[twitter-dev] Re: Rate Limiting question
Hi all, thanks for your responses. John, I did take a look at the stream api but was put off by the big disclaimer saying it could change very frequently and be down for extended periods. Also, I was kinda trying to avoid the issue I was seeing in search where certain tweets were not being indexed - now perhaps this is because my test tweets unwittingly looked like duplicates (and not worthy of indexing) but it made me think ok, is there a way to avoid this problem - scanning the users timelines seemed the way to go. The streaming API looks interesting though and I get the idea of having a single connection - which in my case would be a shell based PHP script dumping the results to (say) a flat file for subsequent import/processing. I'll need to find some best practice PHP scripts - phirehose looked interesting. Can I check something with rate limits and streaming API? If I have 20K requests per hour this basically means I can use the streaming API 20K times per hour? Or is that too simplistic. Joel
Re: [twitter-dev] Re: Rate Limiting question
You probably wouldn't use the streaming API 20k times/hr. You would open one connection and consume data from it during that hour. ---Mark http://twitter.com/mccv On Sun, Jan 3, 2010 at 12:15 AM, Joel Hughes joelhug...@gmail.com wrote: Hi all, thanks for your responses. John, I did take a look at the stream api but was put off by the big disclaimer saying it could change very frequently and be down for extended periods. Also, I was kinda trying to avoid the issue I was seeing in search where certain tweets were not being indexed - now perhaps this is because my test tweets unwittingly looked like duplicates (and not worthy of indexing) but it made me think ok, is there a way to avoid this problem - scanning the users timelines seemed the way to go. The streaming API looks interesting though and I get the idea of having a single connection - which in my case would be a shell based PHP script dumping the results to (say) a flat file for subsequent import/processing. I'll need to find some best practice PHP scripts - phirehose looked interesting. Can I check something with rate limits and streaming API? If I have 20K requests per hour this basically means I can use the streaming API 20K times per hour? Or is that too simplistic. Joel
[twitter-dev] Re: Rate Limiting question
Hey Kyle, Is that true re the rate limits? I've always assumed that ANY request on an IP is xounted against that IP's rate limit - so comes of the 20,000; and each user has their own rate limit... normally 150 per hour. So an authenticated request comes off both the user's and and IP's rate limit? In the very least, the user's limit of 150 per hour is affected first, and then if that is maxed out, then the IP limit will come into play? Could someone from Twitter clarify this, and Kyle's suggestion, as the API docs are very vague in this area Thanks Simon On Jan 1, 5:21 pm, Kyle Mulka repalvigla...@yahoo.com wrote: My experience with rate limiting shows that each authenticated request is counted against that user's limit on your IP. So, you get 20,000 requests per IP, per user, per hour assuming all your requests are authenticated. Any unauthenticated requests go towards the 20,000 request limit per IP, per hour. In my case, all Twitter API calls are authenticated and cached for an hour. The way my app is set up, under normal usage, no user will use more than 20,000 Twitter API requests. -- Kyle Mulka Founder, Congo Labshttp://twilk.com On Jan 1, 5:43 pm, jojet j...@jojet.com wrote: Hi all, I was feeling a little clever after working on some Twitter API stuff but then thought oh! I'd better think about Twitters rate limiting...and then that's where my brain started to melt! A few bits of info: my web app needs people to authenticate (OAUTH) and, from then on, the app analyses their tweets and occasionally updates registered user's statuses. I've applied for the webserver IP to be white listed which I believe gives the app 20,000 requests per hour. I've not found the search API to be great when looking for a hashtag (sometimes tweets just don't seem to get indexed) so I've gone a stage further and am analysing the individual timelines of all my registered users via a cron job (the cron job sucks in all of a persons tweets greater than the last analysed tweet of the user). This call is made via OAUTH/authenticated so I believe such a call depletes the user's rate limit quota rather than the IP/authenticated account of the webserver quota? Is that correct? Thanks for any thoughts here Joel
[twitter-dev] Re: Rate Limiting question
My experience with rate limiting shows that each authenticated request is counted against that user's limit on your IP. So, you get 20,000 requests per IP, per user, per hour assuming all your requests are authenticated. Any unauthenticated requests go towards the 20,000 request limit per IP, per hour. In my case, all Twitter API calls are authenticated and cached for an hour. The way my app is set up, under normal usage, no user will use more than 20,000 Twitter API requests. -- Kyle Mulka Founder, Congo Labs http://twilk.com On Jan 1, 5:43 pm, jojet j...@jojet.com wrote: Hi all, I was feeling a little clever after working on some Twitter API stuff but then thought oh! I'd better think about Twitters rate limiting...and then that's where my brain started to melt! A few bits of info: my web app needs people to authenticate (OAUTH) and, from then on, the app analyses their tweets and occasionally updates registered user's statuses. I've applied for the webserver IP to be white listed which I believe gives the app 20,000 requests per hour. I've not found the search API to be great when looking for a hashtag (sometimes tweets just don't seem to get indexed) so I've gone a stage further and am analysing the individual timelines of all my registered users via a cron job (the cron job sucks in all of a persons tweets greater than the last analysed tweet of the user). This call is made via OAUTH/authenticated so I believe such a call depletes the user's rate limit quota rather than the IP/authenticated account of the webserver quota? Is that correct? Thanks for any thoughts here Joel
[twitter-dev] Re: Rate Limiting Question
Craig, I just ran a test, and I can also confirm what you have found. Unauthenticated calls decrease per IP 20,000 Authenticated calls decrease per-IP per-user 20,000 Dewald On Aug 13, 4:27 pm, CaMason stasisme...@googlemail.com wrote: The behaviour at the moment is definitely as-described above: Unauthenticated calls decrease IP 20,000 Authenticated calls decrease per-user 20,000 My app only uses authenticated calls during normal use, and the IP- based limit isn't decreasing at-all 20,000 per-user is pretty silly - With 1000 users, I would be allowed to make 5,555 calls per second. A max of say 500 authenticated calls per-user would be more sensible, and would allow apps with many users to scale :) -Craig
[twitter-dev] Re: Rate Limiting Question
Hi There, What you all have been confirming is correct. The intended behavior is 20k per IP unauthenticated, and 20k per IP *per user* authenticated. This is not a bug. -Chad On Thu, Aug 13, 2009 at 4:43 PM, Abraham Williams4bra...@gmail.com wrote: I've been reading I have confirmed emails from 5 different threads for the last 2 weeks. Can we hold off until Chad gets back to us with an official answer. :) Thanks Abraham 2009/8/13 Dewald Pretorius dpr...@gmail.com Craig, I just ran a test, and I can also confirm what you have found. Unauthenticated calls decrease per IP 20,000 Authenticated calls decrease per-IP per-user 20,000 Dewald On Aug 13, 4:27 pm, CaMason stasisme...@googlemail.com wrote: The behaviour at the moment is definitely as-described above: Unauthenticated calls decrease IP 20,000 Authenticated calls decrease per-user 20,000 My app only uses authenticated calls during normal use, and the IP- based limit isn't decreasing at-all 20,000 per-user is pretty silly - With 1000 users, I would be allowed to make 5,555 calls per second. A max of say 500 authenticated calls per-user would be more sensible, and would allow apps with many users to scale :) -Craig -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Rate Limiting Question
Holy Thanks, Chad. :) On Aug 13, 4:58 pm, Chad Etzel c...@twitter.com wrote: Hi There, What you all have been confirming is correct. The intended behavior is 20k per IP unauthenticated, and 20k per IP *per user* authenticated. This is not a bug. -Chad On Thu, Aug 13, 2009 at 4:43 PM, Abraham Williams4bra...@gmail.com wrote: I've been reading I have confirmed emails from 5 different threads for the last 2 weeks. Can we hold off until Chad gets back to us with an official answer. :) Thanks Abraham 2009/8/13 Dewald Pretorius dpr...@gmail.com Craig, I just ran a test, and I can also confirm what you have found. Unauthenticated calls decrease per IP 20,000 Authenticated calls decrease per-IP per-user 20,000 Dewald On Aug 13, 4:27 pm, CaMason stasisme...@googlemail.com wrote: The behaviour at the moment is definitely as-described above: Unauthenticated calls decrease IP 20,000 Authenticated calls decrease per-user 20,000 My app only uses authenticated calls during normal use, and the IP- based limit isn't decreasing at-all 20,000 per-user is pretty silly - With 1000 users, I would be allowed to make 5,555 calls per second. A max of say 500 authenticated calls per-user would be more sensible, and would allow apps with many users to scale :) -Craig -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Rate Limiting Question
Just to make things crystal clear, it should be stated that the 20k rate limits apply only to GET requests to the so-called REST-API. Other request types (I.e., POST) and / or other APIs (I.e., search, streaming) have other rate limits. Jim Renkel On Aug 13, 3:58 pm, Chad Etzel c...@twitter.com wrote: Hi There, What you all have been confirming is correct. The intended behavior is 20k per IP unauthenticated, and 20k per IP *per user* authenticated. This is not a bug. -Chad On Thu, Aug 13, 2009 at 4:43 PM, Abraham Williams4bra...@gmail.com wrote: I've been reading I have confirmed emails from 5 different threads for the last 2 weeks. Can we hold off until Chad gets back to us with an official answer. :) Thanks Abraham 2009/8/13 Dewald Pretorius dpr...@gmail.com Craig, I just ran a test, and I can also confirm what you have found. Unauthenticated calls decrease per IP 20,000 Authenticated calls decrease per-IP per-user 20,000 Dewald On Aug 13, 4:27 pm, CaMason stasisme...@googlemail.com wrote: The behaviour at the moment is definitely as-described above: Unauthenticated calls decrease IP 20,000 Authenticated calls decrease per-user 20,000 My app only uses authenticated calls during normal use, and the IP- based limit isn't decreasing at-all 20,000 per-user is pretty silly - With 1000 users, I would be allowed to make 5,555 calls per second. A max of say 500 authenticated calls per-user would be more sensible, and would allow apps with many users to scale :) -Craig -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Rate Limiting Question
YabadabaFrigginDoo!! I have no idea what kind of application would need to continuously make 5 authenticated calls per second on a particular Twitter account, but hey, if you can think of one, you know you won't be rate limited. Dewald On Aug 13, 5:58 pm, Chad Etzel c...@twitter.com wrote: Hi There, What you all have been confirming is correct. The intended behavior is 20k per IP unauthenticated, and 20k per IP *per user* authenticated. This is not a bug. -Chad
[twitter-dev] Re: Rate Limiting Question
On Thu, Aug 13, 2009 at 5:44 PM, Dewald Pretoriusdpr...@gmail.com wrote: YabadabaFrigginDoo!! I have no idea what kind of application would need to continuously make 5 authenticated calls per second on a particular Twitter account, but hey, if you can think of one, you know you won't be rate limited. Dewald Twitterbation? ∞ Andy Badera ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=(andrew+badera)+OR+(andy+badera)
[twitter-dev] Re: Rate Limiting Question
In fact, with an API response time of 0.3 seconds, you won't even run out of rate limit if your authenticated GET script goes into an endless loop. Dewald On Aug 13, 6:44 pm, Dewald Pretorius dpr...@gmail.com wrote: YabadabaFrigginDoo!! I have no idea what kind of application would need to continuously make 5 authenticated calls per second on a particular Twitter account, but hey, if you can think of one, you know you won't be rate limited. Dewald On Aug 13, 5:58 pm, Chad Etzel c...@twitter.com wrote: Hi There, What you all have been confirming is correct. The intended behavior is 20k per IP unauthenticated, and 20k per IP *per user* authenticated. This is not a bug. -Chad
[twitter-dev] Re: Rate Limiting Question
Hi Chad - Now that the DDoS attacks are (sort of) behind us, can we seek some closure on this? I'm dying to know the official, undisputed, written- in-stone, we-can-finally-stop-arguing-about-it answer to the following (which I think simplifies the question): If my IP is whitelisted and I have 20 simultaneous users logged in to my app for 1 hour and each user generates 1,000 requests, have I used up my rate limit for that hour or could each user send 19,000 more requests? If it's the latter, is that a bug that's going to be fixed, or does Twitter really love us that much? :) On Aug 6, 1:04 pm, Chad Etzel c...@twitter.com wrote: Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does soundtoogoodto betrue:)
[twitter-dev] Re: Rate Limiting Question
With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/d1664c633972a7c1/9f49c1ad096e9139?lnk=gstq=API+rate+limit#9f49c1ad096e9139 On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/d1664c633972a7c1/9f49c1ad096e9139?lnk=gstq=API+rate+limit#9f49c1ad096e9139 On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Good questions. I agree the phrasing surrounding this topic in the documentation is not extremely clear. I am digging for answers. -Chad On Thu, Aug 6, 2009 at 12:44 PM, Jesse Stayjesses...@gmail.com wrote: Chad, did that change recently? I was told by Alex and others there that it was 20,000 calls per hour, period, per IP. When did that change and why weren't we notified? This will save me a lot of money if it is indeed true. Jesse On Thu, Aug 6, 2009 at 12:37 PM, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does sound too good to be true :) -Chad On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretoriusdpr...@gmail.com wrote: Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Chad, did that change recently? I was told by Alex and others there that it was 20,000 calls per hour, period, per IP. When did that change and why weren't we notified? This will save me a lot of money if it is indeed true. Jesse On Thu, Aug 6, 2009 at 12:37 PM, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
That would be the same as having no rate limit at all, because really, which app would beed to make 20,000 GET calls per hour on one Twitter account? If that's how it is enforced currently, then that is the reason why the API often gets so overloaded and slow. Dewald On Aug 6, 2:04 pm, Chad Etzel c...@twitter.com wrote: Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does sound too good to be true :) -Chad On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretoriusdpr...@gmail.com wrote: Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Just some background. I talked with Doug about this a few months ago, because I observed in the Rate Limit Header of get calls that the 20,000 number decremented by user, not by IP address in aggregate. Doug informed me that he was going to hand the issue over to Matt, who was on vacation at that point, to look into when he got back from vacation. Doug specifically said that the intended behavior was for the 20,000 rate limit to be by IP address only. So, the point I'm trying to make is, at one point the API did count the 20,000 rate limit per IP address per user, but that was a bug that should have been fixed. I have not checked whether it is actually fixed. But, it's easy to check. Just do a GET call from a whitelisted IP with one user's credentials, check the remaining rate limit number, and then do the same call with another user's credentials. If each call gives you 19,999 remaining, then you know the bug still exists, and consequently no IP rate limiting is currently being done. Dewald On Aug 6, 2:04 pm, Chad Etzel c...@twitter.com wrote: Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does sound too good to be true :) -Chad On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretoriusdpr...@gmail.com wrote: Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
I got the same response from Alex awhile back (and I think confirmed by Doug). And I'm seeing the same results, as well. I'm pretty sure it's 20,000 per IP without regard to user. Jesse On Thu, Aug 6, 2009 at 1:24 PM, Dewald Pretorius dpr...@gmail.com wrote: Just some background. I talked with Doug about this a few months ago, because I observed in the Rate Limit Header of get calls that the 20,000 number decremented by user, not by IP address in aggregate. Doug informed me that he was going to hand the issue over to Matt, who was on vacation at that point, to look into when he got back from vacation. Doug specifically said that the intended behavior was for the 20,000 rate limit to be by IP address only. So, the point I'm trying to make is, at one point the API did count the 20,000 rate limit per IP address per user, but that was a bug that should have been fixed. I have not checked whether it is actually fixed. But, it's easy to check. Just do a GET call from a whitelisted IP with one user's credentials, check the remaining rate limit number, and then do the same call with another user's credentials. If each call gives you 19,999 remaining, then you know the bug still exists, and consequently no IP rate limiting is currently being done. Dewald On Aug 6, 2:04 pm, Chad Etzel c...@twitter.com wrote: Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does sound too good to be true :) -Chad On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretoriusdpr...@gmail.com wrote: Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the
[twitter-dev] Re: Rate Limiting Question
@Dewald Pretorius For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! I believe 20k limit per user is the desirable behavior, but i don't think twitter will allow you to make infinite calls in which case they will black list you. I have not checked whether it is actually fixed. But, it's easy to check. Just do a GET call from a whitelisted IP with one user's credentials, check the remaining rate limit number, and then do the same call with another user's credentials. If each call gives you 19,999 remaining, then you know the bug still exists, and consequently no IP rate limiting is currently being done. You can verify this here http://twxlate.com This bug was closed very recently (about a month and a half ago) as working as intended http://code.google.com/p/twitter-api/issues/detail?id=617 That would be the same as having no rate limit at all, because really, which app would beed to make 20,000 GET calls per hour on one Twitter account? we dont know the rationale behind that number but if the limit is per IP then your app is easily susceptible to DOS attacks. I believe there are many apps (not whitelisted) out there which make more than 20k calls/hour (150 users /hour and 150 calls) The limit should always be per user(whether IP is whitelisted or not) On Thu, Aug 6, 2009 at 10:54 PM, Dewald Pretorius dpr...@gmail.com wrote: Just some background. I talked with Doug about this a few months ago, because I observed in the Rate Limit Header of get calls that the 20,000 number decremented by user, not by IP address in aggregate. Doug informed me that he was going to hand the issue over to Matt, who was on vacation at that point, to look into when he got back from vacation. Doug specifically said that the intended behavior was for the 20,000 rate limit to be by IP address only. So, the point I'm trying to make is, at one point the API did count the 20,000 rate limit per IP address per user, but that was a bug that should have been fixed. I have not checked whether it is actually fixed. But, it's easy to check. Just do a GET call from a whitelisted IP with one user's credentials, check the remaining rate limit number, and then do the same call with another user's credentials. If each call gives you 19,999 remaining, then you know the bug still exists, and consequently no IP rate limiting is currently being done. Dewald On Aug 6, 2:04 pm, Chad Etzel c...@twitter.com wrote: Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does sound too good to be true :) -Chad On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretoriusdpr...@gmail.com wrote: Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob