This Package Saved My SaaS
ฝัง
- เผยแพร่เมื่อ 15 มิ.ย. 2024
- depending on a third-party api for your saas is not fun, because, well, it gives that third party the power to charge pretty much ANYTHING they want. As is the case with twitter. This is a pretty smart solution
-- my links
second channel (in depth videos): / @joshtriedupstash
discord: / discord
github: github.com/joschan21 - วิทยาศาสตร์และเทคโนโลยี
The Twitter backend engineers while implementing that token param: “nobody’s gonna know. How would they know?”
So crazy🤣🤣🤣🤣
Also Twitter engineers: there is only one way for that to happen, someone with us made the library 😏
😂😂😂😂
😂😂😂😂😂😂😂😂
that guy is ex twitter employee 😅
That one jira ticket will speed run itself from backlog to in-progress
"it can break at any time" I think that that time was set when you uploaded this video for thousands of people to see
Pfffffft. As if tech giants can afford internet
I just read it as: "This packages saved my ass"
😂😂😂
Same
That's actually also correct 😂😂😂
should be the actual title
You read it right.
Bro remove this
For real. We don’t want them to patch the token system
Nah he prefers his 100k views which might get him $100 over a package that people might actually need in the future. He's not entitled to care about other people but there was really no need for this video, this package is well known if you need to fetch tweets. Whatever ig
@@katto1937he’s spreading knowledge to other people, gatekeeping is for clowns🤡🤡
twitter devs likely already knew about the package, it wasnt super obscure or unknown. they probably will break it, but it wont be because of this video
yes Josh, you don't look like that guy, that guy looks like you instead.
Only Sid would post about a security vulnerability that is needed to make his application work lol
it's a CDN, if you want to put something behind it you can't actually protect it otherwise it wont function, so technically if they want to keep the same functionality for the same cost, the best they can do is to obscure it a bit more, but eventually people would break it.
So technically this is not a security vulnerability, but a really cheap way to cut costs, so they might as well just make the posts free to fetch as people would abuse this regardless. Facebook, Instagram and many others have this as well, or least something similar that can be exploited to get the content off their platforms.
This is by no means a security vulnerability, this is the intended function of the API and this API has to be public because of how it's used. To prevent ""abuse"" like this you'd need to monitor who's hitting it and how often.
Speedrun before twitter patch the underlying solution 😂
Thanks for reporting this bug, it will be fixed in this current sprint - X engineer after watching this
How would they fix it without breaking millions of embeddings?
They just need to change the function that creates the token and make it server side only @@buddy.abc123
😂😂😂😂
Lmao the current sprint
@@buddy.abc123 they can just make it so that the function that is used to generate the token based on the tweet id no longer works.
The creator of react-tweet must be an undercover spy at X 😅
Vercel made it broh 😂
@@karthikeyajidagam8068 no, vercel is just what they used to host the documentation. they didn't pay for a domains so they got a free vercel one
Dude, this is like a game-changer for small developers and startups!
it will get patch i will not count on it
@@rym8349 Yup especially after a youtube video that so graciously points it out
Don't let Elon see this.
Layoffs coming oh boy…
too late
i already reported the video
stitches for leeches
@@FeinsterSchmauslaid off if the software enginners don’t do something as directed by manager
Back in my school days, we used to use the Twitter API as an exercise in web fetching.
Guess teachers will need to find a new site to do this exercise with.
I was more amazed that the package is from Vercel 😮
This video was so informative that we got to see his twin brotha.
bro , you should delete this video
Very cool library, thanks for sharing
Honestly, it's really cool. The simplicity of the react tweet is amazing. A happy ending indeed.
this is gold 😁 thanks for sharing this 😅
Great video, thanks for sharing!
Its interesting but the down side is Twitter may change something in thier thus the code would stop working
Not with the 3 remaining engineers :d
If the code stops working, all embeds will stop working. They can only fix it for new embeds, so this crappy code is destined to stay in their codebase forever, lol :)
@@romankoncek150 Elon is unhinged enough to do just that!
Yaaayyy ✨ and you are nothing like that sid guy you rock! 💜✨👏👏
I theorize that how they generate the token probably changes regularly to combat this, but nothing stops you from scraping the code that generates it and extracting the new method on a whim.
Great vid, thanks!
Awesome way of showing it with making the HTTP request yourself
I had this same problem earlier last year. So i spent some time reverse engineering the twitter embed API myself and worked like a charm.
lmao crazy good !
is there a similar package for first getting the tweets of the user?
Was looking for something like this for so long
Hi, I see you have an option to import from discord too, how does that work? Thanks in advance!
It's a good starting point before actually paying for the API. Perhaps it's still available because you still need the ID of every tweet you want to "embed"?
Awesome stuff
I did this exact work around last year for get-ratioed a ratio viewer app xD
ok but how do you retrieve like new tweets from users? without manually copying-pasting tweet URL ?
Nice! I wanna steal that UI too, care to share the repo?
Interesting. Good shit bro...
But how do you get every user that liked / retweeted the post?
"Should I just take my SaaS idea and put it in the trash can?"
Yes, as a general rule all SaaS ideas should be put in the trash
I was hoping they could have something API that checks If an account follows me... I need it to complete my saas...
Do you have any idea on how I can achieve this??
It's cheaper to do text tracking on the page with a cloud sandbox and have it screenshot tweets for you.
does this also exists in a similar way for facebook ?
The creator of react-tweet is my brother, I'm so proud of him 🤗!
❤
So your brother works at Twitter?
@@yassinesafraoui Take a closer look 2:40
@@yassinesafraoui No, at vercel!
How did he came up with the formula to generate the token param? Because I was tinkering around and found out that that param does nothing, you just have to put any value into it, as far as it not being blank it will work just fine
0:44 Sorry Josh but I can't unsee this now...
Josh is the alternate universe version of Sid that grew up in a structured household and is going on to have a monster successful career.
Where did u get that UI its sick.
Thanks for sharing, quick and to the point as always Josh. Awesome package and everything, but who in their right mind would consider shilling out $5000 per month for the Pro tier subscription when you haven't even found product market fit and are at 0 users. I get the point that you need to find a feasible solution to what you are building before starting out, but you could launch your SaaS with the free or basic version and upgrade as you start to monetize your SaaS.
Awesome need more video like this
amazing!!! you are a monster
good to know thst this exists, i usually just use the twitter scraper i wrote in python for this sort of thing
Unexpected shut down or a change in API can be quite surprising :D
That function for calculating the token... it seems completely arbitrary, as if they just threw together of the most stuff together in hopes nobody would reverse-engineer it. Kudos to the guy for somehow figuring it out, even if this will probably will be patched very soon.
whats more interesting is how they parse it back to the original id.
I’d now like to know how to gather all of my past tweet id’s, then pull the rest of the data as shown.
Seems like it’s still limited in that regard.
This video was recommended. 1st time seeing anything from your channel. Let's see how fast this hole gets patched.
it can't, that'd break every single tweet embed on every website
I'm interested how they reverse-engineered the token part, holy
As the video mentions this is for embeding a tweet into a site, copying the code it gives you for multiple tweets and comparing, volia.
Thank you so much
"You do not look like that guy" **wink, wink** 😉
I am also building something which requires to do the user lookup, please let me know if you find anything similar
Great video Josh. This is really good to know about.
My only concern, as you mentioned, would be the question of how long it will be before this method is broken or blocked by them. I suppose it's just a matter of ensuring this code is isolated enough that you can swap it out within your functionality in the future.
And, you know what, you kinda do look like Sid....
You TOTALLY look like Sid :D
reported for hate speech
Who came up with this idea to generate a token like this? Is it production ready?
Na that Sid comparison caught me off guard 😂
Must been an Laid of employee traking revenge on Elon
Bro why do I need to store a tweet in database, what is the main purpose of your SAAS?
I'm still not clear on what's actually happening. why is a syndicate URL? did they just scrape and reverse engineer the database? or did they just figure out how to reverse engineer real twitter api keys that actually work?
Genuinely curious as a newbie, how is this allowed? Wouldn't this be a huge concern for X as a profit loss?
Awesome.
Nice vid
thanks algo
X just made user liked post private. So is there any way we can get a user liked post in similar way?
get scraping
@@Sandwich4321 we can scrape locally but in a headless browser x will ban you.
next day at Twitter headquarters: "Aight boys, time to change the API key generator"
This Package Saved My AsS
It want last long before Twitter Devs change that token param
the mix of english with the austrian accent is so funny 🇦🇹❤️
I have just noticed that your Sony XM5 Good one
what's the name of the graphics editor he draws in?
look to the left: exaclidraw
this video is such Sid energy
that is so coool) I think spending resources to verify auth for these semi-public routes isn't comparable to possible losses that can produce indy developers, another assumption - developers left back door)) for their 0 users per month saas))
That is crazy.. 5k?!?
Review more libraries!
Why is everyone using Arc now?
How long now before this package no longer works because of this.
"don't ask me what this does" .... modern day developers, copy paste code without understanding what it does
I'll be very surprised if it's not patched within days of this video.
Appreciated nonetheless
There is one more problem with X. The android app does not have sign in with apple and therefore if you are shifting from apple to android then there is no way the user can login. I think X should start hiring more engineers.
bro this is cool
Elon fanboy rushing to tweet and beg him to patch this : 🏃💨
That one dev at Twitter who'll bring this up next meeting: 🤓📝
Josh: 🙍🏻♂
Now twitter knows it.
5000$/month for the twitter api is actually crazy
I need similar thing like this for instagram?
I hope no one base their system on this, as a anecdote its cool, but sooner than later they will patch this the second this come widespread.
Simple and brilliant, haha
DELETE IT BEFORE I COUNT TO THREE.
This is the reason why math in important in CS.
?? Yeah it is, but this is a horrible example, cuz literally reverse engineer the math twitter used 🤣and exploit it
Chilla chilla ke scheme batade sabko..
Who would use a SaaS to avoid taking a few seconds to copy/paste a testimonial from Twitter?
OH NO Josh!!!😂... You have exposed these innocent dudes..Now Twitter backend engineers would have to find a way to block that access😂😂
I read
"This package save my sASS"
who else thought the video title was THIS PACKAGE SAVED MY ASS
thats so funny hhahahaha. i also just tried and it accepts any string as token, no need to use generate function of vercel. i wonder whats really the purpose of token as it really does not seem for validation purpose lmao. so no reverse engineering really occurred lol
can you get long form tweets/articles from this?
God, I hope this lasts