Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »
FriendFeed API v2

FriendFeed API v2

Thanks for the feedback! Continue the discussion in our official group: http://friendfeed.com/friendf...
Nikolai Kordulla
Nikolai Kordulla
Fwd: Wrote an api library for php (api version 2). You can download it at http://funny15.com/friendf... (via http://friendfeed.com/friendf...)
July 31 - Comment - Share
Any chance of putting it up on Google Code or some other place to make it easier to download and keep up to date? Great job! - Benjamin Golub
7 more comments
Perhaps you could add it to your library repository? If this is not possible, i will create a friendfeed-api-v2-php project on Google Code. - Nikolai Kordulla
It's best to keep in your own repository so you can keep it up to date. I do plan on showcasing popular libraries though by linking to them from our repository :) - Benjamin Golub
uploaded on Google Code: http://code.google.com/p... - Nikolai Kordulla
Nikolai, could you include some examples of basic use of the library? - Zackatoustra
ok i will add a small example, today. - Nikolai Kordulla
Love to see an example on how to use this - Greg
Still no example for use of the php version in the wild? - beersage
kjkj - Nagy Istvan
Vu Pham
Vu Pham
Please help me to resolve this issue (http://groups.google.com/group...). Thanks very much.
August 2 - Comment - Share
When you get a 401 we include an errorCode and errorMessage in the body of the response. What is the body of the response? The errorCode and errorMessage will be extremely helpful when debugging. - Benjamin Golub
48 more comments
I can't get the body of response. When I try to get the InputStream from the request, it just throws that exception... - Vu Pham
the problem seems to be with your inputstream.. not the response from the server... have you tried reading bytes instead of lines? - Tim Hoeck
It throws exception at this line: InputStream is = request.getInputStream(); I haven't done anything with that stream yet. - Vu Pham
Is the exception it is throwing the 401? You'll likely have to catch the exception first to get to the response body. - Benjamin Golub
Please see my Authorization Header value: OAuth oauth_consumer_key="1613ceb2b77d43f096e42359447e8f1d",oauth_nonce="10927893928138",oauth_timestamp="1249350880",oauth_token="0e607738f5b449d8b569b7f7d098274d",oauth_signature_method="HMAC-SHA1",oauth_version="1.0",oauth_signature="utR1eGmnbqnkPb7m5MDypOElGpY%3D" - Vu Pham
Do you see any problems with my header above? I just have issues with POST request, GET request is ok. - Vu Pham
Vu: unfortunately that isn't extremely helpful. Can you capture the response body when you receive the 401? That will show us what we need to know. - Benjamin Golub
In my code, as you see, when I just get the Inputstream to read the response in that stream, it throws the exception immediately... That's why I can't read anything in the response body. - Vu Pham
http://code.google.com/p... and the replies on http://groups.google.com/group... seem to suggest that you cannot use signpost with application/x-www-form-urlencoded data and HttpURLConnection. Can you try using Apache Commons HttpComponents instead? - Benjamin Golub
I already tried to use HttpComponents and still got the same exception. 13:10:47,667 WARN DefaultRequestDirector:947 - Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth realm="http://friendfeed.com/"} Result: HTTP/1.1 401 Unauthorized - Vu Pham
Consumer key: 1613ceb2b77d43f096e42359447e8f1d Consumer Secret: 2a1797b816394584886de6134c8ff3acc39fc117e26b448b909dfd4a22a07af5 Token: 0e607738f5b449d8b569b7f7d098274d Token Secret: 141520469f56466292005dc0e5cfe35a Could you please try to post a message with those information using your code? - Vu Pham
Problem solved. The problem is of my signature. Thanks anyway. - Vu Pham
Great, can you tell me what your problem was so you can help people in the future? Also you might want to reset your consumer secret since you put it in plaintext here. You can reset it at http://friendfeed.com/api.... Click on your application then on "Reset consumer secret" - Benjamin Golub
I'm also getting (401) Unauthorized error while access the token. The Authrize and request token works fine. Any suggestion - Raj
Raj: when you get a 401 we should also return in the body of the response an errorCode and errorMessage. Knowing those values will tremendously help to debug the problem. - Benjamin Golub
I got the exception while reading the response from the stream. So, I couldn't see anything in the response - Raj
My URL is for access is - https://friendfeed.com/account... and my code (C#) to read the response is StreamReader responseReader... more... - Raj
Is anyone can help me for this 401 error? - Raj
Raj: without seeing the error message it is very difficult to help :( - Benjamin Golub
I'm not getting any error in the body. It just throw the exception while reading the response i.e 401 unauthrized. Do you have any sample program in C# or java which works with friendfeed? - Raj
Raj: the body is empty or you can't get to the body because of the exception? The body should always contain an errorCode. - Benjamin Golub
I can't get to the body because of exception. - Raj
I saw python code and your are using https://friendfeed.com/account... and https://friendfeed.com/account.... Do we have to use both? It seems that you are using authenticate instead of authorize. Is it right? - Raj
The only difference is /authorize always asks the user to authorize again. /authenticate will immediately redirect if the user has previously authorized. - Benjamin Golub
Still, I can't figure out the problem. I'm keep getting "The remote server returned an error: (401) Unauthorized." in WebResponse res = webRequest.GetResponse(); Do you have any sample example in C#? - Raj
Try to use this one http://code.google.com/p... - Vu Pham
thanks but its in java and I'm looking in C# - Raj
you were having the same issue. How did you fix it? - Raj
If I enter the this URL (https://friendfeed.com/account...) in the browser, then I got the authentication window in Browser. So, that means , the user was not authenticated or the token was not correct after authorize. - Raj
I have the Unauthorized issue when try to post message onto FF. Not when to get the access token. I think you have the issue because of your signature. Code of Signpost is ok with FF so you can have a look. To solve my issue, we need to pass the parameter into the base string to create signature. For example, body=testing, we need to pass that one into the base string. - Vu Pham
I was looking the document and it says To request a token, the consumer makes an HTTP request to https://friendfeed.com/account... with the following parameters: * oauth_consumer_key: The Consumer Key. * oauth_signature_method: The signature method the Consumer used to sign the request. * oauth_signature: The signature as defined in OAuth Signing Requests. *... more... - Raj
Raj: Username and password is *only* to be used for applications that are installed by the user on a device (like an iPhone or desktop). You can *only* use that method if you configure your application (http://friendfeed.com/api...) to be an "Installed application". Read more at http://friendfeed.com/api... - Benjamin Golub
got it - Raj
If I enter the this URL (https://friendfeed.com/account...) in the browser, then I got the authentication window in Browser. So, that means , the user was not authenticated or the token was not correct after authorize. - Raj
Ben: It looks like a bug as the same code works fine for twitter and it doesn't work friendfeed. Do you guys have any different settings for oAuth implementation? Do you have any sample program in C#? I'm using OauthBase program from http://oauth.googlecode.com/svn... to get the oAuth signature. - Raj
Raj: there definitely could be a bug (or perhaps an inconsistency with the OAuth implementation at Twitter) but we (internally) use the same library to interact with the Twitter OAuth API and our own; also a number of users have already launched applications with FriendFeed OAuth support. Is it at all possible for you to catch the exception and get the body of the response? It will tell you *everything* you need to solve the problem. - Benjamin Golub
FF servers send legitimate, http error response codes. It seems to me, if you are getting an exception that prevents you from reading the body, your issue is in *how* you are reading the response. Just take a look at a packet logger (like http://wiki.wireshark.org/Wiresha...), and confirm what/if you are getting a legitimate response back from FF. - Tim Hoeck
Ben and Tim: I'm getting the Exception as "The remote server returned an error: (401) Unauthorized." - Raj
Raj: I do not know C# but you should be able to catch that exception (http://msdn.microsoft.com/en-us...) and get the body of the response. - Benjamin Golub
I caught the exception and the message in the exception is "The remote server returned an error: (401) Unauthorized". Let me know, if you need any specific part of exception - Raj
Sorry for not being specific. It is not the message in the exception that you want. It is the body of the response. It'll contain something like {"errorCode": "a-descriptive-error-code"} - Benjamin Golub
There is nothing in the body and HTTP status code is "System.Net.HttpStatusCode.Unauthorized". As I said previously, If enter the access URL in the browser, then I got Authentication window ( like Basic authentication) - Raj
The authentication window is not related; that's just what your browser does after we send it a 401 (it's trying to get you to authenticate, but this is not a method you should ever access via a browser). We *always* provide an error code with any error HTTP response. For 401 at the very least it should be {"errorCode":"unauthorized"} but it is usually much more detailed than that. Like... more... - Benjamin Golub
When we make a request to "https://friendfeed.com/account...";, then we got the parameters as "oauth_token_secret=6d831ff1751f4aa38bafd1cbae934077&oauth_token=bf87cea758754a21b1dc8c529bd09251". Do we have to use oauth_token_secret on all subsequent request also? Generally, we got oauth_token_secret the parameter when we make a request for access token i.e "https://friendfeed.com/account..."; - Raj
Raj: you should follow the logic at http://code.google.com/p... and http://code.google.com/p.... You need to save the secret and use it to get the access token. - Benjamin Golub
thanks ...I'll look into it today - Raj
The oAuth is working for me and thanks everyone for helping us - Raj
Glad to hear it Raj! What was your problem (so we know for future users) - Benjamin Golub
As you pointed out, we have to save the token_secret from the request_token and use it when we make a Access_token request . - Raj
NaHi
NaHi to NaHi's feed, FriendFeed API v2
Request for Sort date: I think it will be very helpful if we can get the date of each entry which is used for sorting entries in feed.
August 3 from f2p - Comment - Share
If I understand correctly, the date is bumped when 1) entry is posted, 2) someone comments/likes to my/friend's entry, 3) friend comments/likes to someone's entry. API clients can calculate the date but it requires all comments and likes. (It means I cannot use maxcomments and maxlikes to reduce network bandwidth.) - NaHi from f2p
2 more comments
f2p will use the date for unread management. - NaHi from f2p
Bear in mind that the date also bumps by other's like to the entry which friend likes, but not to now (at the bottom of initial view?). Fairly difficult to resolve in client side. You should not depend on that dates. :-) - NaHi
No bump when a friend comments/likes to the entry which is not from his/her friend. More complex than I thought. Will be more. - NaHi
Benjamin Golub
Benjamin Golub to FriendFeed API, FriendFeed API v2
We are closing new discussions on the API v2 group. Thanks for all of your feedback! Please make sure you are subscribed to the official API group to continue the conversation: http://friendfeed.com/friendf...
August 5 - Comment - Share
It is nice to hear that. I saw that you've just changed main documentation URL. Is it going to be a change on old API v1 URLs Http://friendfeed.com/api/feed/user/bgolub ? - Ahmet Alp Balkan
Ahmet: API v1 will continue to work. - Benjamin Golub
Congrats for going public! Thanks for hard work of API team. And special thanks to Benjamin for helping f2p's OAuth integration. - NaHi from f2p
Paul Kinlan
Paul Kinlan
A lot of people might not know, but I created http://www.twollo.com which is a twitter auto-following service, I try to maintain a very public image and an ethical approach to finding and following users automatically. I have now developed it for FriendFeed (http://www.ffollo.com) .
August 4 - Comment - Share
Before it goes properly live I would love to get feedback from developers and their opinons on auto-following, how I can do this "cleanly" for want of a better word. - Paul Kinlan
9 more comments
There is also a group http://friendfeed.com/ffollo - Paul Kinlan
Great job. I accessed the site and found that it's a valuable and unique service. And for non-native :-), it's almost clearly explained. It should not be my job about wording but I think it's good to know that ffollo accesses to FF instead of me when I'm offline (if yes?). - NaHi from f2p
Sorry for not enabling the service for me. I'm afraid that I won't be able to revert the changes... - NaHi from f2p
Yes it does, every hour (I will probably reduce this) it checks your feed. - Paul Kinlan
Sure, this service is definatly not for everyone, I will be adding some better metrics such as you have to share 3 likes etc, or 3 comments. - Paul Kinlan
I do record a list of everyone it follows, I just need to enable it in the user interface (or think of a good way to do it so that you can revert the changes) - Paul Kinlan
Don't forget you can always revert the changes here: http://friendfeed.com/setting... - Casey Muller
Cool, I didn't actually realize that existed. I will link to it from the site so it is clear what the system is doing. - Paul Kinlan
It would be cool if the modification list was available via the API (and filterable or at least restricted to the modifications that my application has made), I could then use that to show a list of all the follows I have done - Paul Kinlan
Sorry, I should have said it clearly. I meant we cannot revert subscription notification mail. Paul: Metrics sounds good to have. - NaHi from f2p
NaHi
NaHi to NaHi's feed, FriendFeed API v2
anyone know what's the recommended regex for hashtag scraping? I use @[a-zA-Z0-9]+ now. #hashtag #regex
July 30 from f2p - Comment - Share
wouldn't it begin with the hash symbol? also, since hashtags are user-generated, they can probably include more than just letters and numbers (perhaps symbols, anything except spaces, really). - Brett Kelly
17 more comments
A lot of people are also against hashtagging #[0-9] or #[0-9][0-9] because of the number of false positives. - Kevin Fox
Oops. Correct. Should be #[a-zA-Z0-9]. IIRC twitter does not support non-latin? chars like #なひ so I think I should not use #[^ ]+ ... - NaHi from f2p
#[a-zA-Z][a-zA-Z0-9]* ? - NaHi from f2p
I would add - (seen it in use) and = and : (machinehashtags?) - alieb from iPhone
I misunderstood. #[a-zA-Z0-9=-]*[a-zA-Z][a-zA-Z0-9=-]* (Does your language have named caputure?) EDIT: I mean named subpattern, not camed caputure. sorry for confusing, it's different concept. - NaHi from f2p
yep, they are better known as “named groups” in python - alieb
Also make sure it is either at the start of the string or there is at least a space in front of the # other wise you pick up named anchors in urls. - Paul Kinlan
I found a page that might interest you, give it a look: http://twitter.pbworks.com/Auto-Li... (see RE_HASHTAGS) - alieb
alieb, kinlan: Thank you! The URL has concrete regex: /(?:^|\W)\#([a-zA-Z0-9\-_\.+:=]+\w)(?:\W|$)/ - NaHi from f2p
Let's get smarter: /\b#([a-zA-Z0-9\-_\.+:=]+)\b/ right? EDIT: hah, kinlan is correct. \b# wrongly matched URL (though it does not affect to f2p because URLs are already picked) - NaHi from f2p
alieb: named groups. I should use this word. Thanks again. - NaHi from f2p
What about anything that is not a space/blank? - directeur
Looks good,I would probably just use a-zA-Z0-9_ all the rest would be normal terminating chars, such as"." etc. - Paul Kinlan
Paul but what bout this one? #天気雨 - the hashtag sould start with # and be followed by one or many blanks - directeur
directeur: unless things have changed those chars aren't valid in a url (which is how most people do hash tags) - they are valid as part of the query string though (as your example for search) - so, i suppose it is all about how they are to be consumed...... :) - Paul Kinlan
To make things more complicated, should #90210 or #2012 be valid tags? - Kevin Fox
Paul: UTF-8 is acceptable in a URL per RFC 3454 and 3986. The only characters that can't be used (and must be encoded) are the reserved set: ":", "/", "?", " ", "#", "[", "]", "@", "!", "$", "&" , "'" , "(" , ")", "*", "+", ",", ";", and "=". Most, if not all, user agents, understand what to do with UTF-8 URLs. - Mark Trapp
Thanks all. FriendFeed for now treats non ASCII sequence as a hashtag (http://friendfeed.com/friendf...) but Twitter doesn't. (http://twitter.com/nahi...) I'm now using /#[a-zA-Z0-9\-_\.+:=]{2,}/ as a regex. (I use the regex only for a string which does not include any URLs. You should add (?:^|\s+) at the beginning of the regex when a string may include an URL as Paul said.) - NaHi from f2p
directeur
directeur to directeur's feed, FriendFeed API v2, Bret Taylor
Idea for friendfeed: Start a coding/art contest. You released the v1 of your API last year and it was awesome then, the new API is much more better! Why not make a contest (the reward doesn't have to be something expensive...) just a way to create some fun for coders, artists and people supporting them.
Idea for friendfeed: Start a coding/art contest. You released the v1 of your API last year and it was awesome then, the new API is much more better! Why not make a contest (the reward doesn't have to be something expensive...) just a way to create some fun for coders, artists and people supporting them.
August 3 from NoiseRiver Extra! - Comment - Share
Let's say a 24 hours coding and art challenge. People, I bet, will _enjoy_ this and we'll end up with a wealth of tools and fun - directeur from NoiseRiver Extra!
11 more comments
Bret come here :P - Tunahan E. Bilgin
You're just crazy! Wait for my new apps! :) 24 hrs is not enough :) and the winner will be friendfeed itself. :) - Ahmet Alp Balkan
Heyy! its a great idea but, time is not enough :)) - F. Batuhan Icoz
aha ! what's the prize? just a kiss? :)))) - Hüseyin Mert
I won't join LOL - Ahmet Alp Balkan
:D What? 24hrs aren't enough? Come on! :) And I, honnestly, don't care about the award. Jut imagine the atmosphere on FriendFeed that day :) - directeur
We do plan on showcasing interesting uses of the API on the FriendFeed blog :) - Benjamin Golub
Good idea Ben, in fact! btw, I miss the days when we used to exchange ideas (you on fftogo and me on NoiseRiver). The prize can even be a t-shirt. Let's do it! :) - directeur
Unfortunately i can't join :) But this idea is great bro! :) Btw in a free time you have to tell me about NoiseRiver.Is that yours ? or What's the thing about that ? :D I wanna listen you :) but now i'm goin' to bed.Good Night bro and Everyone! :) - Tunahan E. Bilgin
Yes, that's one of my apps, Tunahan - iyi geceler ve tatlı rüyalar kardeşim! :) - directeur
Hey Benjamin, wait for me or announce an exact date for this post :) - Ahmet Alp Balkan
Ahmet: hopefully we won't be doing just one of them - Benjamin Golub
NaHi
NaHi to NaHi's feed, FriendFeed Feedback, FriendFeed Hacks, FriendFeed API v2, FriendFeed API
Unofficial FriendFeed Resource Model Version 0.7. Previous versions: http://friendfeed.com/friendf...
UnofficialFriendFeedResourceModel_0.7.png
August 3 from f2p - Comment - Share
Simplified. Based of V2 API usage, this version has removed concepts of Service, Imported feed and Entity. Feed contains Entries. User is a Feed. Group is a Feed, too. User has Lists, a List contains several Feeds as Subscriptions. - NaHi from f2p
In V2 API, Direct message, summary, discussions, likes, comments are all Feed. This model has not yet represent this. (To say the truth, after simplifying to the extent possible, it's just a 'Entries + filters'. :-) - NaHi from f2p
Paul Kinlan
Paul Kinlan
Silly Question: I really like the layout of FF, I am just making another app using the API now, and I was thinking about design and UI layout - how close can I get to the FF layout before it comes too close that it could cause confusion or be unacceptable for FF. I at least plan the logo to be diff, and it doesn't use friend or feed in the url.
August 3 - Comment - Share
I would like it to be obvious that is an app for friendfeed, but clear that it is not associated with or endorsed by FF (if that makes sense). - Paul Kinlan
3 more comments
Layout is fine. As long as the name don't contain the word "FriendFeed" and it is clear that it is not associated with FriendFeed other than utilizing the API you should be fine. - Benjamin Golub
Are we ok to use "ff" in the url? - my url is ffollo.com - Paul Kinlan
Yes that is fine. And you can use our logos: http://friendfeed.com/api... has a few and more information about how to safely use them. - Benjamin Golub
excellent - was just double checking. :) - Paul Kinlan
Paul Kinlan
Paul Kinlan
With the introduction of Authentication for Applications we are now asking Friendfeeders to enter their passwords into our applications. A lot of users, regardless of the fact that I don't store their password will find it hard to trust me and my applications (their arguments will be why do we need to use passwords when oauth exists).
August 3 - Comment - Share
How can we give confidence to the users that they are infact using oauth and we don't store their passwords - Paul Kinlan
2 more comments
Great question. You can direct them to the feedback group for your application where other users will hopefully be talking about the application in a positive light. You can tell them that they can revoke access at http://friendfeed.com/setting... and if they change their password not only can the application no longer make access tokens with your password but all old access... more... - Benjamin Golub
We also plan to update http://friendfeed.com/api/faq to address concerns. - Benjamin Golub
I at least plan a personal offensive. When I did twollo.com I found that if I put my mug shot on and responded as a person to queries rather than the catch-all "twollo" twitter user that there was a large element of trust being put in me rather than the company - I supose the theory is that I am putting my reputation on the line rather than hiding behind a corporate entity. So I full expect to do that with the applications that are using Authentication for Applications. - Paul Kinlan
Paul Kinlan
Paul Kinlan
Do you support header based Authorization parameters? I only ask because I am trying to use a 3rd party library on the iphone to connect using Installed Application Authentication and it is failing (returns html saying unauthorized access to a protected resource) - this library only uses Authentication headers... I will keep playing.
August 2 - Comment - Share
I might just write a simple library to connect instead of using this library :) - Paul Kinlan
5 more comments
We do support OAuth via Authentication headers. Returning HTML when hitting /account/oauth/ia_access_token sounds like a bug though; we'll fix soon. - Benjamin Golub
Might be me - Paul Kinlan
Didn't realize that you had to create a separate application for Installed Application access. Will let you know if I get it working :) - Paul Kinlan
And if we had returned JSON/XML instead of HTML the error message would have told you that :(. We'll fix that bug. - Benjamin Golub
cool - using the correct key everything works using the friendfeed.py api, however the api library for the iphone still doesn't work - but at least I know it is the library or the way I am using the library that is causing my issue now :) Thanks. - Paul Kinlan
Just to let you know, I have it working now... The Authorization header are supported ;). it was all about me trying to reuse my FriendBoo app conumer key and secrety and not creating a new application, and because it wasn't working I started changing the oauth library :) I reverted back to the original code, used the new key and secret and I have just got an authorization token back. All good :) - Paul Kinlan
Paul Kinlan
Paul Kinlan
I am just creating an iphone app for Friendboo and whilst I have done most of the backend stuff I am just working on the authentication mechanism.... I have a couple of questions (in comments)
August 1 - Comment - Share
I will be using the oauth authentication for applications, however I plan on proxying everything though my service so that I can attach the iphone application as a device on my service and also record every message posted. Is it reasonable to do this? I won't be storing the password - but for a variety of reasons I am not keen on using objective-c oauth libraries. - Paul Kinlan
2 more comments
Is there a sign-up page built for iphone? if a user downloads the application but doesn't have an account I would like to point them to friendfeed.com/iphone/ or something similar so that they can create an account. I can't see one at friendfeed.com/iphone/ - Paul Kinlan
That should be fine to perform the actual OAuth call on your server as long as the password is not stored on the iPhone or on your server. You are introducing another layer of latency though. We don't yet have a sign up page built for the mobile experience. - Benjamin Golub
To be fair, I am still toing and froing between what is best, I can always retrospectively post to my service - or I can just develop friendboo the friendboo site to simply reflect the group... my main stumbling block is the oauth clients for the iphone (but I might roll my own since I can miss out part of the process now). - Paul Kinlan
directeur
directeur
Hi folks! :) I just launched this little thingy http://extra.noiseriver.com but when I try to access http://extra.noiseriver.com/a... (which is a method decorated with @authenticated) I'm not being automatically redirected to http://extra.noiseriver.com/oauth... - what am I doing wrong?
July 31 - Comment - Share
Well, here's what I think about the bug. I accessed the site, authorized it and revoked the access (the cookie was still in my browser) the @authenticated decorator was "gamed" - directeur
That's the reason for this line of code: http://code.google.com/p.... @authenticated just guarantees that you have a token, not that it is a valid one. If you get a 401 you should get a new token. - Benjamin Golub
Paul Kinlan
Paul Kinlan
In the Python v2 API, the call to fetch urllib.encodes the parameters passed in, bearing in mind that image_url what do people think about having the doseq = True so that it can easily handle arrays of URL's
August 1 - Comment - Share
You can also just comma separate multiple urls into one image_url argument - Benjamin Golub
true, it was just that I can have "," in my file name, I need to sort that out :) ....saying that I am pretty sure I should be url encoding my urls so it might not matter. - Paul Kinlan
yes, you should be url encoding them before (IMO :) - bear (aka Mike Taylor)
NaHi
NaHi to NaHi's feed, FriendFeed API v2
V2 API endpoint seems to not compress a response when my app accesses with OAuth even if the request includes 'Accept-Encoding: gzip'. It does gzip for BasicAuth. I'm not quite sure though for now...
July 30 from f2p - Comment - Share
I found that a response contains Content-Encoding: gzip for OAuth, too. It much reduces turnaround time for connections. (ex. 1500ms -> 1100ms for my home feed) Thank you! - NaHi from f2p
Gary Burd
Gary Burd
FriendFeed Authentication for Installed Applications is now available. The documentation is here: http://friendfeed.com/api... .
July 30 - Comment - Share
I'll publish example code showing how to use the authentication mechanism later tonight. - Gary Burd
8 more comments
It might be a design question: is it needed for getting access token in one request directly? IIRC user credential is needed for getting request token in OAuth. - NaHi from f2p
For installed app, there's no relying third party Consumer so it's not a security problem but remotekey is enough for that purpose then? - NaHi from f2p
Remote keys work for that purpose, but remote keys are difficult to use compared to entering a password. - Gary Burd
Sure. But we should be careful about handling password in API I think. Sorry, it's not my job though. - NaHi from f2p
Is /ia_request_token enough, isn't it? Getting authorized request token with password, not an access token. - NaHi from f2p
We did not start with the request token because the extra steps involved do not provide any benefits. - Gary Burd
Only one benefit I can think of is OAtuth spec change. Access token negotiation may require extra options. Agreed with you there seems to be few benefits other than standard conformance. - NaHi from f2p
So the root point I'm thinking is using password instead of remotekey. Are you going to deprecate remote key? - NaHi from f2p
Remote keys aren't going to be deprecated but we are pushing OAuth as it is a much better user experience. - Benjamin Golub
Philipp Lenssen
Philipp Lenssen
We would love to be able to define the callback URL when the user clicks "Cancel" in the access permit dialog (right now, it seems to be hardwired to friendfeed.com). Or is this already possible?
ff-cancel.png
July 31 - Comment - Share
Good idea! - Benjamin Golub
3 more comments
On the next push you'll be able to send the argument "cancel_url" to control where the Cancel link goes to. - Benjamin Golub
The cancel_url is used when an user tries to grant illegal unauthorized request token, too? - NaHi from f2p
No, just the Cancel link - Benjamin Golub from email
I see. Never mind. It must not be controllable. - NaHi from f2p
Gary Burd
Gary Burd
The attached example shows how to use FriendFeed installed application authentication with the FriendFeed Python library (http://code.google.com/p...)
test.py 297 bytes
July 30 - Comment - Share
Weird I clicked on the test.py, and I swear it launched it - hope there was nothing bad in it ;) - Paul Kinlan
It has a python mime-type so your browser probably ran it with whatever app you have listed for python scripts. FriendFeed should probably *not* be listing things with any executable mime-types to avoid becoming an attack vector for auto-install grief apps. - bear (aka Mike Taylor)
I defiantly have python installed so I can see why it executed it... - Paul Kinlan
Nikolai Kordulla
Nikolai Kordulla
Fwd: Can i link images to another url than the image_url with the new version of the api? I know, that you could do this with the old version, but i didnt found this feature in the new version. I tried just adding image_link to the post request, but this didnt worked. (via http://friendfeed.com/friendf...)
July 31 - Comment - Share
This feature was removed to simplify sharing media in v2. We have a few proposals for very advanced media creation that will satisfy your need but nothing is implemented at the moment. - Benjamin Golub
In the meantime, you can use a "Custom RSS/Atom Feed" at http://friendfeed.com/setting... and media RSS - Benjamin Golub
NaHi
NaHi to NaHi's feed, FriendFeed API v2
V1 /feed/user allow me tracing back through history where start >> 660 but V2 does not. Is this intended change? Or the V1 behavior is wrong?
July 29 from f2p - Comment - Share
This is just a bug. - Benjamin Golub
2 more comments
btw, isn't it time to remove the limit on the number of returned entries that the V1 has? - directeur
This should be fixed now. - Benjamin Golub
Now V2 /feed/user works like V1. Excellent... Thank you! - NaHi from f2p
NaHi
NaHi to NaHi's feed, FriendFeed API v2
Would you please add 'validate' API? Because...
July 29 from f2p - Comment - Share
f2p now allows cell phone users to use OAuth access token without hitting FF SP by cell phone. At first an user gets an access token from PC, f2p stores the token in DB. And f2p allow to use the token when an user pass a correct name/remote_key pair after that. - NaHi from f2p
7 more comments
(f2p does not store remote_key for the case) - NaHi from f2p
/validate which requires auth credential and only works with name/remote_key (no OAuth) suits for that purpose I think. I use /feedlist now instead of it. - NaHi from f2p
Would just using http://friendfeed-api.com/v2... work for you? - Benjamin Golub
Yes, I'm using it for now. Dedicated API for that purpose is good I think. - NaHi from f2p
My bad. I'm using /feedlist instead of /feedinfo/me. I think it must be enough for my purpose, too. - NaHi from f2p
There is now a /validate method: http://friendfeed.com/api... - Benjamin Golub
Thank you! I'll check today. - NaHi from f2p
It works as I expected! - NaHi from f2p
alieb
alieb
I am about to register an oauth application -- if you have done it already, is it possibile to edit the app callback url (since v2 and oauth is in beta I just want to be sure about it)? And to the ff-team: are the registered app listed publically somewhere? I'd hate to see someone squat the domain matching the app name before I register it :-)
July 30 - Comment - Share
You can edit the callback URL. There is not a public list of applications, but the app name and website URL is included with entries and comments created from the application. - Gary Burd
Ok, thank you - alieb
Marlin Forbes
Marlin Forbes to FriendFeed API, FriendFeed API v2
Your online documentation for the APIs doesn't mention character encoding anywhere. I now know that it's UTF-8 but an explicit mention would be useful for people who are looking. (via http://friendfeed.com/friendf...)
July 30 - Comment - Share
and I think it will be explicitly mentioned about how much ?num= or summary/N params can take maximum values. we should not try it ourselves... - Ahmet Alp Balkan
Philipp Lenssen
Philipp Lenssen
We don't understand, when we click "create a group" when registering an OAuth application, the following dialog shows up... asking us to provide a username? (We're logged in already.)
api.png
July 30 - Comment - Share
My friend also created a group this way, but when he invited me, the invite link failed (it redirected to the FF homepage, and the group does not show in my "all groups" section). We don't know what we're supposed to do and if this is broken. - Philipp Lenssen
4 more comments
You must associate an OAuth application with a feedback group. The group could be an existing one (you don't need to click "create a group" if you already have some groups you are the admin of) - Benjamin Golub
Benjamin: "username" for a group is kinda misleading :) - alieb
Yes, it is :) - Benjamin Golub
My friend did not have any group so far. So "username" means "groupname"? - Philipp Lenssen
Yes, ie this groups "username" is friendfeed-api-v2 - Benjamin Golub
NaHi
NaHi to NaHi's feed, FriendFeed API v2
Final: OAuth Request Body Hash - http://oauth.googlecode.com/svn...
July 29 from Bookmarklet - Comment - Share
It may be another way to handle HTTP Message Body in OAuth. - NaHi from Bookmarklet
Tarmo Aidantausta
Tarmo Aidantausta
Is the XML output already fixed on the V2? It looks like you still lack the containers for comments and likes, ie: <comments><comment></comment><comment></comment></comments> and <likes><like></like ><like></like></likes>?
July 28 - Comment - Share
I suppose same goes with thumbnail and other similar list type of things... - Tarmo Aidantausta
8 more comments
Is this a problem? Can't you do something like (in Python): dom = xml.dom.minidom.parseString(urllib2.urlopen("http://friendfeed-api.com/v2...)) for entry in dom.getElementsByTagName("entry"): print len(entry.getElementsByTagName("comment")) - Benjamin Golub
Well, if use DOM it's not that big of a deal but when you're using SAX, as I am at the moment, it's a pain in the ass because SAX parsing is sequential. So when you go on parsing the document you have to stop when you hit an unknown tag and be sure that you don't advance in the document because going backwards isn't an option... - Tarmo Aidantausta
It SUX to use SAX, but damn it's faster than DOM. - Tarmo Aidantausta
Is there a reason you can't use JSON? - Benjamin Golub
Uhm, JSON would be nice but at the moment Qt doesn't ship a nice way to parse it. There are some hacks you might be able get it done but as I am also doing an example application and XML and SAX were one of the technologies to be demoed, it isn't really an option. - Tarmo Aidantausta
Ok, thanks for the feedback. We tend do use JSON whenever possible at FriendFeed so this is helpful information. - Benjamin Golub
Yeah, I'm in the Symbian mobile world with C++ and Qt. :) - Tarmo Aidantausta
There's a cross-platform example using Qt and C++ I did for Forum Nokia http://www.forum.nokia.com/info... . It's not the final release yet as there are still few kinks there but it's usable. - Tarmo Aidantausta
As an example, parsing your current XML with QXmlStreamReader and populating datastructures takes now 1143 LOC with the added threading, signals and slots... I think I could do it in less LOCs but with my first time using the QXmlStreamReader it took me that much :P ...and that's just the cpp file ;) - Tarmo Aidantausta
Tarmo Aidantausta
Tarmo Aidantausta
Isn't the collapsing documentation example output a bit off http://friendfeed.com/api... ? I see that comment starts with { but is never closed with }? Not that this is a really serious error, but it didn't just look right to me...
July 28 - Comment - Share
Yes, it's just an error in the documentation. The actual output is valid JSON :). We'll fix this today. - Benjamin Golub
Brilliant, I figured it might be only in the docs since you probably have tests for the actual output ;) - Tarmo Aidantausta
Mark Essel
Mark Essel
Using GAE for oauth, works fine locally (localhost:8080, then after I change the application to it's GAE home (after uploading) I get an error, too many redirects. Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects. Anyone else see this?
July 26 - Comment - Share
Somehow your cookie isn't saving properly - it is constantly trying to redirect you to log you in, the credentials from which should be saved in a cookie - Bret Taylor
15 more comments
I'll try a different browser (weird I wiped cookies after seeing that message). Might be something weird with app engine or the oath/authorize path on that site. Shrugs. - Mark Essel
Noticed the same thing, it's juggling back and forth. I'll check the code I modified. Weird that I didn't notice it with the localhost. Found that I wasn't alone with this problem. Moving my code off the appengine and onto a standalone site later. - Mark Essel
That thread is about logging into http://appengine.google.com/, not to your application. I tried using your application and was constantly redirected back to FriendFeed to authorize your token (with a new token each time). Here are some issues that come to mind: 1) you might not be setting your cookies right (an easy way to check is watch the headers as they come in to your browser, I... more... - Benjamin Golub
I think it's two, thanks for the expert view ( I'm curious why it doesn't bounce locally) I'm breaking things as I go (menace), the good news is I think I can use similar oauth code for Twitter and facebook. Surprised there's not an open source generic social media authenticator lib - Mark Essel from iPhone
It wouldn't bounce locally if you already had the proper cookies setup. Have you tried wiping your cookies locally and trying it out there? - Benjamin Golub
yup it was bouncing like mad locally Benjamin, great I can debug it locally with firefox ;) - Mark Essel
restarted from scratch, grabbed the svn again, set key and secret, cleared cookies. Logged in once and then it started bouncing again. - Mark Essel
WARNING 2009-07-28 01:13:50,042 urlfetch_stub.py:268] Stripped prohibited headers from URLFetch request: ['Host'] INFO 2009-07-28 01:14:42,407 dev_appserver.py:2982] "GET /oauth/authorize?oauth_token=28fca2383b4c45f0a676cfecda9ad13f HTTP/1.1" 302 - - Mark Essel
variants of that warning over and over (which I think is ok) but the GET call isn't quite working - Mark Essel
What is your callback URL set to? I am away from my computer so I can't check but it should be something like /oauth/callback for the example application - Benjamin Golub from email
http://localhost:8080/oauth... that's the bonehead move then on my part? - Mark Essel
Thanks. that did it Benjamin. I don't know when I changed it but I created the never ending loop. It'd oauth (request, token, handshake, etc 3 steps?) then I'd have it return and call authorize again - Mark Essel
heading to bed before I break it again. It's in good shape for careful adjusting tomorrow. - Mark Essel
Yes, /oauth/authorize maps to OAuthAuthorizeHandler which redirects the user to FriendFeed for authorization; if you told us to redirect back there after authorization you'd create a loop. /oauth/callback maps to OAuthCallbackHandler which is what actually gets the authorized token and logs the user in - Benjamin Golub
I truly wish I could learn by reading documentation and not banging my face into the keyboard. Thanks again for the education Benjamin - Mark Essel from iPhone
NaHi
NaHi to NaHi's feed, FriendFeed API v2
What a long subscription list in Paul's feedinfo. Timeout error occurred in f2p... (15 sec)
July 27 from f2p - Comment - Share
If that is my subscription list - ages ago I went through and imported Robert Scobles twitter followers into my account and put it into a separate list, now it is a pain to clear down the list. - Paul Kinlan
5 more comments
this is why I would really like to see the ability to get subsets of data.. even getting just subscriptions from feedinfo, it can still be huge (especially for a mobile app)... check out scobleizer http://friendfeed-api.com/v2... - 1.25megs for subscriptions! - Tim Hoeck
Tim: you can :). Use ?include=name,services for example. - Benjamin Golub from email
Oh misunderstood. You'd like to be able to paginate that data? - Benjamin Golub from email
I mean this one Benjamin: http://ff.im/51VyH - you can't do that with /feedinfo, right? I can use include to get only subscriptions, but I can't use include to get only user:id,name,type from those subscriptions. - Tim Hoeck
although maybe a start= to get say entries 0-30 (i.e. paginate) would work in the meantime :) - Tim Hoeck
kinlan-san: I meant your subscription list. bgolub-san: how about maxsubscriptions? - NaHi from f2p
Benjamin Golub
Benjamin Golub
Width and height are now optional attributes of thumbnails on entries in API v2.
July 27 - Comment - Share
Thank you very much! Developers, do you know this addition really makes your app colorful? - NaHi from f2p
Best of week from FriendFeed API v2 - Older items »
Other ways to read this feed:Feed readerFacebook