Bypassing authentication for basic Twitter operations

I apologize for my English, as it's not my native language, so sorry if there's any gramatical mistake.

While I was developing some project I needed to get the last tweets from a certain Twitter user, and as the service exposes a REST API in order to do nearly any operation, I ran to look for the operation I needed.

The request

After a quick search at Google, I saw that the request that I needed to make was a simple GET request to, which also supported lots of configuration parameters, so all I needed to do was creating that simple request.

In addition, in the Authentication field it only said Supported, and not Required, so I didn't need to register a new Twitter application, do all the mess with private tokens, configurating the headers... So it was very simple. Or maybe not.


Keep calm, stranger...

There's a little point that some of you may have noticed, and that's the fact that the URL I typed before is from the old Twitter API, v1, which has been disabled since May 7, 2013.

In replacement you now must use the v1.1, which requires all the requests being authenticated with their tokens (OAuth or application tokens).

Let's be clear, registering and configuring a Twitter application, set the private keys in order not to be uploaded any time I push the code (it's an Open Source projet)... I was too lazy in that moment to do that, and let's remember, I only wanted some of the last tweets from a twitter user, so, apart fom entertaining myself a little bit, I looked for an alternative way to achieve my goal, so I finally got my own API (with some third-party help).

Here comes the cavalry

I've been following the Kimono's development, an online tool which lets you create scrapping APIs from any webpage (which doesn't require authentication (they've been working on that lately)) in only a few clicks, and it also can be very configurable.

As the scrapping is based on CSS Selectors and renderized HTML, I thought that the easiest way to do that was the mobile twitter version, so I loaded followed by the twitter username, and by using the extension I was able to select the information I wanted with only 4 clicks:



As you see, in a few clicks we have created an API which extracts (in my case) the last 30 tweets from a user, and returns it as a beautiful JSON array.

But that's not all, because Kimono also offers a feature that multiplies its power, called Kimpaths.


Kimono lets you modify the path it will take the selected information from, by simply passing some extra parameters to the request.

That params are named kimpaths, and as you will see, an image is worth a thousand words:

In addition, the requests to Kimono don't need to set any headers, private tokens... anything.
Just a simple URL and we are ready to make the requests to consume the result, and as we've seen, we can configure it in order to return any twitter user's lasts tweets.

I've decided to publish this just because, if anyone ever needs to do this simple task, and doesn't want to do all the mesh of registering an application, settings the tokens... He may find this and learn that there are other ways to do that simple task.