Streaming API turning SSL only on September 29th

By ‎@rno‎
Wednesday, 31 August 2011

All our Streaming API products are now supporting SSL and we’ve just updated the Site streams, User streams and The Streaming APIs documentation pages accordingly. As we’re planning to sunset HTTP support in about a month, we strongly encourage you to switch to SSL (HTTPS) as soon as possible, especially if you’re still authenticating your Streaming API requests with Basic Auth.

On a related note, Basic Auth will eventually be deprecated on the Streaming API, and we recommend that you switch to OAuth well in advance.

Implementation changes on your side should be as simple as changing http protocol for https

  • Streaming API: use https://stream.twitter.com instead of http://stream.twitter.com
  • User Streams: you should already be using https://userstream.twitter.com
  • Site Streams: you should already be using https://sitestream.twitter.com

Just like for api.twitter.com, we are using Verisign SSL certificates on these domains. If for some reason you need the Verisign Root CA Certificate, you can obtain it directly from Verisign, or from this link: http://curl.haxx.se/ca/cacert.pem

  1.   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network

On September 29th, the Streaming API will turn SSL only. While one month’s time is our plan, please be sure to give us your feedback on this discussion thread if you think you needed more time. As always, if you have questions about the Streaming API, let us know on our Developers Discussions board.

Update: If you need to get a list of PEM encoded certificates (including the Verisign one), we actually recommend the usage of Adam Langley’s extract-nss-root-certs tool, rather than downloading the cacert.pem file from haxx.se. Take a look on https://github.com/agl/extract-nss-root-certs for more info.