-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Twitter Application Tier And Permission Retrieval Endpoint #21
Comments
thedavecarroll
changed the title
New Twitter Application Tier And Permission Detection Endpoint
New Twitter Application Tier And Permission Retrieval Endpoint
Aug 18, 2022
I just had the idea that, along with the tier and permissions, the endpoint could also return the age of the age (create date) of the keys and tokens. This could be used to provide a reminder for the user to generate new keys and tokens, or enforce an application-based expiration of keys and tokens. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On the Twitter forums last year, I asked if there would be functionality added to API v2 that could provide the tier of the calling application.
For example, a command using a search endpoint should use the endpoint and parameter validation rules for that endpoint for each search offering.
Standard v1.1
Premium v1.1
Enterprise
Additionally, it would be desirable to discover the permissions granted, whether OAuth 1.0a based (
Read
,Read/Write
,Read/Write/Direct Messages
) or OAuth 2.0 w/PKCE based (for scopes). I know thatx-access-level
is included in the headers (at least for OAuth 1.0a calls) but I don't know if something similar is available for scopes.If an application using OAuth 2.0 w/PKCE allows a user to select which scopes, knowing the allowed scopes would allow the developer to restrict commands which would knowingly fail, such as trying to create a Tweet when the user only consented to
tweet.read
andusers.read
scopes. Likewise, if an application using OAuth 1.0 would requireRead/Write
, it would be better to prevent the user from performing any call API calls that would create, update, or delete a resource.Thank you,
thedavecarroll
Primary developer for BluebirdPS.
The text was updated successfully, but these errors were encountered: