Hi Shy,
When you don't specify and ID we require authentication, when you
do specify and ID (no matter the user) we do not. This is mainly
because without authentication the non-ID version wouldn't make any
sense. When authentication is required we return HTTP 401
(authentication required) and .NET does the same request again with
the credentials. When you pass in an ID we respond with valid data
since authentication is not required and .NET never actually sends the
credentials. You can get around this by setting the header manually
[1] or there is a HttpWebRequest.PreAuthenticate property [2], but it
does not works like one would expect [3]. I recommend the header route.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
[1] -
http://groups.google.com/group/twitter-development-talk/browse_frm/thread/14ac4568e4a1cb17
[2] -
http://groups.google.com/group/twitter-development-talk/msg/be5e28a8e0b4fb33
[3] -
http://groups.google.com/group/twitter-development-talk/browse_frm/thread/3d54172d7492cce3/74a5ddabe36d5d3c
On Jun 20, 2009, at 1:32 AM, Shy Cohen wrote:
Hi Matt,
Here's the C# code that I use to fetch the data:
HttpWebRequest webRequest = (HttpWebRequest) WebRequest.Create
(requestUri);
webRequest.Credentials = new NetworkCredential(myUsername,
myPassword);
webRequest.Method = "GET";
WebResponse webResponse = webRequest.GetResponse();
XDocument response = XDocument.Load(new StreamReader
(webResponse.GetResponseStream(), Encoding.UTF8));
If requestUri is "http://twitter.com/friends/ids.xml"; then
response.Headers["X-RateLimit-Remaining"] returns "19999"
If requestUri is "http://twitter.com/friends/ids.xml?user_id=17283842";
then response.Headers["X-RateLimit-Limit"] returns "100". Please note
that 17283842 is the user ID for the authenticated user (in other
words, the ID of my account).
It seems that the difference is in whether I’m specifying the ID of
the user for whom to get the list of friends implicitly (i.e. using
the implicit ID of the signed-in user) or explicitly (i.e. by
specifying it in the request).
Seems like this might be a bug (at least in the sense that it's
unexpected behavior that is confusing the user ;-). What do you think?
Thanks,
Shy.
On Jun 19, 12:21 pm, Matt Sanford <[email protected]> wrote:
Hi Shy,
When authenticated methods correctly reflect the whitelisting
and
unauthenticated methods do not the most common cause is a client side
issue where the authentication is not being sent. This is the case
with browsers, who wait for an HTTP 401 and then respond with
credentials. Some HTTP libraries do this as well (.NET comes to
mind).
If you let us know what library/language you're using we might be
able
to help. Another good thing to do is take a look at your request
headers … if there is no Authentication header you're not
authenticated.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
On Jun 19, 2009, at 9:39 AM, Shy Cohen wrote:
My app, running under my white-listed creds, was hitting the 100/hr
rate limit. I thought that maybe my white-listing did not go into
effect, but TweetDeck was showing that I have 20K calls left. I ran
the Twitterizer sample, and it was working fine too, showing the
quota
to be 20K. I was baffled. I started playing with this a little and I
believe I finally found the issue!
It seems that calls to fetch data about the currently logged in user
(e.g.http://twitter.com/statuses/user_timeline.xml) are subject to
the 20K rate limit, while calls to fetch other users' data (e.g.
http://twitter.com/followers/ids.xml?user_id=<id>&page=<page>) are
counted against the IP (or something else, but not the creds I’m
providing).
Is this correct? If so, what’s the reason behind it?
Also, is there a way to get around this without white-listing my
(dynamically assigned) IP address?
Thanks,
Shy.- Hide quoted text -
- Show quoted text -
