Game changer: Twitter rolls out expected restrictions to API use

Twitter will be releasing a new version of its API in the coming weeks, it announced in a blog post Thursday with a few changes coming for developers over the next six months that are expected but unlikely to be popular. They include required authentication with Twitter on every API endpoint, a new per-endpoint rate-limiting methodology and changes to for third-party Twitter clients that won’t necessarily put smaller developers out of business but will make their lives a lot harder.

In June, Twitter developer Michael Sippey wrote a post warning developers that Twitter was going to focus on creating a consistent experience for users, and might be restricting third-party use of its API. Twitter immediately cut off access to users reading Tweets on LinkedIn, but didn’t provide much further direction. The original post explained that Twitter would be focusing on building out in-app expanded tweets as it moved forward.

The new restrictions have three main components.

With respect to the authentication requirement, Twitter explained that many users are currently accessing the API without providing Twitter any identification, nothing more than an IP address. In the post, Twitter explained that to prevent malicious use of the API, by March 2013 all developers will need to authenticate their requests with Twitter. Developers who have already authenticated their apps with OAuth technology will “seamlessly” roll over to the 1.1 version, the company said.

Twitter will also be changing how many authenticated requests developers can pull every hour. Under the current API, all developers were limited to 350 calls per hour per endpoint, but the new version will allow for differentiation. “Most individual API endpoints will be rate limited at 60 calls per hour per-endpoint,” the post explained, but some developers will be allowed up to 720.

The most significant changes in store for developers are the changes to “Developer Rules of the Road,” which will mean a shift from “display guidelines” to “display requirements,” which all apps displaying tweets will have to follow, or face revocation of the API. In addition, Twitter applications pre-installed on hardware devices will need to be pre-approved by Twitter, and will add additional restrictions to third-party clients with large numbers of users.

The changes will have the effect of putting a ceiling on the growth of current consumer-focused Twitter clients, such as Tweetbot, and tweet-aggregation services such as Storify: two services actually called out in Twitter’s blog post as subject to stricter guidelines. (Update: In a tweet regarding some confusion over the new policies, Twitter’s Ryan Sarver said this might not actually be the case. Even though Storify was listed in the “bad” sector in Twitter’s blog post, it seems like the service might be in the clear.) In short, you won’t be able to grow a service on the back of Twitter’s service without explicit permission:

If your application already has more than 100,000 individual user tokens, you’ll be able to maintain and add new users to your application until you reach 200% of your current user token count (as of today) — as long as you comply with our Rules of the Road. Once you reach 200% of your current user token count, you’ll be able to maintain your application to serve your users, but you will not be able to add additional users without our permission.

Twitter explained that it wants to set the bar high for platforms where users will encounter tweets while signaling that it’s cool with apps that promote the use of tweet analytics or corporate Twitter accounts. Here’s the chart the post displayed, noting that Twitter would actively “encourage activity in the upper-left, lower-left and lower right quadrants, and limit certain use cases that occupy the upper-right quadrant.”

Twitter API 1.1 changes chart

Here’s the link to the blog post from Twitter.

This post was updated continuously as we learned more.