Create Friendship on protected profiles
2 views
Skip to first unread message
Marco Kaiser
Mar 13, 2008, 12:32:41 PM3/13/08
to twitter-deve...@googlegroups.com
Hi,
don't know if this has changed lately or always behaved like this, but I noticed that using "/friendships/create/USER.xml" on a protected profile seems to
1) issue a request to USER that the authenticating user wants to follow,
2) return a <user/> XML document with the current status of USER (it shouldn't, as USER's updates are protected),
3) return status 200, which is misleading.
It also does in no way tell me that a "request to follow" has been issued (maybe detectable, as the profile is <protected>true</protected>)
Sending the "create friendship" request to USER without asking me (the authenticating user) differs semantically from the web interface, where you'll always know that you are not actually following, but requesting to follow someone first.
Could you clarify if this is your intention, or if it is a bug?
Thanks!
-Marco
don't know if this has changed lately or always behaved like this, but I noticed that using "/friendships/create/USER.xml" on a protected profile seems to
1) issue a request to USER that the authenticating user wants to follow,
2) return a <user/> XML document with the current status of USER (it shouldn't, as USER's updates are protected),
3) return status 200, which is misleading.
It also does in no way tell me that a "request to follow" has been issued (maybe detectable, as the profile is <protected>true</protected>)
Sending the "create friendship" request to USER without asking me (the authenticating user) differs semantically from the web interface, where you'll always know that you are not actually following, but requesting to follow someone first.
Could you clarify if this is your intention, or if it is a bug?
Thanks!
-Marco
Alex Payne
Mar 19, 2008, 5:55:40 PM3/19/08
to twitter-deve...@googlegroups.com
Marco,
This is a bug, most definitely. I've corrected the leak of the protected user's current status when the requested user isn't authorized to see said status. Apologies that the fix took so long to get out.
What status code would you prefer to see in the case that a request to the requested user is issued? I agree that it shouldn't be 200. Would you like a different message returned by the API other than the XML of the user that friendship has been requested for?
Marco Kaiser
Mar 19, 2008, 6:45:13 PM3/19/08
to twitter-deve...@googlegroups.com
Hi Alex,
thanks for your answer.
Is it correct that the API method to follow a user WILL automatically send a request to the user if he has protected his updates? This is a big difference from the web interface where users will have the chance to confirm sending this request first.
If this is how it is intended to work, the response should allow to distinguish between "you are following" and "sent a request to follow". A status 200 should be okay if you send a different response body, not the profile info (which IMHO is not allowed to be returned here at all, as a profile lookup for a protected will fail, too).
But other developers might have an opinion on this, too?!
Marco
thanks for your answer.
Is it correct that the API method to follow a user WILL automatically send a request to the user if he has protected his updates? This is a big difference from the web interface where users will have the chance to confirm sending this request first.
If this is how it is intended to work, the response should allow to distinguish between "you are following" and "sent a request to follow". A status 200 should be okay if you send a different response body, not the profile info (which IMHO is not allowed to be returned here at all, as a profile lookup for a protected will fail, too).
But other developers might have an opinion on this, too?!
Marco
Alex Payne
Mar 20, 2008, 7:15:49 PM3/20/08
to twitter-deve...@googlegroups.com
Marco,
Yes, it's correct that the API will automatically send a "follow
request" to protected users when you attempt to follow them via the
API. After our next deploy, an informative message will be returned
when this occurs with status code of 200, and we will not return the
requested user's information (in keeping with the behavior of the
users/show method). Thanks for the suggestion!
Reply all
Reply to author
Forward
0 new messages