Thanks Matt! Adding the header explicitly solved my problem. I fully understand why auth is needed for the non-ID version. I am still unclear as to why auth is not required when the ID is specified, but I guess that's just a design choice.
Cheers, Shy. On Jun 22, 8:23 am, Matt Sanford <[email protected]> wrote: > Hi Shy, > > When you don't specify and ID we require authentication, when you > do specify and ID (no matter the user) we do not. This is mainly > because without authentication the non-ID version wouldn't make any > sense. When authentication is required we return HTTP 401 > (authentication required) and .NET does the same request again with > the credentials. When you pass in an ID we respond with valid data > since authentication is not required and .NET never actually sends the > credentials. You can get around this by setting the header manually > [1] or there is a HttpWebRequest.PreAuthenticate property [2], but it > does not works like one would expect [3]. I recommend the header route. > > Thanks; > – Matt Sanford / @mzsanford > Twitter Dev > > [1] -http://groups.google.com/group/twitter-development-talk/browse_frm/th... > [2] -http://groups.google.com/group/twitter-development-talk/msg/be5e28a8e... > [3] -http://groups.google.com/group/twitter-development-talk/browse_frm/th... > > On Jun 20, 2009, at 1:32 AM, Shy Cohen wrote: > > > > > > > Hi Matt, > > > Here's the C# code that I use to fetch the data: > > > HttpWebRequest webRequest = (HttpWebRequest) WebRequest.Create > > (requestUri); > > webRequest.Credentials = new NetworkCredential(myUsername, > > myPassword); > > webRequest.Method = "GET"; > > WebResponse webResponse = webRequest.GetResponse(); > > XDocument response = XDocument.Load(new StreamReader > > (webResponse.GetResponseStream(), Encoding.UTF8)); > > > If requestUri is "http://twitter.com/friends/ids.xml"; then > > response.Headers["X-RateLimit-Remaining"] returns "19999" > > > If requestUri is "http://twitter.com/friends/ids.xml?user_id=17283842"; > > then response.Headers["X-RateLimit-Limit"] returns "100". Please note > > that 17283842 is the user ID for the authenticated user (in other > > words, the ID of my account). > > > It seems that the difference is in whether I’m specifying the ID of > > the user for whom to get the list of friends implicitly (i.e. using > > the implicit ID of the signed-in user) or explicitly (i.e. by > > specifying it in the request). > > > Seems like this might be a bug (at least in the sense that it's > > unexpected behavior that is confusing the user ;-). What do you think? > > > Thanks, > > Shy. > > > On Jun 19, 12:21 pm, Matt Sanford <[email protected]> wrote: > >> Hi Shy, > > >> When authenticated methods correctly reflect the whitelisting > >> and > >> unauthenticated methods do not the most common cause is a client side > >> issue where the authentication is not being sent. This is the case > >> with browsers, who wait for an HTTP 401 and then respond with > >> credentials. Some HTTP libraries do this as well (.NET comes to > >> mind). > >> If you let us know what library/language you're using we might be > >> able > >> to help. Another good thing to do is take a look at your request > >> headers … if there is no Authentication header you're not > >> authenticated. > > >> Thanks; > >> – Matt Sanford / @mzsanford > >> Twitter Dev > > >> On Jun 19, 2009, at 9:39 AM, Shy Cohen wrote: > > >>> My app, running under my white-listed creds, was hitting the 100/hr > >>> rate limit. I thought that maybe my white-listing did not go into > >>> effect, but TweetDeck was showing that I have 20K calls left. I ran > >>> the Twitterizer sample, and it was working fine too, showing the > >>> quota > >>> to be 20K. I was baffled. I started playing with this a little and I > >>> believe I finally found the issue! > > >>> It seems that calls to fetch data about the currently logged in user > >>> (e.g.http://twitter.com/statuses/user_timeline.xml) are subject to > >>> the 20K rate limit, while calls to fetch other users' data (e.g. > >>>http://twitter.com/followers/ids.xml?user_id=<id>&page=<page>) are > >>> counted against the IP (or something else, but not the creds I’m > >>> providing). > > >>> Is this correct? If so, what’s the reason behind it? > > >>> Also, is there a way to get around this without white-listing my > >>> (dynamically assigned) IP address? > > >>> Thanks, > >>> Shy.- Hide quoted text - > > >> - Show quoted text -- Hide quoted text - > > - Show quoted text -
