sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!

Server stats:

596
active users

#API

26 posts20 participants0 posts today

Search Engine Journal: Google Trends API (Alpha) Launching: Breaking News. “Google has just unveiled an alpha version of its Trends API at Google Search Central Live, Deep Dive APAC 2025. This new offering brings explore-page data directly into applications. The API will provide consistently scaled search interest figures. These figures align more predictably than the current website […]

https://rbfirehose.com/2025/07/25/search-engine-journal-google-trends-api-alpha-launching-breaking-news/

ResearchBuzz: Firehose | Individual posts from ResearchBuzz · Search Engine Journal: Google Trends API (Alpha) Launching: Breaking News | ResearchBuzz: Firehose
More from ResearchBuzz: Firehose
Typically HTTP APIs speak JSON or XML, but what are some other human-readable formats folks have seen that was useful? How about text/plain and sending INI, TOML, RESP etc. for some simpler and smaller request/responses that are still self-describing? These seems nicer for languages that don't have good JSON/XML support or if they do their libraries are cumbersome and awkward to use.

#HTTP #API #REST #ContentType

How to generate HTML docs from an OpenAPI 3 spec file? I'm currently using widdershins + middleman to render slate, which feels a bit outdated and cumbersome. The best modern tool I found so far is redocly. Its in-page search doesn't seem to work though?

#openapi #api (somewhat #ruby related)

Please don't give away your Twitter API keys to Cloudinary

shkspr.mobi/blog/2023/07/pleas

My CDN just asked me for all my Twitter API keys...

WTF? This would give them complete access to my app's Twitter account, the ability to send and receive messages, and anything else that my API key allows.

Giving them - or anyone - the entire set of credentials would be a very bad idea.

What's going on?

Twitter's slow-motion collapse and hostility to developers is causing a whole bunch of second-order effects.

Lots of services let people log in to them using Twitter. It is (was?!) a quick way to do identity management without having to bother the user with a separate username and password. Once someone has logged in, it's nice to be able to show their user avatar.

Annoyingly, Twitter never had a simple solution for that. You couldn't take my username - edent - and then grab twitter.com/edent/avatar.jpg. Instead, you had to perform an API call to get the image.

So a whole bunch of services started up which would retrieve Twitter avatars based on username. And they also did the same for Facebook, GitHub, Google, and lots of other OAuth providers.

I was using Cloudinary's Social Media Profile Pictures feature. But with Twitter's complete inability to serve API users, that functionality is going away.

Last week Cloudinary said that they could keep the functionality going if I was willing to provide my API keys. I (somewhat impolitely) complained to Cloudinary that them asking for all the API keys was a security nightmare. They responded (politely) to my points:

I completely understand your concerns. Twitter's recent limitations to their API have made it so that we are unable to continue to use our own API credentials to allow customers to fetch Twitter assets, and so we must implement customer credentials instead. We were working on a long-term resolution, but they cut off our API access without warning, and so the temporary solution to minimise disruption was to request your credentials so our backend team can add in a rule to run your Twitter API requests with your own credentials. As such, we require both the API key and secret, along with the access token and secret.

...

As mentioned, this is just a temporary measure in order to ensure continued delivery of your assets. If you prefer to wait until we have a customer-facing portal to enter your Twitter account credentials, then you are certainly welcome to do so. Unfortunately I don't have an ETA on when such a solution might be available, however we will do our best to keep you updated.

I understand that they don't want users to have a degraded experience. And I understand that Twitter have screwed them over. And I'm sure that they're a thoroughly trustworthy company who will never get hacked. But asking customers to fatally compromise their own security like that is not acceptable.

Can't you just...?

Twitter doesn't offer a stable avatar service. Users can change their profile picture at any time, and the URl to the old image stops working. So caching the profile picture URl often leads to a broken image. Caching an old image can mean showing something outdated.

The API rate limits are pretty small for any service with heavy traffic.

Not showing a user image - or just the Twitter icon - could work. But it makes for a pretty crappy experience.

Telling everyone to leave Twitter and join Mastodon would be nice.

Creating a bespoke read-only API key could work - but Twitter now limits the number of apps a develop can have unless they pay stupid money.

It is entirely understandable that people would panic and hand over the keys to their (digital) kingdom. Fear makes people do dangerous things.

Anyway, this Mastodon post sums it up the best:

Post by @RickiTarr View on Mastodon

Hi Terence, We don't have a way for customers to configure this on their own currently. Our team will handle the configurations for you. Here are the details needed for us to do the required changes: API Key and Secret. Access Token and Secret.Best Regards
Terence Eden’s Blog · Please don't give away your Twitter API keys to Cloudinary
More from Terence Eden