Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »
FriendFeed API v2

FriendFeed API v2

Thanks for the feedback! Continue the discussion in our official group:
Nikolai Kordulla
Fwd: Wrote an api library for php (api version 2). You can download it at (via
Any chance of putting it up on Google Code or some other place to make it easier to download and keep up to date? Great job! - Benjamin Golub
Perhaps you could add it to your library repository? If this is not possible, i will create a friendfeed-api-v2-php project on Google Code. - Nikolai Kordulla
It's best to keep in your own repository so you can keep it up to date. I do plan on showcasing popular libraries though by linking to them from our repository :) - Benjamin Golub
uploaded on Google Code: - Nikolai Kordulla
Nikolai, could you include some examples of basic use of the library? - Zackatoustra
ok i will add a small example, today. - Nikolai Kordulla
Love to see an example on how to use this - Greg
Still no example for use of the php version in the wild? - beersage
kjkj - Nagy Istvan
up! - Sercan
Please send message to my facebook account for questions: - Nikolai Kordulla
Vu Pham
Please help me to resolve this issue ( Thanks very much.
When you get a 401 we include an errorCode and errorMessage in the body of the response. What is the body of the response? The errorCode and errorMessage will be extremely helpful when debugging. - Benjamin Golub
I can't get the body of response. When I try to get the InputStream from the request, it just throws that exception... - Vu Pham
the problem seems to be with your inputstream.. not the response from the server... have you tried reading bytes instead of lines? - Tim Hoeck
It throws exception at this line: InputStream is = request.getInputStream(); I haven't done anything with that stream yet. - Vu Pham
Is the exception it is throwing the 401? You'll likely have to catch the exception first to get to the response body. - Benjamin Golub
Please see my Authorization Header value: OAuth oauth_consumer_key="1613ceb2b77d43f096e42359447e8f1d",oauth_nonce="10927893928138",oauth_timestamp="1249350880",oauth_token="0e607738f5b449d8b569b7f7d098274d",oauth_signature_method="HMAC-SHA1",oauth_version="1.0",oauth_signature="utR1eGmnbqnkPb7m5MDypOElGpY%3D" - Vu Pham
Do you see any problems with my header above? I just have issues with POST request, GET request is ok. - Vu Pham
Vu: unfortunately that isn't extremely helpful. Can you capture the response body when you receive the 401? That will show us what we need to know. - Benjamin Golub
In my code, as you see, when I just get the Inputstream to read the response in that stream, it throws the exception immediately... That's why I can't read anything in the response body. - Vu Pham and the replies on seem to suggest that you cannot use signpost with application/x-www-form-urlencoded data and HttpURLConnection. Can you try using Apache Commons HttpComponents instead? - Benjamin Golub
I already tried to use HttpComponents and still got the same exception. 13:10:47,667 WARN DefaultRequestDirector:947 - Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth realm=""} Result: HTTP/1.1 401 Unauthorized - Vu Pham
Consumer key: 1613ceb2b77d43f096e42359447e8f1d Consumer Secret: 2a1797b816394584886de6134c8ff3acc39fc117e26b448b909dfd4a22a07af5 Token: 0e607738f5b449d8b569b7f7d098274d Token Secret: 141520469f56466292005dc0e5cfe35a Could you please try to post a message with those information using your code? - Vu Pham
Problem solved. The problem is of my signature. Thanks anyway. - Vu Pham
Great, can you tell me what your problem was so you can help people in the future? Also you might want to reset your consumer secret since you put it in plaintext here. You can reset it at Click on your application then on "Reset consumer secret" - Benjamin Golub
I'm also getting (401) Unauthorized error while access the token. The Authrize and request token works fine. Any suggestion - Raj
Raj: when you get a 401 we should also return in the body of the response an errorCode and errorMessage. Knowing those values will tremendously help to debug the problem. - Benjamin Golub
I got the exception while reading the response from the stream. So, I couldn't see anything in the response - Raj
My URL is for access is - and my code (C#) to read the response is StreamReader responseReader... more... - Raj
Is anyone can help me for this 401 error? - Raj
Raj: without seeing the error message it is very difficult to help :( - Benjamin Golub
I'm not getting any error in the body. It just throw the exception while reading the response i.e 401 unauthrized. Do you have any sample program in C# or java which works with friendfeed? - Raj
Raj: the body is empty or you can't get to the body because of the exception? The body should always contain an errorCode. - Benjamin Golub
I can't get to the body because of exception. - Raj
I saw python code and your are using and Do we have to use both? It seems that you are using authenticate instead of authorize. Is it right? - Raj
The only difference is /authorize always asks the user to authorize again. /authenticate will immediately redirect if the user has previously authorized. - Benjamin Golub
Still, I can't figure out the problem. I'm keep getting "The remote server returned an error: (401) Unauthorized." in WebResponse res = webRequest.GetResponse(); Do you have any sample example in C#? - Raj
Try to use this one - Vu Pham
thanks but its in java and I'm looking in C# - Raj
you were having the same issue. How did you fix it? - Raj
If I enter the this URL ( in the browser, then I got the authentication window in Browser. So, that means , the user was not authenticated or the token was not correct after authorize. - Raj
I have the Unauthorized issue when try to post message onto FF. Not when to get the access token. I think you have the issue because of your signature. Code of Signpost is ok with FF so you can have a look. To solve my issue, we need to pass the parameter into the base string to create signature. For example, body=testing, we need to pass that one into the base string. - Vu Pham
I was looking the document and it says To request a token, the consumer makes an HTTP request to with the following parameters: * oauth_consumer_key: The Consumer Key. * oauth_signature_method: The signature method the Consumer used to sign the request. * oauth_signature: The signature as defined in OAuth Signing Requests. *... more... - Raj
Raj: Username and password is *only* to be used for applications that are installed by the user on a device (like an iPhone or desktop). You can *only* use that method if you configure your application ( to be an "Installed application". Read more at - Benjamin Golub
got it - Raj
If I enter the this URL ( in the browser, then I got the authentication window in Browser. So, that means , the user was not authenticated or the token was not correct after authorize. - Raj
Ben: It looks like a bug as the same code works fine for twitter and it doesn't work friendfeed. Do you guys have any different settings for oAuth implementation? Do you have any sample program in C#? I'm using OauthBase program from to get the oAuth signature. - Raj
Raj: there definitely could be a bug (or perhaps an inconsistency with the OAuth implementation at Twitter) but we (internally) use the same library to interact with the Twitter OAuth API and our own; also a number of users have already launched applications with FriendFeed OAuth support. Is it at all possible for you to catch the exception and get the body of the response? It will tell you *everything* you need to solve the problem. - Benjamin Golub
FF servers send legitimate, http error response codes. It seems to me, if you are getting an exception that prevents you from reading the body, your issue is in *how* you are reading the response. Just take a look at a packet logger (like, and confirm what/if you are getting a legitimate response back from FF. - Tim Hoeck
Ben and Tim: I'm getting the Exception as "The remote server returned an error: (401) Unauthorized." - Raj
Raj: I do not know C# but you should be able to catch that exception ( and get the body of the response. - Benjamin Golub
I caught the exception and the message in the exception is "The remote server returned an error: (401) Unauthorized". Let me know, if you need any specific part of exception - Raj
Sorry for not being specific. It is not the message in the exception that you want. It is the body of the response. It'll contain something like {"errorCode": "a-descriptive-error-code"} - Benjamin Golub
There is nothing in the body and HTTP status code is "System.Net.HttpStatusCode.Unauthorized". As I said previously, If enter the access URL in the browser, then I got Authentication window ( like Basic authentication) - Raj
The authentication window is not related; that's just what your browser does after we send it a 401 (it's trying to get you to authenticate, but this is not a method you should ever access via a browser). We *always* provide an error code with any error HTTP response. For 401 at the very least it should be {"errorCode":"unauthorized"} but it is usually much more detailed than that. Like... more... - Benjamin Golub
When we make a request to "";, then we got the parameters as "oauth_token_secret=6d831ff1751f4aa38bafd1cbae934077&oauth_token=bf87cea758754a21b1dc8c529bd09251". Do we have to use oauth_token_secret on all subsequent request also? Generally, we got oauth_token_secret the parameter when we make a request for access token i.e ""; - Raj
Raj: you should follow the logic at and You need to save the secret and use it to get the access token. - Benjamin Golub
thanks ...I'll look into it today - Raj
The oAuth is working for me and thanks everyone for helping us - Raj
Glad to hear it Raj! What was your problem (so we know for future users) - Benjamin Golub
As you pointed out, we have to save the token_secret from the request_token and use it when we make a Access_token request . - Raj
Request for Sort date: I think it will be very helpful if we can get the date of each entry which is used for sorting entries in feed.
If I understand correctly, the date is bumped when 1) entry is posted, 2) someone comments/likes to my/friend's entry, 3) friend comments/likes to someone's entry. API clients can calculate the date but it requires all comments and likes. (It means I cannot use maxcomments and maxlikes to reduce network bandwidth.) - NaHi from
f2p will use the date for unread management. - NaHi from
Bear in mind that the date also bumps by other's like to the entry which friend likes, but not to now (at the bottom of initial view?). Fairly difficult to resolve in client side. You should not depend on that dates. :-) - NaHi
No bump when a friend comments/likes to the entry which is not from his/her friend. More complex than I thought. Will be more. - NaHi
Benjamin Golub
We are closing new discussions on the API v2 group. Thanks for all of your feedback! Please make sure you are subscribed to the official API group to continue the conversation:
It is nice to hear that. I saw that you've just changed main documentation URL. Is it going to be a change on old API v1 URLs Http:// ? - AlpB.
Ahmet: API v1 will continue to work. - Benjamin Golub
Congrats for going public! Thanks for hard work of API team. And special thanks to Benjamin for helping f2p's OAuth integration. - NaHi from
Paul Kinlan
A lot of people might not know, but I created which is a twitter auto-following service, I try to maintain a very public image and an ethical approach to finding and following users automatically. I have now developed it for FriendFeed ( .
Before it goes properly live I would love to get feedback from developers and their opinons on auto-following, how I can do this "cleanly" for want of a better word. - Paul Kinlan
There is also a group - Paul Kinlan
Great job. I accessed the site and found that it's a valuable and unique service. And for non-native :-), it's almost clearly explained. It should not be my job about wording but I think it's good to know that ffollo accesses to FF instead of me when I'm offline (if yes?). - NaHi from
Sorry for not enabling the service for me. I'm afraid that I won't be able to revert the changes... - NaHi from
Yes it does, every hour (I will probably reduce this) it checks your feed. - Paul Kinlan
Sure, this service is definatly not for everyone, I will be adding some better metrics such as you have to share 3 likes etc, or 3 comments. - Paul Kinlan
I do record a list of everyone it follows, I just need to enable it in the user interface (or think of a good way to do it so that you can revert the changes) - Paul Kinlan
Don't forget you can always revert the changes here: - Casey Muller
Cool, I didn't actually realize that existed. I will link to it from the site so it is clear what the system is doing. - Paul Kinlan
It would be cool if the modification list was available via the API (and filterable or at least restricted to the modifications that my application has made), I could then use that to show a list of all the follows I have done - Paul Kinlan
Sorry, I should have said it clearly. I meant we cannot revert subscription notification mail. Paul: Metrics sounds good to have. - NaHi from
anyone know what's the recommended regex for hashtag scraping? I use @[a-zA-Z0-9]+ now. #hashtag #regex
wouldn't it begin with the hash symbol? also, since hashtags are user-generated, they can probably include more than just letters and numbers (perhaps symbols, anything except spaces, really). - Brett Kelly
A lot of people are also against hashtagging #[0-9] or #[0-9][0-9] because of the number of false positives. - Kevin Fox
Oops. Correct. Should be #[a-zA-Z0-9]. IIRC twitter does not support non-latin? chars like #なひ so I think I should not use #[^ ]+ ... - NaHi from
#[a-zA-Z][a-zA-Z0-9]* ? - NaHi from
I would add - (seen it in use) and = and : (machinehashtags?) - alieb from iPhone
I misunderstood. #[a-zA-Z0-9=-]*[a-zA-Z][a-zA-Z0-9=-]* (Does your language have named caputure?) EDIT: I mean named subpattern, not camed caputure. sorry for confusing, it's different concept. - NaHi from
yep, they are better known as “named groups” in python - alieb
Also make sure it is either at the start of the string or there is at least a space in front of the # other wise you pick up named anchors in urls. - Paul Kinlan
I found a page that might interest you, give it a look: (see RE_HASHTAGS) - alieb
alieb, kinlan: Thank you! The URL has concrete regex: /(?:^|\W)\#([a-zA-Z0-9\-_\.+:=]+\w)(?:\W|$)/ - NaHi from
Let's get smarter: /\b#([a-zA-Z0-9\-_\.+:=]+)\b/ right? EDIT: hah, kinlan is correct. \b# wrongly matched URL (though it does not affect to f2p because URLs are already picked) - NaHi from
alieb: named groups. I should use this word. Thanks again. - NaHi from
What about anything that is not a space/blank? - directeur
Looks good,I would probably just use a-zA-Z0-9_ all the rest would be normal terminating chars, such as"." etc. - Paul Kinlan
Paul but what bout this one? #天気雨 - the hashtag sould start with # and be followed by one or many blanks - directeur
directeur: unless things have changed those chars aren't valid in a url (which is how most people do hash tags) - they are valid as part of the query string though (as your example for search) - so, i suppose it is all about how they are to be consumed...... :) - Paul Kinlan
To make things more complicated, should #90210 or #2012 be valid tags? - Kevin Fox
Paul: UTF-8 is acceptable in a URL per RFC 3454 and 3986. The only characters that can't be used (and must be encoded) are the reserved set: ":", "/", "?", " ", "#", "[", "]", "@", "!", "$", "&" , "'" , "(" , ")", "*", "+", ",", ";", and "=". Most, if not all, user agents, understand what to do with UTF-8 URLs. - Mark Trapp
Thanks all. FriendFeed for now treats non ASCII sequence as a hashtag ( but Twitter doesn't. ( I'm now using /#[a-zA-Z0-9\-_\.+:=]{2,}/ as a regex. (I use the regex only for a string which does not include any URLs. You should add (?:^|\s+) at the beginning of the regex when a string may include an URL as Paul said.) - NaHi from
Idea for friendfeed: Start a coding/art contest. You released the v1 of your API last year and it was awesome then, the new API is much more better! Why not make a contest (the reward doesn't have to be something expensive...) just a way to create some fun for coders, artists and people supporting them.
Idea for friendfeed: Start a coding/art contest. You released the v1 of your API last year and it was awesome then, the new API is much more better! Why not make a contest (the reward doesn't have to be something expensive...) just a way to create some fun for coders, artists and people supporting them.
Let's say a 24 hours coding and art challenge. People, I bet, will _enjoy_ this and we'll end up with a wealth of tools and fun - directeur from NoiseRiver Extra!
Bret come here :P - tunahan
You're just crazy! Wait for my new apps! :) 24 hrs is not enough :) and the winner will be friendfeed itself. :) - AlpB.
Heyy! its a great idea but, time is not enough :)) - batuhan
aha ! what's the prize? just a kiss? :)))) - Hüseyin Mert
I won't join LOL - AlpB.
:D What? 24hrs aren't enough? Come on! :) And I, honnestly, don't care about the award. Jut imagine the atmosphere on FriendFeed that day :) - directeur
We do plan on showcasing interesting uses of the API on the FriendFeed blog :) - Benjamin Golub
Good idea Ben, in fact! btw, I miss the days when we used to exchange ideas (you on fftogo and me on NoiseRiver). The prize can even be a t-shirt. Let's do it! :) - directeur
Unfortunately i can't join :) But this idea is great bro! :) Btw in a free time you have to tell me about NoiseRiver.Is that yours ? or What's the thing about that ? :D I wanna listen you :) but now i'm goin' to bed.Good Night bro and Everyone! :) - tunahan
Yes, that's one of my apps, Tunahan - iyi geceler ve tatlı rüyalar kardeşim! :) - directeur
Hey Benjamin, wait for me or announce an exact date for this post :) - AlpB.
Ahmet: hopefully we won't be doing just one of them - Benjamin Golub
Unofficial FriendFeed Resource Model Version 0.7. Previous versions:
Simplified. Based of V2 API usage, this version has removed concepts of Service, Imported feed and Entity. Feed contains Entries. User is a Feed. Group is a Feed, too. User has Lists, a List contains several Feeds as Subscriptions. - NaHi from
In V2 API, Direct message, summary, discussions, likes, comments are all Feed. This model has not yet represent this. (To say the truth, after simplifying to the extent possible, it's just a 'Entries + filters'. :-) - NaHi from
Paul Kinlan
Silly Question: I really like the layout of FF, I am just making another app using the API now, and I was thinking about design and UI layout - how close can I get to the FF layout before it comes too close that it could cause confusion or be unacceptable for FF. I at least plan the logo to be diff, and it doesn't use friend or feed in the url.
I would like it to be obvious that is an app for friendfeed, but clear that it is not associated with or endorsed by FF (if that makes sense). - Paul Kinlan
Layout is fine. As long as the name don't contain the word "FriendFeed" and it is clear that it is not associated with FriendFeed other than utilizing the API you should be fine. - Benjamin Golub
Are we ok to use "ff" in the url? - my url is - Paul Kinlan
Yes that is fine. And you can use our logos: has a few and more information about how to safely use them. - Benjamin Golub
excellent - was just double checking. :) - Paul Kinlan
Paul Kinlan
With the introduction of Authentication for Applications we are now asking Friendfeeders to enter their passwords into our applications. A lot of users, regardless of the fact that I don't store their password will find it hard to trust me and my applications (their arguments will be why do we need to use passwords when oauth exists).
How can we give confidence to the users that they are infact using oauth and we don't store their passwords - Paul Kinlan
Great question. You can direct them to the feedback group for your application where other users will hopefully be talking about the application in a positive light. You can tell them that they can revoke access at and if they change their password not only can the application no longer make access tokens with your password but all old access... more... - Benjamin Golub
We also plan to update to address concerns. - Benjamin Golub
I at least plan a personal offensive. When I did I found that if I put my mug shot on and responded as a person to queries rather than the catch-all "twollo" twitter user that there was a large element of trust being put in me rather than the company - I supose the theory is that I am putting my reputation on the line rather than hiding behind a corporate entity. So I full expect to do that with the applications that are using Authentication for Applications. - Paul Kinlan
Paul Kinlan
Do you support header based Authorization parameters? I only ask because I am trying to use a 3rd party library on the iphone to connect using Installed Application Authentication and it is failing (returns html saying unauthorized access to a protected resource) - this library only uses Authentication headers... I will keep playing.
I might just write a simple library to connect instead of using this library :) - Paul Kinlan
We do support OAuth via Authentication headers. Returning HTML when hitting /account/oauth/ia_access_token sounds like a bug though; we'll fix soon. - Benjamin Golub
Might be me - Paul Kinlan
Didn't realize that you had to create a separate application for Installed Application access. Will let you know if I get it working :) - Paul Kinlan
And if we had returned JSON/XML instead of HTML the error message would have told you that :(. We'll fix that bug. - Benjamin Golub
cool - using the correct key everything works using the api, however the api library for the iphone still doesn't work - but at least I know it is the library or the way I am using the library that is causing my issue now :) Thanks. - Paul Kinlan
Just to let you know, I have it working now... The Authorization header are supported ;). it was all about me trying to reuse my FriendBoo app conumer key and secrety and not creating a new application, and because it wasn't working I started changing the oauth library :) I reverted back to the original code, used the new key and secret and I have just got an authorization token back. All good :) - Paul Kinlan
Paul Kinlan
I am just creating an iphone app for Friendboo and whilst I have done most of the backend stuff I am just working on the authentication mechanism.... I have a couple of questions (in comments)
I will be using the oauth authentication for applications, however I plan on proxying everything though my service so that I can attach the iphone application as a device on my service and also record every message posted. Is it reasonable to do this? I won't be storing the password - but for a variety of reasons I am not keen on using objective-c oauth libraries. - Paul Kinlan
Is there a sign-up page built for iphone? if a user downloads the application but doesn't have an account I would like to point them to or something similar so that they can create an account. I can't see one at - Paul Kinlan
That should be fine to perform the actual OAuth call on your server as long as the password is not stored on the iPhone or on your server. You are introducing another layer of latency though. We don't yet have a sign up page built for the mobile experience. - Benjamin Golub
To be fair, I am still toing and froing between what is best, I can always retrospectively post to my service - or I can just develop friendboo the friendboo site to simply reflect the group... my main stumbling block is the oauth clients for the iphone (but I might roll my own since I can miss out part of the process now). - Paul Kinlan
Hi folks! :) I just launched this little thingy but when I try to access (which is a method decorated with @authenticated) I'm not being automatically redirected to - what am I doing wrong?
Well, here's what I think about the bug. I accessed the site, authorized it and revoked the access (the cookie was still in my browser) the @authenticated decorator was "gamed" - directeur
That's the reason for this line of code: @authenticated just guarantees that you have a token, not that it is a valid one. If you get a 401 you should get a new token. - Benjamin Golub
Paul Kinlan
In the Python v2 API, the call to fetch urllib.encodes the parameters passed in, bearing in mind that image_url what do people think about having the doseq = True so that it can easily handle arrays of URL's
You can also just comma separate multiple urls into one image_url argument - Benjamin Golub
true, it was just that I can have "," in my file name, I need to sort that out :) ....saying that I am pretty sure I should be url encoding my urls so it might not matter. - Paul Kinlan
yes, you should be url encoding them before (IMO :) - bear (aka Mike Taylor)
V2 API endpoint seems to not compress a response when my app accesses with OAuth even if the request includes 'Accept-Encoding: gzip'. It does gzip for BasicAuth. I'm not quite sure though for now...
I found that a response contains Content-Encoding: gzip for OAuth, too. It much reduces turnaround time for connections. (ex. 1500ms -> 1100ms for my home feed) Thank you! - NaHi from
Philipp Lenssen
We would love to be able to define the callback URL when the user clicks "Cancel" in the access permit dialog (right now, it seems to be hardwired to Or is this already possible?
Good idea! - Benjamin Golub
On the next push you'll be able to send the argument "cancel_url" to control where the Cancel link goes to. - Benjamin Golub
The cancel_url is used when an user tries to grant illegal unauthorized request token, too? - NaHi from
No, just the Cancel link - Benjamin Golub from email
I see. Never mind. It must not be controllable. - NaHi from
The attached example shows how to use FriendFeed installed application authentication with the FriendFeed Python library ( 297 bytes
Weird I clicked on the, and I swear it launched it - hope there was nothing bad in it ;) - Paul Kinlan
It has a python mime-type so your browser probably ran it with whatever app you have listed for python scripts. FriendFeed should probably *not* be listing things with any executable mime-types to avoid becoming an attack vector for auto-install grief apps. - bear (aka Mike Taylor)
I defiantly have python installed so I can see why it executed it... - Paul Kinlan
Nikolai Kordulla
Fwd: Can i link images to another url than the image_url with the new version of the api? I know, that you could do this with the old version, but i didnt found this feature in the new version. I tried just adding image_link to the post request, but this didnt worked. (via
This feature was removed to simplify sharing media in v2. We have a few proposals for very advanced media creation that will satisfy your need but nothing is implemented at the moment. - Benjamin Golub
In the meantime, you can use a "Custom RSS/Atom Feed" at and media RSS - Benjamin Golub
V1 /feed/user allow me tracing back through history where start >> 660 but V2 does not. Is this intended change? Or the V1 behavior is wrong?
This is just a bug. - Benjamin Golub
btw, isn't it time to remove the limit on the number of returned entries that the V1 has? - directeur
This should be fixed now. - Benjamin Golub
Now V2 /feed/user works like V1. Excellent... Thank you! - NaHi from
Would you please add 'validate' API? Because...
f2p now allows cell phone users to use OAuth access token without hitting FF SP by cell phone. At first an user gets an access token from PC, f2p stores the token in DB. And f2p allow to use the token when an user pass a correct name/remote_key pair after that. - NaHi from
(f2p does not store remote_key for the case) - NaHi from
/validate which requires auth credential and only works with name/remote_key (no OAuth) suits for that purpose I think. I use /feedlist now instead of it. - NaHi from
Would just using work for you? - Benjamin Golub
Yes, I'm using it for now. Dedicated API for that purpose is good I think. - NaHi from
My bad. I'm using /feedlist instead of /feedinfo/me. I think it must be enough for my purpose, too. - NaHi from
There is now a /validate method: - Benjamin Golub
Thank you! I'll check today. - NaHi from
It works as I expected! - NaHi from
I am about to register an oauth application -- if you have done it already, is it possibile to edit the app callback url (since v2 and oauth is in beta I just want to be sure about it)? And to the ff-team: are the registered app listed publically somewhere? I'd hate to see someone squat the domain matching the app name before I register it :-)
Ok, thank you - alieb
Marlin Forbes
Your online documentation for the APIs doesn't mention character encoding anywhere. I now know that it's UTF-8 but an explicit mention would be useful for people who are looking. (via
and I think it will be explicitly mentioned about how much ?num= or summary/N params can take maximum values. we should not try it ourselves... - AlpB.
Philipp Lenssen
We don't understand, when we click "create a group" when registering an OAuth application, the following dialog shows up... asking us to provide a username? (We're logged in already.)
My friend also created a group this way, but when he invited me, the invite link failed (it redirected to the FF homepage, and the group does not show in my "all groups" section). We don't know what we're supposed to do and if this is broken. - Philipp Lenssen
You must associate an OAuth application with a feedback group. The group could be an existing one (you don't need to click "create a group" if you already have some groups you are the admin of) - Benjamin Golub
Benjamin: "username" for a group is kinda misleading :) - alieb
Yes, it is :) - Benjamin Golub
My friend did not have any group so far. So "username" means "groupname"? - Philipp Lenssen
Yes, ie this groups "username" is friendfeed-api-v2 - Benjamin Golub
It may be another way to handle HTTP Message Body in OAuth. - NaHi from Bookmarklet
Tarmo Aidantausta
Is the XML output already fixed on the V2? It looks like you still lack the containers for comments and likes, ie: <comments><comment></comment><comment></comment></comments> and <likes><like></like ><like></like></likes>?
I suppose same goes with thumbnail and other similar list type of things... - Tarmo Aidantausta
Is this a problem? Can't you do something like (in Python): dom = xml.dom.minidom.parseString(urllib2.urlopen(" for entry in dom.getElementsByTagName("entry"): print len(entry.getElementsByTagName("comment")) - Benjamin Golub
Well, if use DOM it's not that big of a deal but when you're using SAX, as I am at the moment, it's a pain in the ass because SAX parsing is sequential. So when you go on parsing the document you have to stop when you hit an unknown tag and be sure that you don't advance in the document because going backwards isn't an option... - Tarmo Aidantausta
It SUX to use SAX, but damn it's faster than DOM. - Tarmo Aidantausta
Is there a reason you can't use JSON? - Benjamin Golub
Uhm, JSON would be nice but at the moment Qt doesn't ship a nice way to parse it. There are some hacks you might be able get it done but as I am also doing an example application and XML and SAX were one of the technologies to be demoed, it isn't really an option. - Tarmo Aidantausta
Ok, thanks for the feedback. We tend do use JSON whenever possible at FriendFeed so this is helpful information. - Benjamin Golub
Yeah, I'm in the Symbian mobile world with C++ and Qt. :) - Tarmo Aidantausta
There's a cross-platform example using Qt and C++ I did for Forum Nokia . It's not the final release yet as there are still few kinks there but it's usable. - Tarmo Aidantausta
As an example, parsing your current XML with QXmlStreamReader and populating datastructures takes now 1143 LOC with the added threading, signals and slots... I think I could do it in less LOCs but with my first time using the QXmlStreamReader it took me that much :P ...and that's just the cpp file ;) - Tarmo Aidantausta
Tarmo Aidantausta
Isn't the collapsing documentation example output a bit off ? I see that comment starts with { but is never closed with }? Not that this is a really serious error, but it didn't just look right to me...
Yes, it's just an error in the documentation. The actual output is valid JSON :). We'll fix this today. - Benjamin Golub
Brilliant, I figured it might be only in the docs since you probably have tests for the actual output ;) - Tarmo Aidantausta
What a long subscription list in Paul's feedinfo. Timeout error occurred in f2p... (15 sec)
If that is my subscription list - ages ago I went through and imported Robert Scobles twitter followers into my account and put it into a separate list, now it is a pain to clear down the list. - Paul Kinlan
this is why I would really like to see the ability to get subsets of data.. even getting just subscriptions from feedinfo, it can still be huge (especially for a mobile app)... check out scobleizer - 1.25megs for subscriptions! - Tim Hoeck
Tim: you can :). Use ?include=name,services for example. - Benjamin Golub from email
Oh misunderstood. You'd like to be able to paginate that data? - Benjamin Golub from email
I mean this one Benjamin: - you can't do that with /feedinfo, right? I can use include to get only subscriptions, but I can't use include to get only user:id,name,type from those subscriptions. - Tim Hoeck
although maybe a start= to get say entries 0-30 (i.e. paginate) would work in the meantime :) - Tim Hoeck
kinlan-san: I meant your subscription list. bgolub-san: how about maxsubscriptions? - NaHi from
Benjamin Golub
Width and height are now optional attributes of thumbnails on entries in API v2.
Thank you very much! Developers, do you know this addition really makes your app colorful? - NaHi from
Fwd: SSL configuration... Never mind it's private beta. (via still uses SSL certificate for * Any plan to get new certificate? - NaHi from
Yes, that's a bug. We'll get it fixed soon. - Paul Buchheit
I don't think OAuth users don't need SSL but there're bunch of users who cannot do OAuth in mobile world. They cannot edit trustanchor certs of their terminal. - NaHi from
Paul: Thanks! - NaHi from
I noticed that the certificate of was changed. Unfortunatelyl still it does not work. The new certificate is for '*' but it does not match with ''. We need a certificate which contains '' as a subjectAltName extension. - NaHi from
Yes, I'm working on getting a better certificate. Sorry about that. - Paul Buchheit from email
Ok, I've updated with a good certificate, so it should work now. Let me know how it goes. - Paul Buchheit
Works fine now. Thank you! - NaHi from
By the way, do you have any plan for updating server certificate for I heard that 'it will be fixed soon' ( but I noticed that the certificate is using is the same as the new certificate for at the point of using wildcard certificate. We Japanese cell phone users will be happy if you can add an DNS entry and preparing the dedicated server certificate for OAuth... Let me know if there's anything I can do. - NaHi from
Tim Hoeck
Was there a reason for the removal of the id for "service", now part of via? It would be useful for doing advanced searches, instead of having to know all of the ids for the services, like "Google Reader" is googlereader.
Also, is there a way to determine if a via is an actual service, or a method that the user posted the entry? - Tim Hoeck
I guess in place of the id, it is just the service name with no space(s)? - Tim Hoeck
No. there're several exceptions. ( We need mapping table for that purpose for now. I created the table for my app based on this V1 API. Demo: - NaHi from
The feedinfo call tells you the service id. for example. We will also restore in v2 later today. - Benjamin Golub
sweet, amplifeeder caches a list of all the services via the cal to /api/services so at least if there is parity between the two apis all is good :) - Paul Kinlan
Other ways to read this feed:Feed readerFacebook