Get user's profile photo without user authentication in v1.1? (Was possible in v1)


Hey there,

I’m wondering if it’s possible to get a given user’s profile photo URL without performing a user authenticated request in v1.1 of the REST API. I see how to do it with authenticated requests, but I’m specifically looking to do this without authentication.

IN v1, this was possible with the following API:

Will this be migrated to v1.1, or is there another API call I’m missing that will enable the same?

Here’s a bit more about my scenario and why the non-authenticated part of it is important:

I’m building a service for mobile apps where we are allowing authentication through Twitter and Facebook-- the goal is to not have our own user account system. So every user is either a FB user or a Twitter user-- when displaying information about users, we want to show their profile photo. However a given user might be authenticated with FB but may see the profile photo of a different user that was authenticated with Twitter.

The facebook API provides a way to display profile photos without authentication (if the profile photo is public).


Hi Shah, have you found the solution. I’m also looking for that, v1 still working now, For facebook i can find friends with only id and name, and have a way to get profile image. For twitter, is there a way to get friends’name by id? “GET users/lookup” bring me too much informations.


What about this thread? Anybody have an answer?
Do we have to call the show.json to then get the profile_url all the time?


Yes, using /1.1/users/show.json to find the profile_url is the way to do it. You can no longer do this without authentication.


@rich_unger are you sure ? I tried it but I get authentication error.


did i have to generate new call on the
below URL for getting twitter Profile image


That is absolutely stupid and wasteful for the API (not to mention something we need to factor into usage for the rate limits). There should be a cached profile picture under a URL that you can piece together easily. So one could hit it over and over without any detriment to Twitter’s servers or rate limits for an app. Wow. I’m in utter shock. Is there any specific reasoning here?