Twitter had already been talking about "stricter guidelines" for the use of its API. Now it has some details of the restrictions to be introduced in Version 1.1 which will impact third party apps.
The changes are outlined in an announcement by Michael Slippey who summarizes them as:
- Required authentication on every API endpoint Every request to the Twitter API will in future have to be authenticated using OAuth. Apps currently using the API without OAuth have until March 2013 to update.
- New per-endpoint rate-limiting methodology
In place of the current "one size fits all" limit of 350 calls per hour, most API endpoints will in future be rate limited at 60 calls per hour while some high-volume endpoints will be able to make up to 720 calls per hour
- Changes to Developer Rules of the Road
In future what were Display "Guidelines" will become "Requirements" and apps that are pre-installed on devices will have to be certified by Twitter. In addition, successful third party apps will have to "work directly" with Twitter.
The key points in Slippey's announcement are:
If you are building a Twitter client application that is accessing the home timeline, account settings or direct messages API endpoints ... you will need our permission if your application will require more than 100,000 individual user tokens.
How can this work - there are already lots of third party apps with more than 100,000 users - in this case it seems the need for permission is postponed until the app in question doubles from its present size.
Although this might sound like a welcome concession, it is simply a stay of execution and what would have counted as future success is future doom.
These changes are explicitly designed to impact applications that are traditional Twitter clients, as indicated in the diagram showing the types of apps that the new guidelines are intended to encourage and those that will face restrictions.
So it's official, both new and established Twitter clients are going to have to seek permission to expand - and whether or not they receive it entirely up to Twitter.
Yet again Twitter is demonstrating the truth of Ian Elliot's comment made in March 2011:
Twitter is in control of its API and the data that its users create. The harsh lesson to be learned from this unwelcome news is that there are risks involved in creating software for a platform that is controlled by a single company.