in reply to this object

All API calls require some sort of authentication.

Interestingly, the authorization header seems to be constant. I’m guessing this identifies the request as coming from Twitter’s own web UI:

authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA

The actual authentication happens elsewhere. For guest sessions, you need a `x-guest-token: 1649859312251027458` header, where there token is obtained by a separate call. Only a subset of calls are available in this mode. For the rest, you need to have a cookie from the logged in user:

cookie: auth_token=1234567890abcdef58dc6829393d4604b9e37c8a; ct0=1234567890abcdef0b09e38a20dcdd5cb6ec4cf8f2ba357187cda008b0f39273308a6b7ef6d318f609bc83563709c247e51daad090a116d775ef1fa55074cf5c235893a45f99d1cc49ac4fe61fec238d; x-csrf-token: 1234567890abcdef0b09e38a20dcdd5cb6ec4cf8f2ba357187cda008b0f39273308a6b7ef6d318f609bc83563709c247e51daad090a116d775ef1fa55074cf5c235893a45f99d1cc49ac4fe61fec238d

Note that the `x-csrf-token` is the same as the `ct0` cookie.

Both are obtained through a somewhat involved login workflow shown in

I’ve spent a better part of today, playing with ’s internal API and trawling through GitHub for examples of the apps that use it. I think I’ve learned enough to try and code something up. This thread will be my notebook and a journal.

The minimal objective will be to write an exporter from the following list to OPML, so that I can move most of my feed into an RSS reader. And if I don’t lose the interest by then, I' may even try to write a web app for reading the feed with no frills.

Continuing the topic of unfucking UI:

This extension basically rebuilds Twitter circa 2015 based on the modern API. If all you need is a usable Twitter in the browser, this is the way to go. For myself I think I'd like something that can remember my position across devices, so I might end up trying to code something up...

You can find a lot of interesting scripts if you search for certain constants on GitHub. For example, AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA seems to be a constant that Twitter's internal API always uses in the Authentication header.

Just look at this:

I'm giving up no Twitter mobile app, it's utterly unusable:

  • Won't even talk about the "for you" timeline, madness lies that way.
  • Following timeline is sorted from old at the bottom to new at the top, but threads are not! They are in reverse, so you end up reading in a zig-zag pattern.
  • Threads longer than 3 tweets are collapsed, so you need to click in to read them.
  • If you haven't opened the app for more than 2 days (😲, I know, who does that!), then it just hides everything but the two most recent days of your timeline. If you click "show more tweets", it will, of course keep your scroll position at the 2 day old threshold, not where you actually stopped reading 😠 Good luck finding the place.

So I have two questions:

  1. Am I the only fool who reads twitter chronologically?
  2. Is there anything that could let me continue doing it that way? It certainly doesn't help that they killed off all third-party clients.