Can /statuses/user_timeline still be read via JavaScript?

Question

I had previously used some jQuery to read tweets on twitter:

$.ajax('https://api.twitter.com/1/statuses/user_timeline.json', {
    crossDomain: true,
    data: {
        screen_name: 'twitterapi',
        count: 5
    },
    dataType: 'jsonp'
}).done(function (tweets) {
    console.log(tweets);
});

As twitter is deprecating their 1.0 API, and requiring OAuth for the 1.1 API, I've been trying to figure out if it's still possible to get tweet data in the same manner.

Simply changing the url to:

https://api.twitter.com/1.1/statuses/user_timeline.json

Results in a 400 Bad Request response with no message.

I know there's a twitter tool to create an OAuth signature for a request, but I'm not sure how to use it with a JSONP request, or even if it can be used with a JSONP request.

Is it still possible in the Twitter 1.1 API to read a user's timeline?

Answer 1

If you take a look at Twitter's Error Codes & Responses, status code 400 means:

The request was invalid. An accompanying error message will explain why. This is the status code will be returned during version 1.0 rate limiting. In API v1.1, a request without authentication is considered invalid and you will get this response.

So while a 400 code used to mean you exceeded the rate limit, now it also returns when the request isn't authenticated.

To authenticate the request, you'd have to add an Oauth Authorization header. There are some libraries that can help with that, but the problem is that to generate the Oauth signature, you'd have to hard-code your app's keys (including secret key) into your client-side code, which will expose it to end-users (not a good idea).

Your best bet is to set up a proxy on your server - have the server make a GET with the Oauth header, and use ajax to get the tweets from your server.

Answer 2

redhotvengeance is correct, server side is your only safe option as of March 2013 except that my recommended solution would be to set up a cronjob and cache the results somewhere. Using a proxy is a great way to hit the Rate Limits very quickly!

For example, if you plan to use the user_timeline part of the API you are limited to 15 requests per 15 minutes so if you get more than 60 hits on your page per hour you'll be swapping those 400 errors for 429 errors!