Let's bring the discussion on the update to the new thread:
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/2d68c74567bc9809
Thanks,
Doug
On Mon, Jul 20, 2009 at 10:08 PM, Doug Williams d...@twitter.com wrote:
Martin,
The change certainly went out prematurely
All,
This change was thrown out on the pipeline rather quickly. We admittedly
should have done a better job voicing this rollout well in advance though it
was not a normal week at HQ for a number of very public and private reasons.
Users are now limited to 15 calls to account/verify_credentials
Thanks Doug. I'm anxiously looking forward to the answer to that question -
it will make things much better for those of us running scripts on the
backend who want to verify when our users have changed their passwords with
Twitter so we can notify them to change with us as well.
I understand this
On Mon, Jul 20, 2009 at 1:23 PM, Doug Williamsd...@twitter.com wrote:
If you feel that 15 requests per hour per user is too low, please
help us update this policy and share details of your use case.
One use-case where I can see this being a bottleneck is testing new
apps during development
Doug, I would also like to know if this can be changed to trigger only
on incorrect credentials. I check to make sure a user hasn't
deactivated my app connection every time they load a page, so these 15
calls gets used up rather quickly. I've started to get some
complaints due to this error and
The problem is so long as they are complaining on some of our apps they are
complaining on all our apps and there's no way of telling which app caused
it. In addition, it would be nice if OAuth-authorized apps were exempt from
this limit. Stopping a potential cracker is as simple as turning off
I agree Jesse. I don't see why this should be imposed on OAuth apps.
It's not likely somebody is going to guess both the token and the
token secret.
We are going to roll this change back and re-evaluate how we can
better accomplish our goals. There are problems and shortcomings of
this strategy that we need to mitigate.
I will update this thread when we have a concrete plan to share. I do
not have a definite date or time for the rollback but
Great news Doug!! It certainly has its shortcomings as it stands
now. I did change some of my code to limit its use, but I still need
to ensure my logged in users have maintained their connection.
Doug,
Thanks for letting us know about the new request limit. I was worried
something was wrong on my side. Like the others are saying; it would
have been nice with a heads-up.
Cheers,
/Martin
Martin,
The change certainly went out prematurely which is admittedly a
mistake on our end. I will have details tomorrow morning to share
about our fix.
Thanks,
Doug
On Mon, Jul 20, 2009 at 7:45 PM, Martin Omandermoman...@google.com wrote:
Doug,
Thanks for letting us know about the new
I asked the same thing of Alex - waiting to hear back. This method is still
very useful for verifying users haven't changed their passwords since the
last time the script was run. Also, in Alex's own words, OAuth isn't ready
for production yet, last I heard so probably shouldn't go that route
This is occurring with OAuth as well. verify_credentials is now being
limited to 15 calls/hour. I really wish they had informed us in
advance, at least not a day before weekend.
On Jul 18, 11:07 am, Jesse Stay jesses...@gmail.com wrote:
I asked the same thing of Alex - waiting to hear back.
Can someone verify if it is being limited even if the credentials are *correct*?
-Chad
On Sat, Jul 18, 2009 at 4:46 AM, Swarooprh.swar...@gmail.com wrote:
This is occurring with OAuth as well. verify_credentials is now being
limited to 15 calls/hour. I really wish they had informed us in
yeah, its being limited even when i call it with a valid OAuth sig.
On Jul 18, 11:39 am, Chad Etzel jazzyc...@gmail.com wrote:
Can someone verify if it is being limited even if the credentials are
*correct*?
-Chad
On Sat, Jul 18, 2009 at 4:46 AM, Swarooprh.swar...@gmail.com wrote:
This
Yeah, to tell you the truth the no notice thing has completely ruined my
weekend trying to re-factor broken production code thanks to this.
Jesse
On Sat, Jul 18, 2009 at 4:46 AM, Swaroop rh.swar...@gmail.com wrote:
This is occurring with OAuth as well. verify_credentials is now being
limited
How quickly are the 30-40 calls issued?
On Fri, Jul 17, 2009 at 1:03 PM, J.D. jeremy.d.mul...@gmail.com wrote:
Today I started getting this error, even only after a handful of API
calls. Is this a new change? I've tested with two accounts, one that
is whitelisted and another that is not. I'm
Hi Kevin,
It's downloading info for a social graph (all the users followers), so
fairly quickly. Do I need to add a sleep between calls to statuses/
followers?
J.D.
WRT the sleep, I've never had to in the past. It just started failing.
Regarding a sleep between calls, until someone from Twitter pipes in it
would be worth a use case test, yes.
On Fri, Jul 17, 2009 at 1:38 PM, J.D. jeremy.d.mul...@gmail.com wrote:
WRT the sleep, I've never had to in the past. It just started failing.
--
Kevin Mesiab
CEO, Mesiab Labs
are you calling the verify credentials call? they started limiting
that call to 15 requests per hour due to an attack vulnerability. I
started getting that error today too.
On Jul 17, 4:03 pm, J.D. jeremy.d.mul...@gmail.com wrote:
Today I started getting this error, even only after a handful of
Me too. I think more developers need to know about this - I see many
complaints of password issues on Twitter search recently.
Jesse
On Fri, Jul 17, 2009 at 10:17 PM, winrich winric...@gmail.com wrote:
are you calling the verify credentials call? they started limiting
that call to 15 requests
are you calling the verify credentials call? they started limiting
that call to 15 requests per hour due to an attack vulnerability.
Ah yes, as a matter of fact I am. I was calling it each time my
application started, I'll refactor that. Thanks!
J.D.
I can see why this api should be limited, but it seems (from the
outside, I'm sure maybe there are other reasons) like if the
credentials are correct, it shouldn't count against the limit. Only
limit if the attempts are bad (someone is fishing).
J.D.
24 matches
Mail list logo
