The Twitter Developer Blog

Your source for new features, best practices and real-world use of the Twitter Platform.

Posts from Developer: security

A better way to sign in with Digits

Digits is a new way for your users to sign in to their favorite apps without a password. It’s included in the Twitter Kit as part of Fabric.


REST API SSL certificate updates

At the end of 2013, all Browsers and Certificate Authorities will no longer support 1024 bits RSA certificates to be compliant to National Institute of Standards and Technology (NIST) guidelines.

The SSL certificate currently used on is signed with the older Verisign G2 root CA certificate.


Streaming SSL certificate updates

If you use our streaming APIs, you should be aware of a change that’s coming in a couple months: We are updating the SSL certificates for and on November 4, 2013.


Updating the SSL certificate


The SSL certificate will be changing from the current VeriSign certificate to a DigiCert certificate within the next month.


Twitter is updating its SSL certificates for

The SSL Certificate for is currently signed against the Verisign G2 Root CA certificate. Verisign (recently acquired by Symantec) is no longer issuing new certificates against the G2 root (it expires in 2019.) They are only currently issuing certificates against the Verisign G3 and G5 roots (for EV certificates).

As the certificate for is due to expire soon, we will be upgrading our servers with a new SSL Certificate that will be signed against the Verisign G3 root.


SSL Support for Tweet Button and Follow Button

Today we are pleased to announce SSL support for our Tweet and Follow Button widgets. That means that now you can add these widgets to your secure https pages, enabling users to easily share your content and follow your accounts without leaving your site.


Streaming API turning SSL only on September 29th

All our Streaming API products are now supporting SSL and we’ve just updated the Site streams, User streams and The Streaming APIs documentation pages accordingly. As we’re planning to sunset HTTP support in about a month, we strongly encourage you to switch to SSL (HTTPS) as soon as possible, especially if you’re still authenticating your Streaming API requests with Basic Auth.