Aug 13, 2013

Get Recent Tweets using Twitter REST API v1.1 by ColdFusion - Part 1

Recently Twitter Published API V 1.1 in June 2013.
Twitter has made lots of changes in it to increase security Level  to prevent malicious use of the Twitter API. New API requires authentication on every API endpoint, that means every request to the API will be authenticated. Most Important they have dropped  XML, Atom, and RSS support and only functional with JSON support.
To know more about API v1.1. Please visit

In one of my Project I was showing Latest Twitter Post using RSS feed.
In June my client noticed that her Twitter Post are not displaying. In result I checked my code and found that.
through an error "The Twitter REST API v1 is no longer active. "
This situation results me to explore API V 1.1 and to write this Blog.

So, let's start. As we discuss earlier new API V 1.1 needs Oath  Authentication and will be fulfilled by creating an application in Twitter Account.

1. Go to, login with your twitter account.
2. Click on "Create a New Application button". Fill necessary details. (Website Field is must but we are not going to use as a source to create tweets for our application. Just add any local URL).

3.We have created our Application "shamApp" with Consumer Key and Consumer Secret.
   Now create your Access Token and Access Token Secret.

4. Your access Token is created now. Points to be noted here
     a. Select HTTP method as GET
     b. Select Request URL as User Time Line 
     c. It is necessary to pass screen_name or user_id when requesting user timeline API.
     d. You can also pass number of tweet to be retrieved by passing value in "count"
     e. Before Generating oauth Token, Please verify your settings.
     Please visit this Page for more overview

6. Oath Signature is created now (Valid for few minutes). Let's review two imp results
     Signature based String : This will be used to create Oath Signature using HMAC-SHA1
     encryption which in-turn help us to create our Oath Header.
     Oath Header :  Oath Header will be used to pass authorization request to User Time line  API to get
     recent tweet posted by user.
     To explore more on Authorization, Please visit :

Above  6 steps finishes our Application Setup Creation, You just need to note down your Oath Settings to create Signature Based String, Oath Signature and Oath Header. Lets Check whether Oath Header created by mySham Application able to get latest twitter post or not by posting HTTP request to User Timeline API.

User Time Line API:
HTTP Method: GET
HTTP Parameters: Count,user_id,Oath Header(created above) 
Note: Be careful to give these parameters correct. If its wrong then Unauthorized access may come.

Let's see response Header of this HTTP request
<cfdump var="#cfhttp.responseheader#">

So our HTTP request to User Time Line is success with Status 200 OK.
Lets see what we get in File Content.
You can see our data in JSON format. We have to Deserialize this JSON format to see our tweet post.

<cfloop from = 1 to = #arraylen(DeserializeJSON(cfhttp.fileContent))# index = "i">
    Twit: #DeserializeJSON(cfhttp.fileContent)[i].text#
  </cfoutput> <br/>

Here is our o/p shown above which shows latest 2 Tweets which I posted from my Twitter Account.
Not only you can get Latest Tweet from User Timeline but It also contains lot of Information like Date creation, Hash tags, comments etc..

Q: Can we use this Response Header created by shamApp to get latest tweets every time we make request to UserTimeLine API ?
Answer is No. (When you run same code after an hr. It will show an error "Time Stamp Out of Bound")

When you check Response Header you will see Oath_nonce,oath_TimeStamp and Oath_Signature which are not present  while creating Application Settings. These 3 makes API v 1.1  more secure as these values are not same on each request. Oath_nonce(random 32 bytes of random data), Oath_TimeStamp(Timstamp value when request was created) and Oath_Signature (Created using HMAC-SHA1 encryption by passing Signature base string and Signature Key) are dynamic and It combines with some other oath settings to make Oath Header.

So we have to do all this process though code base to achieve this.
Let's move on to my next Blog where we crate dynamic Oath Header for each request to be passed to get Latest Tweet