notes.husk.org. scribblings by Paul Mison.

Twitter, Flickr, APIs and Permissions

benw:

From working on Fire Eagle, I’m an advocate for granular control. Pick sensible defaults, and allow users disable optional parts if they desire. It seems even more important in the case of Twitter, where the impact of abuse is higher.

Take Flickr: If an application asks for read/write access to my photos, that includes private photos and deletion rights. I can’t disable that. I can’t just say ‘this app only accesses public content’.

That’s because Flickr’s API allows access to any public photo without authentication, so that level is implicit in posting your photos. To me, this makes sense: it’s on the web anyway, so if you didn’t allow API access, one could just scrape the data. (It is possible to opt out of API searches, but if I know your photo ID or user ID I can still use API calls.)

From what I understand of Twitter’s API, it’s actually similar: you can fetch any public user’s updates (or the bio of any user) without authentication. It’s only updating, and reading the updates of a private user, that require authentication.

It’s probably a fair point to suggest that Twitter should split these, though. Perhaps Flickr and Twitter should also both offer full-blown API optouts (for as much as it pains me as a developer, it’s probably right ethically.)

Vocal Grumblr

Tumblr has a nice API (for reading anyway) that lets you get posts as JSON. Unfortunately, you can’t filter by tag, and per-tag pages don’t have RSS or Atom feeds of their own.

Vox has a nasty heavy Atom API for reading which doesn’t seem to do JSON, but it does filter by tag, and per-tag pages have feeds of their own.

Sigh.

Tumblr API gripes

As I mentioned a day or two ago, Tumblr support tags (both via the API and the theme engine), and there’s also a front-end method for tag filtering. This made me wondering about incoming feeds; I have a badly-publicised second Tumblr site which pulls in images from the craneporn Flickr pool and anything tagged appropriately on delicious, and I thought it could benefit from automatically adding tags.

So, do the posts already have tags? No. The feed importer doesn’t honour them, but then, there’s not exactly a standard for tags in feeds (delicious uses multiple <category> items; Flickr uses a single <media:category> item containing multiple tags), so I can understand that. (Also, the feed importer probably predates Tumblr’s tag support.)

Right then, let’s use the API instead. Read the posts, look up the original item on Flickr or delicious, pull in the tags, and then push it back to Tumblr. Easy enough, you’d think, but no: Tumblr’s API only has two methods, “read” and “write”. No “update”, so you can’t edit an existing post, and there’s not even “delete”, so I can’t fake an update by doing a write/delete pair either. So there’s no way to backfill tags either.

This leaves me considering writing my own feed importer (especially for delicious, which is also throwing away attribution for the person who posted the link) and trying to figure out a nice way to ask for these features on Tumblr’s Get Satisfaction page, which seems to be the closest thing there is to a developer forum. (Edit: done now.) In the meantime, I really should try a write with the same date as an existing entry, just to see what happens…