This Package Saved My SaaS

Рет қаралды 118,502

Ай бұрын

depending on a third-party api for your saas is not fun, because, well, it gives that third party the power to charge pretty much ANYTHING they want. As is the case with twitter. This is a pretty smart solution
-- my links
second channel (in depth videos): / @joshtriedupstash
discord: / discord
github: github.com/joschan21

Пікірлер: 332

@WebDevCody Ай бұрын

The Twitter backend engineers while implementing that token param: “nobody’s gonna know. How would they know?”

@user-sc7hq4jt9n Ай бұрын

So crazy🤣🤣🤣🤣

@yassinesafraoui Ай бұрын

Also Twitter engineers: there is only one way for that to happen, someone with us made the library 😏

@ogs102 Ай бұрын

😂😂😂😂

@jellyfish1772 Ай бұрын

😂😂😂😂😂😂😂😂

@shamunkhatri6754 Ай бұрын

that guy is ex twitter employee 😅

@jugalgadhavi Ай бұрын

That one jira ticket will speed run itself from backlog to in-progress

@jasondads9509 20 күн бұрын

Dont let musk see it Xd

@requestfx5585 Ай бұрын

"it can break at any time" I think that that time was set when you uploaded this video for thousands of people to see

@LennyMiller739 25 күн бұрын

Pfffffft. As if tech giants can afford internet

@bitw1se 11 күн бұрын

yeah ngl, that was really stupid.

@FlorinPop Ай бұрын

I just read it as: "This packages saved my ass"

@davlatberdinazarov179 Ай бұрын

😂😂😂

@sora-senpai Ай бұрын

Same

@yassinesafraoui Ай бұрын

That's actually also correct 😂😂😂

@dytra_io Ай бұрын

should be the actual title

@goodsamaritan208 Ай бұрын

You read it right.

@Parajulibkrm Ай бұрын

yes Josh, you don't look like that guy, that guy looks like you instead.

@Khari99 Ай бұрын

Only Sid would post about a security vulnerability that is needed to make his application work lol

@justanaveragebalkan 29 күн бұрын

it's a CDN, if you want to put something behind it you can't actually protect it otherwise it wont function, so technically if they want to keep the same functionality for the same cost, the best they can do is to obscure it a bit more, but eventually people would break it. So technically this is not a security vulnerability, but a really cheap way to cut costs, so they might as well just make the posts free to fetch as people would abuse this regardless. Facebook, Instagram and many others have this as well, or least something similar that can be exploited to get the content off their platforms.

@flybackrs 28 күн бұрын

This is by no means a security vulnerability, this is the intended function of the API and this API has to be public because of how it's used. To prevent ""abuse"" like this you'd need to monitor who's hitting it and how often.

@nickolaki Ай бұрын

Speedrun before twitter patch the underlying solution 😂

@yogeshdevaggarwal 8 күн бұрын

Why is there 45 open job positions at X after this video 💀

@megamind452 Ай бұрын

Thanks for reporting this bug, it will be fixed in this current sprint - X engineer after watching this

@buddy.abc123 Ай бұрын

How would they fix it without breaking millions of embeddings?

@cryptomaniac1866 Ай бұрын

They just need to change the function that creates the token and make it server side only @@buddy.abc123

@michaelmontero2902 Ай бұрын

😂😂😂😂

@petergg9096 Ай бұрын

Lmao the current sprint

@Oussama-uo1gf Ай бұрын

@@buddy.abc123 they can just make it so that the function that is used to generate the token based on the tweet id no longer works.

@enclocreations4427 Ай бұрын

Bro remove this

@reold 28 күн бұрын

For real. We don’t want them to patch the token system

@katto1937 26 күн бұрын

Nah he prefers his 100k views which might get him $100 over a package that people might actually need in the future. He's not entitled to care about other people but there was really no need for this video, this package is well known if you need to fetch tweets. Whatever ig

@sippingthepeachsoda 25 күн бұрын

@@katto1937he’s spreading knowledge to other people, gatekeeping is for clowns🤡🤡

@oniondesu9633 25 күн бұрын

twitter devs likely already knew about the package, it wasnt super obscure or unknown. they probably will break it, but it wont be because of this video

@blockchainme 4 күн бұрын

@@oniondesu9633 most room temp iq comment of all time. if you think this video won't break the repo then you might have underlying mental disabilities

@davisphem Ай бұрын

The creator of react-tweet must be an undercover spy at X 😅

@karthikeyajidagam8068 Ай бұрын

Vercel made it broh 😂

@Iliannnn Ай бұрын

@@karthikeyajidagam8068 no, vercel is just what they used to host the documentation. they didn't pay for a domains so they got a free vercel one

@this_is_samridh Ай бұрын

bro , you should delete this video

@algobuddy Ай бұрын

Dude, this is like a game-changer for small developers and startups!

@rym8349 Ай бұрын

it will get patch i will not count on it

@katto1937 26 күн бұрын

@@rym8349 Yup especially after a youtube video that so graciously points it out

@imkir4n Ай бұрын

Don't let Elon see this.

@FeinsterSchmaus Ай бұрын

Layoffs coming oh boy…

@weeb3277 Ай бұрын

too late i already reported the video stitches for leeches

@catharsis222 Ай бұрын

@@FeinsterSchmauslaid off if the software enginners don’t do something as directed by manager

@talhaibnemahmud Ай бұрын

I was more amazed that the package is from Vercel 😮

@0xPanda1 Ай бұрын

Its interesting but the down side is Twitter may change something in thier thus the code would stop working

@user-ce5nc8hz7w Ай бұрын

Not with the 3 remaining engineers :d

@romankoncek150 Ай бұрын

If the code stops working, all embeds will stop working. They can only fix it for new embeds, so this crappy code is destined to stay in their codebase forever, lol :)

@0xDEAD_Inside 29 күн бұрын

@@romankoncek150 Elon is unhinged enough to do just that!

@fusseldieb 15 күн бұрын

@@romankoncek150 Not necessarily. It just doesn't contain any rate limiting ... yet.

@Nin_Cada Ай бұрын

This video was so informative that we got to see his twin brotha.

@ricko13 Ай бұрын

ok but how do you retrieve like new tweets from users? without manually copying-pasting tweet URL ?

@Aboods1337 Ай бұрын

Hi, I see you have an option to import from discord too, how does that work? Thanks in advance!

@whizzie3367 Ай бұрын

I was hoping they could have something API that checks If an account follows me... I need it to complete my saas... Do you have any idea on how I can achieve this??

@quamzgraphix9826 Ай бұрын

Very cool library, thanks for sharing

@softmerit25 Ай бұрын

Honestly, it's really cool. The simplicity of the react tweet is amazing. A happy ending indeed.

@arturkre5793 Ай бұрын

does this also exists in a similar way for facebook ?

@rodrigomarchi9755 19 күн бұрын

What tool is he using at 3:55 to send the request?

@cidhighwind8590 9 күн бұрын

It's great to see you finally getting the recognition you deserved from your amazing performance in Toy Story.

@dabbopabblo 29 күн бұрын

I theorize that how they generate the token probably changes regularly to combat this, but nothing stops you from scraping the code that generates it and extracting the new method on a whim.

@PootCoinSol Ай бұрын

But how do you get every user that liked / retweeted the post?

@BooksWeCanRead Ай бұрын

Yaaayyy ✨ and you are nothing like that sid guy you rock! 💜✨👏👏

@elormtsx Ай бұрын

this is gold 😁 thanks for sharing this 😅

@LongBoy.0 26 күн бұрын

I'm still not clear on what's actually happening. why is a syndicate URL? did they just scrape and reverse engineer the database? or did they just figure out how to reverse engineer real twitter api keys that actually work?

@_gekyumeman4127 29 күн бұрын

I had this same problem earlier last year. So i spent some time reverse engineering the twitter embed API myself and worked like a charm.

@Mohith7548 25 күн бұрын

The issue here is: how do you get the tweet ids?

@EnglishRain 29 күн бұрын

Great video, thanks for sharing!

@KellenProctor Ай бұрын

Josh is the alternate universe version of Sid that grew up in a structured household and is going on to have a monster successful career.

@sanchaythalnerkar9577 Ай бұрын

lmao crazy good ! is there a similar package for first getting the tweets of the user?

@JakobRossner-qj1wo Ай бұрын

Awesome way of showing it with making the HTTP request yourself

@rickdg Ай бұрын

It's a good starting point before actually paying for the API. Perhaps it's still available because you still need the ID of every tweet you want to "embed"?

@Lars16 Ай бұрын

Thanks for sharing, quick and to the point as always Josh. Awesome package and everything, but who in their right mind would consider shilling out $5000 per month for the Pro tier subscription when you haven't even found product market fit and are at 0 users. I get the point that you need to find a feasible solution to what you are building before starting out, but you could launch your SaaS with the free or basic version and upgrade as you start to monetize your SaaS.

@hipdev_ Ай бұрын

The creator of react-tweet is my brother, I'm so proud of him 🤗!

@UmairSadaqat Ай бұрын

❤

@yassinesafraoui Ай бұрын

So your brother works at Twitter?

@hipdev_ Ай бұрын

@@yassinesafraoui Take a closer look 2:40

@0xDEAD_Inside 29 күн бұрын

@@yassinesafraoui No, at vercel!

@guibrandalisee 29 күн бұрын

How did he came up with the formula to generate the token param? Because I was tinkering around and found out that that param does nothing, you just have to put any value into it, as far as it not being blank it will work just fine

@zorzysty Ай бұрын

You TOTALLY look like Sid :D

@weeb3277 Ай бұрын

reported for hate speech

@user-lj4lo7cx7m 16 күн бұрын

@@weeb3277 womp womp n...

@oaklyfoundation 27 күн бұрын

Where did u get that UI its sick.

@bar6732 Ай бұрын

Nice! I wanna steal that UI too, care to share the repo?

@VincentFulco Ай бұрын

Great vid, thanks!

@sujjeee Ай бұрын

X just made user liked post private. So is there any way we can get a user liked post in similar way?

@Sandwich4321 26 күн бұрын

get scraping

@sujjeee 26 күн бұрын

@@Sandwich4321 we can scrape locally but in a headless browser x will ban you.

@deepshaswat Ай бұрын

I am also building something which requires to do the user lookup, please let me know if you find anything similar

@II__II 28 күн бұрын

what's the name of the graphics editor he draws in?

@sierragutenberg 27 күн бұрын

look to the left: exaclidraw

@uneebbhatti1388 29 күн бұрын

Bro why do I need to store a tweet in database, what is the main purpose of your SAAS?

@edenassos Ай бұрын

It's cheaper to do text tracking on the page with a cloud sandbox and have it screenshot tweets for you.

@theawesomegamer123 28 күн бұрын

Genuinely curious as a newbie, how is this allowed? Wouldn't this be a huge concern for X as a profit loss?

@JEM_GG Ай бұрын

I did this exact work around last year for get-ratioed a ratio viewer app xD

@sabujghosh8474 Ай бұрын

Was looking for something like this for so long

@FlorinPop Ай бұрын

"You do not look like that guy" **wink, wink** 😉

@belkocik Ай бұрын

Who came up with this idea to generate a token like this? Is it production ready?

@user-wr8gg9kh6l 26 күн бұрын

that is so coool) I think spending resources to verify auth for these semi-public routes isn't comparable to possible losses that can produce indy developers, another assumption - developers left back door)) for their 0 users per month saas))

@scalor 28 күн бұрын

This video was recommended. 1st time seeing anything from your channel. Let's see how fast this hole gets patched.

@appelnonsurtaxe 28 күн бұрын

it can't, that'd break every single tweet embed on every website

@ShubhamVsCode Ай бұрын

how did they manage to reverse engineer the getToken 🤯🤯

@esyx6476 Ай бұрын

my guess is that there is some (ex)employee from twitter who knows how it works

@RealTkco 27 күн бұрын

As the video mentions this is for embeding a tweet into a site, copying the code it gives you for multiple tweets and comparing, volia.

@BambeH 27 күн бұрын

Back in my school days, we used to use the Twitter API as an exercise in web fetching. Guess teachers will need to find a new site to do this exercise with.

@AdityaKumar-op5zc 15 күн бұрын

You can always use KZfaq api it's free

@sgnathan.m Ай бұрын

I need similar thing like this for instagram?

@4twi352 Ай бұрын

I'm interested how they reverse-engineered the token part, holy

@RealTkco 27 күн бұрын

As the video mentions this is for embeding a tweet into a site, copying the code it gives you for multiple tweets and comparing, volia.

@impyrobot 5 күн бұрын

probably an ex twitter employee if I had to guess

@eVashioNN Ай бұрын

Unexpected shut down or a change in API can be quite surprising :D

@bangunny Ай бұрын

Why is everyone using Arc now?

@RiteshNEVERUNIFORM Ай бұрын

Must been an Laid of employee traking revenge on Elon

@enijar 29 күн бұрын

Na that Sid comparison caught me off guard 😂

@highpofly 22 күн бұрын

inb4 this package stops working

@jakehartigandesign 25 күн бұрын

I’d now like to know how to gather all of my past tweet id’s, then pull the rest of the data as shown. Seems like it’s still limited in that regard.

@Sandwich4321 26 күн бұрын

good to know thst this exists, i usually just use the twitter scraper i wrote in python for this sort of thing

@semyaza555 28 күн бұрын

0:44 Sorry Josh but I can't unsee this now...

@RJRobinsonX Ай бұрын

How long now before this package no longer works because of this.

@kaustubhxdd Ай бұрын

Elon fanboy rushing to tweet and beg him to patch this : 🏃💨 That one dev at Twitter who'll bring this up next meeting: 🤓📝 Josh: 🙍🏻‍♂

@Simple_OG Ай бұрын

Awesome stuff

@cnikolov 27 күн бұрын

whats more interesting is how they parse it back to the original id.

@poldekwastaken 2 сағат бұрын

0:54 nah bro is sid 100%

@mertsandepalm962 Ай бұрын

Interesting. Good shit bro...

@davecarbonell49 20 күн бұрын

has it been patched yet?

@joshuasingh854 Ай бұрын

Man the getToken function is breaking my brain. Does anyone know what's going on there?

@phoneywheeze9959 29 күн бұрын

probably one of the ex twitter employees he fired

@vickonsscope6477 Ай бұрын

OH NO Josh!!!😂... You have exposed these innocent dudes..Now Twitter backend engineers would have to find a way to block that access😂😂

@ellamurii Ай бұрын

thats so funny hhahahaha. i also just tried and it accepts any string as token, no need to use generate function of vercel. i wonder whats really the purpose of token as it really does not seem for validation purpose lmao. so no reverse engineering really occurred lol

@phoneywheeze9959 29 күн бұрын

can you get long form tweets/articles from this?

@sammed8337 17 күн бұрын

now they will encrypt the token with the secret key, and you can put your Saas idea in the trash can

@CAG2 26 күн бұрын

That function for calculating the token... it seems completely arbitrary, as if they just threw together of the most stuff together in hopes nobody would reverse-engineer it. Kudos to the guy for somehow figuring it out, even if this will probably will be patched very soon.

@hl6903 Ай бұрын

Awesome need more video like this

@Channel-cy4lh Ай бұрын

Great video Josh. This is really good to know about. My only concern, as you mentioned, would be the question of how long it will be before this method is broken or blocked by them. I suppose it's just a matter of ensuring this code is isolated enough that you can swap it out within your functionality in the future. And, you know what, you kinda do look like Sid....

@SXsoft99 27 күн бұрын

"don't ask me what this does" .... modern day developers, copy paste code without understanding what it does

@Nurof3n_ Ай бұрын

this video is such Sid energy

@manuelcalle621 Ай бұрын

amazing!!! you are a monster

@aymenbachiri-yh2hd Ай бұрын

Thank you so much

@mikejohneviota9293 Ай бұрын

its not working now

@TimeAiTales 28 күн бұрын

DELETE IT BEFORE I COUNT TO THREE.

@harshil1735 Ай бұрын

There is one more problem with X. The android app does not have sign in with apple and therefore if you are shifting from apple to android then there is no way the user can login. I think X should start hiring more engineers.