Today Twitter has suspended again the API key used by Hotot+. Please read below for info about how to solve the issue for now.

Today Twitter has reactivated the API key used by Hotot+.

Today Twitter has suspended again the API key used by Hotot+. Please read below for info about how to solve the issue for now.

Today Twitter has reactivated the API key used by Hotot+.

Today Twitter has suspended again the API key used by Hotot+. Please read below for info about how to solve the issue for now.

Today Twitter has reactivated the API key used by Hotot+.

A couple of days ago Twitter has suspended (again) the write permissions for the API key used by Hotot+.

This already happened in the past and so far they always told me that it was their anti Spam detection system that “by mistake” identified Hotot+ as Spam maker.
But, after I contacted them for the umpteenth time, they replied that it's not a mistake this time, Hotot+ is indeed guilty of mentions Spam:

Since Hotot+ has no automatic function that could let users to do automated Spam mentions, this essentially means that there are only two possibilities:

1. Some users use Hotot+ to do mentions Spam (but I think it's implausible, as having to do it “manually” would take too much effort and time for any normal user).
2. Someone uses the API key of Hotot+ in any other tool/app to do mentions Spam, so that for Twitter Hotot+ appears to do this even if it is not actually so.

Now, the first case is easily fixable by me (I already planned to insert a check that limits the number of mentions feasible in a certain period of time) but the second case is unfortunately unsolvable by me: the API key must be inserted into the program code (of course) and then anyone with a little knowledge of JavaScript can find it and extrapolate it trivially. The problem is that even if I uses functions to encrypt it, however these functions will always be visible in the source code (it's JavaScript after all) and so there is no way to totally obscure them and keep them safe.

In addition to this in the next version I plan also to insert a check on the actual validity of the API key, so that when and if Twitter will block it again in the future, the user will be alerted with a warning screen and redirected to this page with further details.

Usually Twitter replies to email communications in 2-3 days, so it may take a long time for Hotot+ to return to work.
In the meantime, if you want you can use your own API key instead of the default one, so you can get it to work right away.
To change the API key used by Hotot+ you need to go in the Preferences, click on the Advanced Settings item and enable the Use a custom source app option:

Then enter Consumer Key and Secret values in the fields below it, close the window, restart Hotot+ and you're done.

But how to get a valid Consumer Key and Consumer Secret? It's very simple. Create a new application from this official Twitter page https://apps.twitter.com/app/new and then you will find the two values you need into the tab Keys and Access Tokens:

Alternatively, on the web you will surely find the API keys of the most popular/official Twitter apps (for example here: https://gist.github.com/shobotch/5160017 ). But take heed, using them will cause other users see you're posting from those specific apps and not from Hotot+, so it's not really correct/legal and I do not take any responsibility for what you will do.