Twitter Is Tightening Up Developers’ Access to Its APIs

The social network removed more than 143,000 apps between April and June

Developers must provide “detailed information” about how they use or intend to use Twitter’s APIs
Lightcome/iStock

Twitter is taking steps to clean up its image and avoid its own version of the Cambridge Analytica data scandal, announcing that it removed more than 143,000 applications that violated its policies between April and June, and that it implemented a new process for developers requesting access to its application-programming interfaces.

Manager, trust and safety Yoel Roth and senior director of product management Rob Johnson wrote in a blog post, “We do not tolerate the use of our APIs to produce spam, manipulate conversations or invade the privacy of people using Twitter,” adding that the social network is “continuing to invest” in tools and processes to quickly snare malicious apps.

Part of Twitter’s process involves limiting the access apps have to its platform, which is why the self-serve developer account application process Twitter initially rolled out last November is now required for all requests for access to the social network’s standard and premium APIs. And all developers that currently have access to the APIs will “eventually” be required to complete a developer account application, with Roth and Johnson saying they will receive “at least a 90-day notice” before the rule takes effect.

Roth and Johnson wrote, “While this change adds a few steps and some additional time to the process of getting started with access to our APIs, we’re committed to supporting all developers who want to build high-quality, policy-compliant experiences using our developer platform and APIs, while reducing the impact of bad actors on our service.”

The application process requires developers to provide “detailed information” about how they use or intend to use Twitter’s APIs, and applications with incomplete or insufficient information face delays, while those that do not comply with the company’s policies will be rejected.

Developers that change the way their apps use the APIs following the approval of their applications—such as by requesting access to more products or features, including the ability to post frequently and at high volumes—” may be required to undergo additional, more rigorous policy reviews.”

Twitter also announced that single developer accounts are now limited to registering 10 apps, and developers that need to exceed that cap can request permission via the API policy support form. Developers that already have more than 10 registered apps can continue using them, but they won’t be able to add new ones until they request permission or delete apps they are no longer running.

Starting Sept. 10, the following rate limits are being placed on all apps that do not go through a new request process:

  • 300 tweets and retweets combined per three hours.
  • 1,000 likes per 24 hours.
  • 1,000 follows per 24 hours.
  • 15,000 direct messages per 24 hours.

Roth and Johnson wrote, “To make this change minimally disruptive, we are proactively conducting policy reviews of potentially impacted apps and will contact eligible developers with instructions about how to request elevated access so that their apps are not affected on Sept. 10.”

Finally, Twitter also introduced a new way for people to report potential violations of its platform policies: the “Report a bad app” option in its Help Center.

Roth and Johnson concluded, “While we generally like to provide a longer timeline for developers to prepare for changes like these, we are accelerating this change because protecting our platform and people using Twitter from abuse and manipulation is our highest priority. Despite the accelerated timeline, we want to ensure that developers have time to submit the necessary information, and that we can complete all reviews with minimal disruption to policy-compliant apps.”