I'm writing this without knowing the challenges that the API team faces with cooperating with the Operations team and hosting provider.
Nevertheless, I would like to ask if it would be possible, in the future, to allow API traffic from white listed IPs even during situations like these. At an application level, a table of white listed IPs would make it possible to filter out everything except from those IPs. And even at a firewall or network switch level, these exclusions can also be built in. It is not right that perfectly valid calls from perfectly valid and verified IP addresses should be denied for so long because someone else decided to mess with Twitter. I know it cannot be done right now, but it will be a massive improvement if it can be done in the near future. Dewald