Hello, We are developing a website that uses the Twitter API. At current, when a users gets onto our site, a login screen appears, prompting the user to enter his/her twitter username and password. Our system/ website does http://twitter.com/account/verify_credentials.format ( http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0rate_limit_status ) to check if this is a valid user and if their password and username match. If we get a '200' code then we log the user.
However, http://apiwiki.twitter.com/Rate-limiting says: "The default rate limit for calls to the REST API is 150 requests per hour. The REST API does account- and IP-based rate limiting. Authenticated API calls are charged to the authenticating user's limit while unauthenticated API calls are deducted from the calling IP address' allotment." Does this mean that we can only get 150 users requesting http://twitter.com/account/verify_credentials.format at a given hour? Are we doing our logon process correctly this way? Or should we consider a better approach to this?