Exactly. That's what I can't figure out. I'm not passing any authentication info:
http://twitter.com/friends/ids.json?user_id=A http://twitter.com/friends/ids.json?user_id=J http://twitter.com/friends/ids.json?user_id=K ... etc It appears that, afterward, any attempts to login from the same IP (that I made the Social graph calls) fail (because the account is locked). I spoke with Mark and one possible explanation is that when you make the call without providing proper authentication, they're treating it like a failed attempt to login. The locked account has IP lockout entries that match his last login IP (which is the same one I'm making the social graph calls from). So the suggestion was to use authenticated requests for the API. On Wed, Dec 16, 2009 at 11:30 AM, Abraham Williams <4bra...@gmail.com> wrote: > How does it pick which account to lock if the calls are > unauthenticated? perhaps you are passing incorrect authentication instead? > Abraham > > On Wed, Dec 16, 2009 at 09:08, Sal Conigliaro <sco...@gmail.com> wrote: >> >> It appears that repeated (unauthenticated) calls to the API lock out >> the account. >> >> The workaround is to use authenticated credentials when querying the >> API. It would be helpful if the API docs could be revised to reflect >> this. >> >> Sal >> >> On Dec 13, 8:01 pm, Sal Conigliaro <sco...@gmail.com> wrote: >> > Thanks Mark. I appreciate it. >> > >> > On Dec 13, 1:28 am, Mark McBride <mmcbr...@twitter.com> wrote: >> > >> > > I'll check with our abuse team, but this looks odd. >> > >> > > On Sat, Dec 12, 2009 at 10:23 PM, Sal Conigliaro <sco...@gmail.com> >> > > wrote: >> > > > Hi there- >> > >> > > > I have an app that compares who you're following to your friends >> > > > followers. To do this, I query >> > > > ttp://twitter.com/friends/ids.json?user_id=X >> > > > and compare that to my (saved) list of IDs. >> > >> > > > I noticed that if I make repeated (unauthenticated) queries to >> > > >http://twitter.com/friends/ids.json?user_id=X(ie, I'm comparing my >> > > > friends to friend A's friends, then to friend A's friend (B), then >> > > > to >> > > > friend B's friend (C)) that user_id X gets locked out (I get the >> > > > "We've temporarily locked your account after too many failed >> > > > attempts >> > > > to sign in. Please chillax for a few, then try again." when trying >> > > > to >> > > > login to the website (or from a Twitter client). >> > >> > > > I'm guessing that the rapid, multiple queries look like abuse. >> > >> > > > I did notice, however, then if I make authenticated queries to the >> > > > same API method, the account locking does *not* happen. >> > >> > > > Is this an anti-abuse method? Is my only option to use authenticated >> > > > calls? >> > >> > > > Sal >> > >> > > -- >> > > ---Mark >> > >> > >http://twitter.com/mccv > > > > -- > Abraham Williams | Awesome Lists | http://bit.ly/sprout608 > Project | Intersect | http://intersect.labs.poseurtech.com > Hacker | http://abrah.am | http://twitter.com/abraham > This email is: [ ] shareable [x] ask first [ ] private. > Sent from Madison, WI, United States
