Aug 13, 2013

Get Recent Tweets using Twitter REST API v1.1 by ColdFusion - Part 2

Let's start where we left in Part 1. In this post our main Goal will be to create Dynamic Oath Header for authorizing  an API request. We already created Oath Header using shamApp Application and get our latest tweet but this is not our permanent solution .

To create Oath Header we need
1. Oath Settings - which we created using Twitter Application
2. Time Stamp  - when we create our oath request.
3. Oath Nonce - create using 32 byte random alphanumeric characters.
4. Oath Signature - create using HMAC-SHA1 encryption with Signing Key and Signature Based String (Secret Message).
5. Oath Creation - using above 4
6. HTTP request to User Time Line API to get latest Tweets.

Declare your Oath Settings values first:

Now  Create Time Stamp and Oath nonce:
Note: We can also create Timestamp using now() function too but I suggest you to first convert into GMT format time and then to epoch time.

Now lets move to create Signing Key and Signing base string(Message)  using Percent Encoding which will be used to create Oath Signature using HMAC-SHA1 Encryption.

So our Signature Key and Signature base string(secret message) is ready. Lets pass these two to our function  called HmacSHA1 encryption to get Oath Signature.
"There is no MAC function Included in CF 9 but CF 10 provides HMAC function to achieve this. So Let's do it in CF 9 using  MAC and Secret Key class provided by JAVA to achieve it"

So our Final step is to create Oath Header and send this Oath Header via HTTP request to User Timeline API to get our latest tweet post.

This HTTP request will give our recent tweeter posts along with lots of details associated with it in JSON format
To see our Twitter post we have to first deserialise this JSON response.

So we get our final o/p of latest Tweets posted by user. So now you can display latest tweet in web pages. This is same result which we got from shamApp application in part1

Goal Achieved :)

Useful Links: (Major API console to debug ) (Signature Testing for Twitter)

Hope it will help you.
Happy Tweet :)

Get Recent Tweets using Twitter REST API v1.1 by ColdFusion - Part 1

Recently Twitter Published API V 1.1 in June 2013.
Twitter has made lots of changes in it to increase security Level  to prevent malicious use of the Twitter API. New API requires authentication on every API endpoint, that means every request to the API will be authenticated. Most Important they have dropped  XML, Atom, and RSS support and only functional with JSON support.
To know more about API v1.1. Please visit

In one of my Project I was showing Latest Twitter Post using RSS feed.
In June my client noticed that her Twitter Post are not displaying. In result I checked my code and found that.
through an error "The Twitter REST API v1 is no longer active. "
This situation results me to explore API V 1.1 and to write this Blog.

So, let's start. As we discuss earlier new API V 1.1 needs Oath  Authentication and will be fulfilled by creating an application in Twitter Account.

1. Go to, login with your twitter account.
2. Click on "Create a New Application button". Fill necessary details. (Website Field is must but we are not going to use as a source to create tweets for our application. Just add any local URL).

3.We have created our Application "shamApp" with Consumer Key and Consumer Secret.
   Now create your Access Token and Access Token Secret.

4. Your access Token is created now. Points to be noted here
     a. Select HTTP method as GET
     b. Select Request URL as User Time Line 
     c. It is necessary to pass screen_name or user_id when requesting user timeline API.
     d. You can also pass number of tweet to be retrieved by passing value in "count"
     e. Before Generating oauth Token, Please verify your settings.
     Please visit this Page for more overview

6. Oath Signature is created now (Valid for few minutes). Let's review two imp results
     Signature based String : This will be used to create Oath Signature using HMAC-SHA1
     encryption which in-turn help us to create our Oath Header.
     Oath Header :  Oath Header will be used to pass authorization request to User Time line  API to get
     recent tweet posted by user.
     To explore more on Authorization, Please visit :

Above  6 steps finishes our Application Setup Creation, You just need to note down your Oath Settings to create Signature Based String, Oath Signature and Oath Header. Lets Check whether Oath Header created by mySham Application able to get latest twitter post or not by posting HTTP request to User Timeline API.

User Time Line API:
HTTP Method: GET
HTTP Parameters: Count,user_id,Oath Header(created above) 
Note: Be careful to give these parameters correct. If its wrong then Unauthorized access may come.

Let's see response Header of this HTTP request
<cfdump var="#cfhttp.responseheader#">

So our HTTP request to User Time Line is success with Status 200 OK.
Lets see what we get in File Content.
You can see our data in JSON format. We have to Deserialize this JSON format to see our tweet post.

<cfloop from = 1 to = #arraylen(DeserializeJSON(cfhttp.fileContent))# index = "i">
    Twit: #DeserializeJSON(cfhttp.fileContent)[i].text#
  </cfoutput> <br/>

Here is our o/p shown above which shows latest 2 Tweets which I posted from my Twitter Account.
Not only you can get Latest Tweet from User Timeline but It also contains lot of Information like Date creation, Hash tags, comments etc..

Q: Can we use this Response Header created by shamApp to get latest tweets every time we make request to UserTimeLine API ?
Answer is No. (When you run same code after an hr. It will show an error "Time Stamp Out of Bound")

When you check Response Header you will see Oath_nonce,oath_TimeStamp and Oath_Signature which are not present  while creating Application Settings. These 3 makes API v 1.1  more secure as these values are not same on each request. Oath_nonce(random 32 bytes of random data), Oath_TimeStamp(Timstamp value when request was created) and Oath_Signature (Created using HMAC-SHA1 encryption by passing Signature base string and Signature Key) are dynamic and It combines with some other oath settings to make Oath Header.

So we have to do all this process though code base to achieve this.
Let's move on to my next Blog where we crate dynamic Oath Header for each request to be passed to get Latest Tweet