on this list that developers
wouldn't mind suffering some API changes if it meant more reliability.
One of the methods that hurts us the most is what we call the
"profile with friends". Via the API, you'd access it via this URL if
you wanted the timeline of updates by bob's friends:

http://twitter.com/statuses/friends_timeline/bob.xml

We'd still allow you to retrieve your friends_timeline for the
authenticating user, just not the authenticating user looking at
another user's timeline. This latter method forces us to do a fairly
complex query that, when not cached, can be pretty painful.

How many of you actually make use of this method? Should it stay or
should it go? I can say that the equivalent view on the web is going
away in all likelihood. You'll still be able to see who another user
follows, but not in timeline format.

--
Alex Payne
http://twitter.com/al3x

[Ed Finkler]

I do not use this method except to grab the authenticating user's own
friends timeline. I don't personally have much use for it otherwise.

--
Ed Finkler
http://funkatron.com
AIM: funka7ron
ICQ: 3922133
Skype: funka7ron

[Michael T. Barrett]

I use that format with Stuffr, but only for the authenticating user.

[Cameron Kaiser]

> We're looking to trim up a few parts of the Twitter that cause our
> database pain in an effort to maintain stability over the coming
> weeks. It's been often been said on this list that developers
> wouldn't mind suffering some API changes if it meant more reliability.
> One of the methods that hurts us the most is what we call the
> "profile with friends". Via the API, you'd access it via this URL if
> you wanted the timeline of updates by bob's friends:
>
> http://twitter.com/statuses/friends_timeline/bob.xml

TTYtter does not use this at all.

--
------------------------------------ personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.com * cka...@floodgap.com
-- If there was a hole, I would jump into it. -- Gackt Camui ------------------

[Julio Biason]

Miter uses just

http://twitter.com/statuses/friends_timeline.json (for the authenticated user).

--
Julio Biason <julio....@gmail.com>
Twitter: http://twitter.com/juliobiason

[sugree]

jibjib doesn't use it and if jibjib uses, it will authenticate the
user by the way.

[Kee Hinckley]

On May 24, 2008, at 8:23 PM, Alex Payne wrote:
> One of the methods that hurts us the most is what we call the
> "profile with friends". Via the API, you'd access it via this URL if
> you wanted the timeline of updates by bob's friends:

I always thought it was an odd, but interesting, feature. I can
definitely imagine the performance hit though. Not worth keeping in my
mind.

[dean.j.robinson]

I do provide a link to the friends_timeline for other users within
Hahlo.

Over the last months the "friends_timeline" on Hahlo has been visited
about 280,000 times, of those around 60,000 were other peoples
timelines (ie. not the authenticating user's) I must say thats a
larger percentage that I expected.

IF you are going to remove it on the web, then I guess there's not a
problem removing it from the API too, so long as its communicated
appropriately to users. I personally don't have a huge problem with
it, but us developers will need to know if its going to be removed in
advance so that we can update our code accordingly.

Is this intended to be a permanent removal? Or temporary? (but not
"temporary" like paging). Seems a shame if the only solution to the
current issues is to remove functionality.

cheers

Dean

[Evan Weaver]

It will be semi-permanently removed. It may eventually reappear in
modified form, but don't hold your breath.

Evan

--
Evan Weaver

[dean.j.robinson]

Thanks Evan, and I shall not hold my breath for I fear that may be bad
for me :)

[Marco Kaiser]

twhirl doesn't make use of this method, it only fetches the "with friends" timeline for the authenticating user.

--

Marco Kaiser

kaiser...@gmail.com

[David Håsäther]

On May 25, 2:23 am, "Alex Payne" <a...@twitter.com> wrote:

> How many of you actually make use of this method?

The Opera widget doesn't use this method either, and there are no
plans to do so.

[Akira Ueda]

NatsuLion doesn't use this method without authentication.

--
Akira Ueda (@akr)

[CHEEBOW]

Twit dosen't use this method.

[Abraham Williams]

My super secret twitter project does not use this method.

Abraham


--
| Abraham Williams | Web Developer | Lothlórien Coop | Madison WI
| http://abrah.am | http://lothwiki.org | http://web608.org
| This email is: [] blogable [x] ask first [] private

[Damon Clinkscales]

On Sat, May 24, 2008 at 7:23 PM, Alex Payne <al...@twitter.com> wrote:

> http://twitter.com/statuses/friends_timeline/bob.xml

Neither of my apps use that method:
- http://snaptweet.com
- http://doesfollow.com

Best,
-damon
--
http://twitter.com/damon

[Jesse Stay]

socialtoo.com doesn't use this method.

--Jesse

[lyn...@gmail.com]

P3:PeraPeraPrv doesn't use this method without authentication.

[Kee Hinckley]

Amusingly, I just realized that I *was* using that form of the call.
But I was using it as a temporary way of getting messages for a user
without logging in--thus avoiding the rate limit. :-) It wouldn't get
protected users, but I could fetch it more often, and then back off
and use the authorized mechanism less frequently.

So yeah, you probably don't want to keep it around.

[Richard]

Friendbinder is not using it, but instead I am using
http://twitter.com/statuses/user_timeline/<username>.xml
for each user so is that better or worse?

It seems that people are reluctant to give their username/password to
a web app. so I can see using
http://twitter.com/statuses/friends_timeline.xml
as bit of a problem and it's not page-able.

What methods does everyone use here?

[Jorge Handl]

Twist is not using it.

[Colby Palmer]

The current version of http://itweet.net does not use this method.

I am using it heavily in some new interfaces I'm working on, so I
wouldn't mind keeping it... however if its removal meant a really
tangible improvement to Twitter's stability, I would vote to kill it.

Colby
http://twitter.com/colbypalmer

[Shannon Whitley]

I don't use it.

If we ax that feature can we get the "page" querystring variable
back? :)

[Joel Longtine]

Socialthing.com does not use this feature, either, we only care about
the authenticated user and their friends. I can't see how we would
take advantage of that feature, either, so I vote to kill it,
especially if it is degrading performance so severely.

[Alex Payne]

An update: we'll be deprecating the usage of this method that,
apparently, hardly anyone but us uses. Most likely, the deploy that
deprecates this will go out tomorrow, and the documentation will be
updated at that time. URLs that specify an alternate user for whom to
fetch a friends_timeline will continue to work, but will return
statuses for the authenticating user.

--
Alex Payne
http://twitter.com/al3x

[dean.j.robinson]

Well, looks like Hahlo will get its 3.1 update a couple of days early
then....

Thanks for letting us know Alex.

On May 30, 12:25 pm, "Alex Payne" <a...@twitter.com> wrote:
> An update: we'll be deprecating the usage of this method that,
> apparently, hardly anyone but us uses. Most likely, the deploy that
> deprecates this will go out tomorrow, and the documentation will be
> updated at that time. URLs that specify an alternate user for whom to
> fetch a friends_timeline will continue to work, but will return
> statuses for the authenticating user.
>

[dean.j.robinson]

Also I should add that although I would have like to have seen it
stay, its removal is going to drastically simplify a good sized
section of Hahlo's code. :)

On May 30, 8:09 pm, "dean.j.robinson" <Dean.J.Robin...@gmail.com>
wrote:

[Alex Payne]

Thanks for being so flexible about keeping up with our API changes, Dean.

--
Alex Payne
http://twitter.com/al3x

[Ray Grieselhuber]

Sorry I'm late to this thread. Gridjit uses this method extensively
and is currently not able to function without it. Future enhancements
will provide a means for authenticating users to get their
information, but it currently does not.

So is support for this functionality permanently gone??

Thanks,

Ray

On May 30, 11:25 am, "Alex Payne" <a...@twitter.com> wrote:
> An update: we'll be deprecating the usage of this method that,
> apparently, hardly anyone but us uses.  Most likely, the deploy that
> deprecates this will go out tomorrow, and the documentation will be
> updated at that time.  URLs that specify an alternate user for whom to

> fetch afriends_timelinewill continue to work, but will return

> statuses for the authenticating user.
>

[twibble]

I'd also like to get it back. I use it to display the locations of an
user's friends in Google Maps in the twibble client. That doesn't work
any more :(

Thanks,
@twibble

[RoelandP]

@alex we are currently running on the 'with_friends-timeline' here at
the pinkpop festival (see for yourself @ http://pinkpopmashup.vpro.nl),
I mailed you about it the day before yesterday.

If you are now shutting down the service,please add @3voor12 to the
API whitelist , so that we can hang on there untill sunday evening!

thank you on behalf of 200 happy backchannel festival go-ers!

all best, greetings from the pinkpop festival,

Roeland

On 30 mei, 04:25, "Alex Payne" <a...@twitter.com> wrote:
> An update: we'll be deprecating the usage of this method that,
> apparently, hardly anyone but us uses. Most likely, the deploy that
> deprecates this will go out tomorrow, and the documentation will be
> updated at that time. URLs that specify an alternate user for whom to
> fetch a friends_timeline will continue to work, but will return
> statuses for the authenticating user.
>

[Kent Brewster]

Arrgh, this broke Twitterati, Alex. (http://kentbrewster.com/
twitterati) While I think I understand the reasoning, there are an
unknown but potentially high number of sites using it, and I'm going
to have to figure out a way to fix it for them.

If you're going to remove this, don't send back the login prompt.
Having the login box pop up instead of the expected response is
potentially very bad from a security standpoint, if the JSON is being
included as a SCRIPT tag. Nobody should ever see a Twitter login
prompt anywhere outside twitter.com.

--Kent

[tdr...@gmail.com]

I have a google gadget which is now broken as it uses this api call:
http://www.google.com/ig/directory?q=twitter&root=%2Fig&dpos=top&url=www.btinternet.com/~tdroza/gadgets/twitter/index.xml

The gadget imports the json feed by adding a script tag to the page to
make a cross-domain call to twitter. I can't authenticate because I
can only do a GET not a POST. As I understand it, the only way that I
can fix this would be to have a server-side proxy to the twitter API
that takes a user's credentials and makes an authenticated request. I
specifically do not want to to this (some of the other google gadgets
do) as this is really really bad from a security standpoint - a user
should never have to give their username/password for one site
(twitter) to another site (mine). Also the google gadget is a very
lightweight html/javascript page containing all the functionality so I
do not have a server-side app.

At the moment I can't see how I can work around this with the current
API which is a shame as the gadget has around 2000 users and has been
growing steadily. It's also a pity that this thread started just 1
week ago and you only confirmed that this would be changed yesterday
and the change was deployed 24hrs later.

[Remy Sharp]

I've obviously join this conversation too late (since the change has
been made) - but I'm another developer that *does* use the open
friends_timeline.

I published a blog/site plugin that allows users to add their tweets
via JS, but doesn't hang their site if Twitter is down/having trouble
(i.e. the official twitter badge takes down their page if twitter
hangs).

Is this feature being considered for adding back in, or at the very,
very least - please don't prompt for the auth details, just send back
an empty/error JSON object, it looks really bad on bloggers sites to
prompt for a twitter username + password.

Many thanks!

[Alex Payne]

I'll do what I can about the authentication, but it may take until
Tuesday to get it deployed. I'm sorry that this caught some of you
off-guard. When we made the decision to axe this feature from the
API, about 95% of everyone who responded to me publicly or privately
said they didn't make use of it.

--
Alex Payne
http://twitter.com/al3x

[Kent Brewster]

Next time you guys alter the API, please consider posting the poll/
warning on the developer blog, give us at least a week to digest and
discuss before making a decision, and then another week to prepare for
the shutdown. I'm not here very frequently, so I missed the poll and
discussion entirely.

Remy: giving back a warning that the client wasn't signed in to
Twitter would be a privacy leak. A curious site could quietly ping the
API on behalf of all of its users by using the script tag hack and
note who was signed in and who wasn't. Unless I'm off-base, this is
one of the reasons why the API login and the public site logins have
to be separate.

--Kent

[Cameron Kaiser]

> Next time you guys alter the API, please consider posting the poll/
> warning on the developer blog, give us at least a week to digest and
> discuss before making a decision, and then another week to prepare for
> the shutdown. I'm not here very frequently, so I missed the poll and
> discussion entirely.

I understand your frustration, but what's the point of subscribing to
this list if not for those kinds of announcements?

--
------------------------------------ personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.com * cka...@floodgap.com
-- Only death cures stupidity! -- "Cowboy Bebop: The Movie" -------------------

[Alex Payne]

Kent has a good point: we have plenty of other outlets to get the word
out about urgent changes, and we didn't make use of them in this case.
I'll correct that next time.

--
Alex Payne
http://twitter.com/al3x

[Kee Hinckley]

It looks like most of the uses of friends_timeline which are now
popping up were using it as a way of fetching user tweets without
authenticating. I assume they realize it wasn't a full feed (didn't
include protected users). But given that, it sounds like the long-
term solution is to provide OpenID or a similar mechanism for doing
cross-domain authentication.

[jen...@gmail.com]

I use it for a twitter community and absolutely CAN NOT have a pop up
message bar asking my public readership for an API login. This is
incredibly tacky.

Please, please give us anonymous access to /statuses/friends_timeline/
user.format and put it back the way it was.

Thank you.

http://twitter.com/yourpoker
http://twitteryourpoker.com/

[Stut]

Looks like this is unlikely to get fixed overnight, so may I make a
suggestion that anyone using Twitterati or any other widget that uses
this method takes it off their site until the issue is resolved one
way or another. That way it no longer makes your site look "tacky".

Al3x: For your part can you please make the small change required to
temporarily have it return an empty response if called without
authentication. Just in the short term. I know there's a master plan,
but this particular issue is clearly causing a problem.

-Stut

--
http://stut.net/

[Alex Payne]

I'll make that change with our next deploy, which should be Tuesday at
the latest.

--
Alex Payne
http://twitter.com/al3x

[Craig Hockenberry]

Alex,

We're not using this API in Twitterrific.

But we are using the <http://twitter.com/al3x/with_friends/> page at
Twitter. This is now redirecting to <http://twitter.com/al3x/friends/
>. I'm assuming that this change is related to the API deprecation.

We've had a lot of users complaining about this. And I can totally
understand why: it's the best way to pick up a conversation that's
already in progress. There's no other way to gain context to a tweet
that shows up on your timeline.

Eventually we'll see third parties, like Quotably and Summize, pick up
the slack, but for now it's a noticeable loss.

-ch

[Dominik Schwind]

Hi,

I just notice your own flash badge seems to be using it. Any plans of
resurrecting it for that badge or for a replacement badge?

Dominik

[Kent Brewster]

Has the API been changed to only show updates from friends of the
authenticating user? This was not the case before; it was possible to
surf around and find interesting new people to follow. I see
completely different results when I look at LukeW's feed-with-friends
logged in as me:

http://kentbrew:*****@twitter.com/statuses/friends_timeline/assclown.json

... versus logged in as a new user who has no friends:

http://upgnome:*****@twitter.com/statuses/friends_timeline/assclown.json

Any idea what's up?

--Kent

[Alex Payne]

We'll be pushing out a replacement for that badge ASAP.

[twibble]

Hi Alex,

I'm a bit lost in this long thread, will the friends_timelime without
authentication eventually come back? Unfortunately Google maps doesn't
ask for a password when trying to access a protected (geocoded)
timeline. That's why I'd like to get it back as it was before the axe.

Thanks,
@twibble

On 4 Jun., 20:03, "Alex Payne" <a...@twitter.com> wrote:
> We'll be pushing out a replacement for that badge ASAP.
>
>
>
> On Wed, Jun 4, 2008 at 7:13 AM, Dominik Schwind <domi...@gmail.com> wrote:
>
> > Hi,
>
> > I just notice your own flash badge seems to be using it. Any plans of
> > resurrecting it for that badge or for a replacement badge?
>
> > Dominik
>
> > On May 25, 2:23 am, "Alex Payne" <a...@twitter.com> wrote:
> >> How many of you actually make use of this method?  Should it stay or
> >> should it go?  I can say that the equivalent view on the web is going
> >> away in all likelihood.  You'll still be able to see who another user
> >> follows, but not in timeline format.
>
> >> --

[Mike Scott]

Twibble, if you'd like to provide that information out I'd suggest you do a man-in-the middle script to load and provide it without authentication, this would solve having to wait for Twitter, as well as provide you with maybe a bit more power in the long run to modify the data pre-google maps.

[twibble]

Mike, thx for the hints! Actually we already have a twibble server
between the client and the twitter server to generate a geocoded
timeline. E.g. the URI
http://maps.google.de/?q=http://api.twibble.de/statuses/user_timeline/twibble.kml
displays the geocoded user_timeline of a given user (twibble) and
works fine.
However, the same with the friends of twibble doesn't work anymore:
http://maps.google.de/?q=http://api.twibble.de/statuses/friends_timeline/twibble.kml
as the kml feed needs to be authenticated now which is not supported
by Google maps. You are also no longer be able to feed the geo
timeline into your blog. We can probably work around but this will
take some time. For that reason it would be great to have it back as
before at least for some more weeks.

Best,
@twibble

On 6 Jun., 02:09, "Mike Scott" <mic...@gmail.com> wrote:
> Twibble, if you'd like to provide that information out I'd suggest you do a
> man-in-the middle script to load and provide it without authentication, this
> would solve having to wait for Twitter, as well as provide you with maybe a
> bit more power in the long run to modify the data pre-google maps.
>

[Kee Hinckley]

On Jun 5, 2008, at 12:32 PM, twibble wrote:
> I'm a bit lost in this long thread, will the friends_timelime without
> authentication eventually come back? Unfortunately Google maps doesn't
> ask for a password when trying to access a protected (geocoded)
> timeline. That's why I'd like to get it back as it was before the axe.

This doesn't help if you don't know the authentication information in
the first place, but if you have it, but are using a system that
doesn't let you provide it, this should work:
http://USER:PA...@twitter.com/APICALL
Can't test that right now though--twitter's down. :-/

[twibble]

Kee, might work but putting the pwd in a URI is not necessarily a good
idea ...

On 6 Jun., 09:04, Kee Hinckley <naz...@somewhere.com> wrote:
> On Jun 5, 2008, at 12:32 PM, twibble wrote:
>
> > I'm a bit lost in this long thread, will the friends_timelime without
> > authentication eventually come back? Unfortunately Google maps doesn't
> > ask for a password when trying to access a protected (geocoded)
> > timeline. That's why I'd like to get it back as it was before the axe.
>
> This doesn't help if you don't know the authentication information in  
> the first place, but if you have it, but are using a system that  
> doesn't let you provide it, this should work:

>         http://USER:P...@twitter.com/APICALL

[Kee Hinckley]

On Jun 6, 2008, at 3:16 AM, twibble wrote:
>
> Kee, might work but putting the pwd in a URI is not necessarily a good
> idea ...

I believe, although it's been a long time since I looked, that it's
converted to a standard authorization request on the client side, so
it isn't sent over the wire that way (and it certainly doesn't show up
in the logs that way). You still have the security issue of having
the password embedded in a URL somewhere. But regardless of how it's
sent, it's really no less secure than the basic authorization.

[Jesse]

A little late to the party, I'm not a developer, and you've gotta do
what you've gotta do, but I'm sad to see this go. It was my favorite
way to discover cool new people to follow. Hopefully you can bring it
back some time in the distant future. But for now, I know you have
your hands full.

Jesse

[Evan Weaver]

On Fri, Jun 6, 2008 at 8:24 PM, Jesse <nowher...@gmail.com> wrote:
>
> A little late to the party, I'm not a developer, and you've gotta do
> what you've gotta do, but I'm sad to see this go. It was my favorite
> way to discover cool new people to follow. Hopefully you can bring it
> back some time in the distant future. But for now, I know you have

We hope to bring it back for non-protected statuses at some point.

Everyone, thanks for your understanding.

Evan

> your hands full.
>
> Jesse
>
> On May 29, 10:25 pm, "Alex Payne" <a...@twitter.com> wrote:
>> An update: we'll be deprecating the usage of this method that,
>> apparently, hardly anyone but us uses. Most likely, the deploy that
>> deprecates this will go out tomorrow, and the documentation will be
>> updated at that time. URLs that specify an alternate user for whom to
>> fetch a friends_timeline will continue to work, but will return
>> statuses for the authenticating user.
>>
>> On Mon, May 26, 2008 at 3:09 PM, Joel Longtine <j...@socialthing.com> wrote:
>>
>> > Socialthing.com does not use this feature, either, we only care about
>> > the authenticated user and their friends. I can't see how we would
>> > take advantage of that feature, either, so I vote to kill it,
>> > especially if it is degrading performance so severely.
>>
>> --
>> Alex Paynehttp://twitter.com/al3x
>

--
Evan Weaver

[vlb]

On May 29, 7:25 pm, "Alex Payne" <a...@twitter.com> wrote:
> An update: we'll be deprecating the usage of this method that,
> apparently, hardly anyone but us uses.

ALex - this isn't true. Several of the TWitter third-[party apps use
the friends_timeline. THis is how they do their "who do the people you
follow follow" magic that gives me all sorts of wonderful ideas about
what to read next.

Please put this back.

http://firewatching.com/ambient/2008/05/31/twitters-latest-api-changes-disable-gridjit-for-now/

[dean.j.robinson]

They shouldn't really need to use the "friends_timeline" to do the
"who do the people you follow follow" thing. It would make more sense
to use just the "friends" call.

eg: http://twitter.com/statuses/friends.format or
http://twitter.com/statuses/friends/username.format

> http://firewatching.com/ambient/2008/05/31/twitters-latest-api-change...

[Remy Sharp]

This isn't a workable solution (i.e. if we're kind), but the fact the
the friends API is available without logging in, it means I could, if
I didn't mind hammering Twitter.com, enumerate all the friends of X
user and pull the latest status from each.

This would revive the 'friends_timeline' API without the need to log
in.

The friends_timeline is a feature I had to pull from my twitter.js
project ( http://tinyurl.com/2fn5gv ) because it now requires log in.

Remy Sharp
Left Logic

work ~ http://leftlogic.com
blog ~ http://remysharp.com
project ~ http://jqueryfordesigners.com


On Jun 25, 2:16 pm, "dean.j.robinson" <Dean.J.Robin...@gmail.com>
wrote:

> They shouldn't really need to use the "friends_timeline" to do the
> "who do the people you follow follow" thing. It would make more sense
> to use just the "friends" call.
>

> eg:  http://twitter.com/statuses/friends.format  orhttp://twitter.com/statuses/friends/username.format