Tipjoy opens Twitter Payments API, celebrates with an API Contest

2 views
Skip to first unread message

Ivan

unread,
Apr 8, 2009, 9:27:04 AM4/8/09
to Twitter Development Talk
Hi Folks,

Tipjoy's Twitter Payments have been really successful for P2P and
charitable payments. Now we've released an API for Twitter
applications to do payments over Twitter:
http://tipjoy.com/api

Because Twitter is a broadcast platform, these payments are social.
That's very valuable. A microgiving cause gets the benefit of all the
user's followers seeing the payment. A premium twitter app paid using
Tipjoy gets a free advertisement on Twitter. It's not an orchestrated
"social media marketing" effort - it's real people actually using your
service.

Here is a tutorial:
http://tipjoy.com/twitterApps

We're holding an API contest to celebrate the API release. We'll be
giving away lots of schwag and our favorite app will win a MacBook
Air. Contest details are here:
http://tipjoy.com/APIcontest

By the way, the API uses a Twitter username & password for
authorization. I'm hacking together something to give all the OAuth
applications some love. I'll post here when it's ready.

I'd love to hear what you all think!

Best,
Ivan
http://tipjoy.com/twitter
http://twitter.com/ikirigin

Andrew Badera

unread,
Apr 8, 2009, 9:30:32 AM4/8/09
to twitter-deve...@googlegroups.com
100% pure awesome. And then some.

Thanks-
- Andy Badera
- and...@badera.us
- Google me: http://www.google.com/search?q=andrew+badera

Sent from Albany, NY, United States

Dossy Shiobara

unread,
Apr 8, 2009, 9:52:25 AM4/8/09
to twitter-deve...@googlegroups.com
Great, now Nigerian royalty can use Twitter to get their millions of
secret dollars out of their country, with the aid of Twitter users help!
(lol)

Or, the first rogue Twitter app. that tweets a Tipjoy payment message
from the user who gives up their username/password to the rogue app.
It'd be a Tipjoy mugging!

At least Tipjoy lets you cancel transactions that aren't paid for yet.
But, if you pre-charge your account, and the money is sent from the
account, and the recipient has enough to cash out to a PayPal account
... before the transaction is cancelled ... what happens?

Sounds so very dangerous.


On 4/8/09 9:27 AM, Ivan wrote:
> Hi Folks,
>
> Tipjoy's Twitter Payments have been really successful for P2P and
> charitable payments. Now we've released an API for Twitter
> applications to do payments over Twitter:
> http://tipjoy.com/api

--
Dossy Shiobara | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network | http://panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)

Ivan Kirigin

unread,
Apr 8, 2009, 10:57:32 AM4/8/09
to Twitter Development Talk
>>the recipient has enough to cash out to a PayPal account ... before the transaction is cancelled ... what happens?

We audit every cash out, so this step isn't fully automated. It's hard
to "take the money and run"

Also, we track transactions across the site. As you can imagine with
micropayments, any wholesale fraud would require lots of transactions
or amounts much larger than the median to make any real money. This
makes fraud detection easier.

If anyone sees any transactions that are faulty, they can let us know.
We already actively block many IPs and domains because of link spam,
and expect to do the same for fraudsters too.

Best,
Ivan
http://tipjoy.com

Chad Etzel

unread,
Apr 8, 2009, 11:21:45 AM4/8/09
to twitter-deve...@googlegroups.com
Hi Ivan,

This looks quite interesting. I do have one concern, though.

On the main tipjoy.com site, you have a prominent banner saying "click
here to sign up in 5 seconds without giving us your password."
...which then leads to the OAuth sign-in.

The Tipjoy API requires a twitter user/pass combo for authentication.
If I am User A who already has created an account on Tipjoy using
OAuth, and now I see another 3rd party application asking for my
twitter user/pass to interact with Tipjoy, I am going to be very
concerned that this other app is trying to scam me.

I guess it just looks like a conflicting message to me.

I know you said you are "hacking" something together for OAuth apps,
so maybe this concern is unnecessary, but wanted to give you that
feedback as a potential user of this system.

As a developer, the API looks very interesting. I don't know how many
people would actually want to tie their twitter account to actual
money transactions, but I guess there's only one way to find out...

Congrats on the API launch,
-Chad

Ivan Kirigin

unread,
Apr 8, 2009, 11:32:16 AM4/8/09
to Twitter Development Talk
That's an interesting point, Chad.

My basic assumption is that "normal" people don't know what the hell
OAuth is. They're used to giving out passwords. If clicking a banner
makes it work, they're happy.

I figured the 3rd party apps would already be using a Twitter
password. So they aren't asking for a password to work with Tipjoy,
but with their service.

For example, an iphone twitter client could, say, turn off ads by
making a Tipjoy payment. The Tipjoy account creation, payment, balance
extraction, and other API calls would all just use the Twitter
password already stored in the client. "It just works*"

This is a bit different for applications that sell content, that might
want to start selling over Twitter.

if http://popcuts.com started using Tipjoy to sell mp3s over twitter,
they would need to ask for the Twitter password just to use Tipjoy.
Then this concern is valid.

Either way, I hope to have the OAuth solution in place this week.

No need to keep it a secret: we plan on allowing for a
authorization_url param that is an OAuth signed call to
http://twitter.com/account/verify_credentials.json

We'd verify the call with Twitter, then proceed like we have a twitter
password.

This call won't work though, because we'd need to update the user's
status
http://tipjoy.com/api/#creating_twitter_payment

We'll enable a work-around by posting the tweet, and calling that
endpoint with an id of a tweet already posted.

That should all work, right?

Thanks!

Ivan
http://tipjoy.com

*ymmv

On Apr 8, 11:21 am, Chad Etzel <jazzyc...@gmail.com> wrote:
> Hi Ivan,
>
> This looks quite interesting. I do have one concern, though.
>
> On the main tipjoy.com site, you have a prominent banner saying "click
> here to sign up in 5 seconds without giving us your password."
> ...which then leads to the OAuth sign-in.
>
> The Tipjoy API requires a twitter user/pass combo for authentication.
> If I am User A who already has created an account on Tipjoy using
> OAuth, and now I see another 3rd party application asking for my
> twitter user/pass to interact with Tipjoy, I am going to be very
> concerned that this other app is trying to scam me.
>
> I guess it just looks like a conflicting message to me.
>
> I know you said you are "hacking" something together for OAuth apps,
> so maybe this concern is unnecessary, but wanted to give you that
> feedback as a potential user of this system.
>
> As a developer, the API looks very interesting.  I don't know how many
> people would actually want to tie their twitter account to actual
> money transactions, but I guess there's only one way to find out...
>
> Congrats on the API launch,
> -Chad
>

Chad Etzel

unread,
Apr 8, 2009, 11:40:29 AM4/8/09
to twitter-deve...@googlegroups.com
On Wed, Apr 8, 2009 at 11:32 AM, Ivan Kirigin <ivan.k...@gmail.com> wrote:
> My basic assumption is that "normal" people don't know what the hell
> OAuth is. They're used to giving out passwords.

Right, and OAuth is (at least) supposed to help curb that behavior
(imho). It does sound like you have been thinking a lot about an
OAuth solution, so thanks for that effort. I'm not knocking your API
work, I'm just in the paranoid minority :)
-Chad

Reply all
Reply to author
Forward
0 new messages