Twitter is revamping its developer registration portal, which will make it much more difficult to write an app that accesses its API.
Saying it removed more than 143,000 apps between April and June 2018 for policy violations related to API access (such as spamming or harassment), Twitter also writes: “We’re continuing to invest in building out improved tools and processes to help us stop malicious apps faster and more efficiently.”
In a nutshell, Twitter’s new registration process is meant to thwart bad actors from ever getting access to its API. It promises to check for policy compliance and perform case reviews for each account, which it says will allow it to “have more visibility and control” over how developers utilize its APIs and platform.
Here are the bullet points for Twitter’s new scheme:
- All new Twitter developers must sign up under this new scheme; all applications will undergo a manual review process.
- Existing developers will soon have to complete the same application, and will receive 90 days notice to complete the process.
- Developers must provide details to Twitter on how they plan to use the platform.
- Developers who try to change how they use Twitter or access different tools or APIs once they have an established developer account may face increased scrutiny.
- Developers can only have 10 apps accessing Twitter’s API. If a developer needs more access, they must apply for a use-case exemption.
Under the guise of eliminating spam, Twitter is also initiating limits for its POST endpoints. Saying the changes will only affect a “small number” of third-party Twitter apps, the company also notes the changes “will help cut down on the ability of bad actors to create spam on Twitter via our APIs.”
So what’s changing? The new rate limits are as follows (this is on a per-app basis):
- Tweets and Retweets (combined): 300 per 3 hours
- Likes: 1,000 per 24 hours
- Follows: 1,000 per 24 hours
- Direct Messages: 15,000 per 24 hours
Twitter says developers can apply for broader access, which will return them to the per-user rate limits in effect today. Twitter was unable to tell us what sorts of apps would qualify for such a distinction.
When we attempted to find out how a developer might be able to adhere to these rate limits, a Twitter spokesperson told Dice that developers can build the apps they like and choose to exclude any accounts they like. If you could identify spammy bots, for example, you could write a bespoke social client for your own small audience and not see disruption in service.
Twitter also told Dice it is filtering out known spam from premium search and its analytics tools.
Twitter is Twitter, and You’re Not Twitter
There’s a new mechanism in place for users to report apps when instances of harassment or spam occur, or if they feel an app is generally violating the company’s rules.
The individual pieces of this new puzzle seem clear. Users can report apps, rate limits apply to keep spam and harassment to a minimum, and developers are more stringently monitored. This is fine.
But when you approach it from the perspective of a tech pro, things get murky. Users now have recourse that can affect the app itself. Rate limits prevent apps from scaling and becoming popular. Developers may feel dissuaded to write social apps as a result of broader rules limiting their ability to access Twitter’s API.
Perhaps the most curious point of interest is the company’s stance that its changes to the developer program only affect a small number of third-party apps, while it insists that the issues related to spam, harassment, and other topics du jour are more directly related to the “core” Twitter app. This seems like a lot of effort to sideline developers under the pretense of “protecting everyone from spam,” which suggests it’s an excuse for the company to take more control of the platform.