Welcome to WebmasterWorld Guest from

Forum Moderators: not2easy & rumbas

Message Too Old, No Replies

Twitter's Own API Keys In The Wild

5:37 pm on Mar 7, 2013 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
votes: 995

I doubt it'll last for long before the door closes.

t appears that Twitter’s API keys and secrets for its official apps have surfaced, and are currently being shared on GitHub.

Note: The combination of API keys and secrets are used to authorize and identify an app, similarly to a username and password.Twitter's Own API Keys In The Wild [thenextweb.com]

At first look, this is simply a little embarrassing. The keys and secrets which Twitter’s official apps utilize through its API have leaked, but because of the way OAuth works, this information can’t actually be hidden completely, if you know where to find it.

The embarrassing bit simply comes from the fact that Twitter will have to reset its keys and secrets now that they’re completely out in the open. But unless someone is looking to build a malicious app, this shouldn’t actually be a problem…if every app that used Twitter’s API was treated equally.