FriendFeed API Application Guidelines

Authentication

FriendFeed supports three methods of authentication: OAuth, Installed Application Authentication and HTTP Basic Auth with a special password called a remote key.

OAuth and Installed Application Authentication

We strongly recommend that all applications use OAuth or Installed Application Authentication, as the experience is much simpler and more secure for users. An additional benefit for developers is that any entries or comments users create from your application will get attributed with your application's name and a link to your site. You will also be able to tell how many users you have at any given time.

If your application uses OAuth you can use this image to prompt users to sign in with FriendFeed:

Please note that your application may only use Installed Application Authentication if it is installed on the user's desktop or device. You must not save the user's password but you may save the username and access token.

HTTP Basic Auth with remote keys

Using HTTP Basic Auth is a good way to get your app up and running for testing purposes, but we highly recommend that you switch to OAuth or Installed Application Authentication before releasing your application.

When creating an HTTP Basic Auth with remote keys login form, you should use the following terminology FriendFeed username and Remote key in your login form. Your login form should contain a link to http://friendfeed.com/remotekey for users who have not memorized their key. It should open in a new window using target="_blank" so that the remote key page does not interrupt your application's flow.

We suggest the following authentication UI if it is consistent with the user experience of your application:

An HTML template for remote login is available if your application is a web application.

For more information about authentication and the functionality available in the FriendFeed API, check out the FriendFeed API documentation.

FriendFeed Logos

You are free to use FriendFeed logos in your application. However, it should be immediately obvious to your users that your application is not formally affiliated with FriendFeed. Likewise, every logo should link to http://friendfeed.com/.

The following logo sizes are available:

• 349 x 74
• 256 x 55
• 160 x 34

Changes to the API

The FriendFeed API is new, so we expect it to change over time. We will do our best to maintain backwards compatibility between releases, but incompatible changes may be required in the future, particularly in the first few months of the API's existence.

Rate Limiting

The API imposes rate limits for each IP address and each user account. For example, if you upload a large number of images with the API, your API requests will eventually be rejected with HTTP error code 403. We may adjust these rate limits over time to maintain the quality of service on friendfeed.com or to curtail abuse.

Spam and Abuse

All of the actions your application takes on behalf of FriendFeed users should be obvious and transparent to the user. If we receive complaints about an application abusing the API by, e.g., publishing entries excessively or reading data secretly, we will disable the application and IP addresses associated with the application.

Terms of Service

The FriendFeed API is provided under the FriendFeed Terms of Service. We reserve the right to disable access to the API at any time; please use the API respectfully.