Twitter API with YQL and Authentication Issue

I am using YQL to send API requests to Twitter. SInce Twitter now requires authentication, I have to encode my credentials into YQL. This gives me a URL that gives the correct JSON however the URL that I get from YQL includes my credentials. I don't have a server and am just using ajax in jQuery and Javascript to do the API request. So when I create variables to mimic the YQL URL that is returned my credentials are in plain sight. Obviously this isn't too safe. Is there anyway to work around this without a server or does YQL have a way of hiding the credentials?

Example I want to retrieve the statuses from @latimes. I use the YQL console (consumer_key, etc are YQL's not mine): select * FROM twitter.statuses.user_timeline WHERE screen_name="@latimes" AND consumer_key="08ZNcNfdoCgYTzR7qcW1HQ" AND consumer_secret="PTMIdmhxAavwarH3r4aTnVF7iYbX6BRfykNBHIaB8" AND access_token="1181240586-JIgvJe4ev3NHdHnAqnovHINWfpo0qB2S2kZtVRI" AND access_token_secret="1nodv0LBsi7jS93e38KiW8cHOA5iUc6FT4L6De7kgk" It gives me this URL: http://query.yahooapis.com/v1/public/yql?q=select%20*%20FROM%20twitter.statuses.user_timeline%20WHERE%20screen_name%3D%22%40latimes%22%20AND%20consumer_key%3D%2208ZNcNfdoCgYTzR7qcW1HQ%22%20AND%20consumer_secret%3D%22PTMIdmhxAavwarH3r4aTnVF7iYbX6BRfykNBHIaB8%22%20AND%20access_token%3D%221181240586-JIgvJe4ev3NHdHnAqnovHINWfpo0qB2S2kZtVRI%22%20AND%20access_token_secret%3D%221nodv0LBsi7jS93e38KiW8cHOA5iUc6FT4L6De7kgk%22&format=json&diagnostics=true&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys&callback=

So it works, although the credentials are still in the source code since in my app I take user input and substitute it into the above URL where appropriate. Can I do anything?


2 Replies

Recent Posts

in YQL