If this is correct (and I don't think it is), then it's very different
from what has always been my understanding. I've stated a few times on
this list my belief that if you're going to be supporting a
significant number of simultaneous users, whitelisting works against
you. No one has ever challenged that assertion.

This is in the rate limit documentation Abraham linked to: "Each
whitelisted entity, whether an account or IP address, is allowed 20000
requests per hour."

It is my understanding that if your IP is whitelisted, you get one
pool of 20,000 requests per each hour to divide up amongst all your
users - NOT 20,000 requests for each of them. I could be wrong, but I
don't think I am. If you have a whitelisted IP, here's an experiment
you can run:

1. Check the current rate limit using two different Twitter accounts
from your IP (using curl or whichever tool you choose). You should get
the same number (probably 20,000 unless you've been making requests
recently from that IP)
2. Make a request that counts against the rate limit from ONE and only
ONE of the two accounts (grab their statuses/friends_timeline, for
example)
3. Repeat step 1. Do both users now see 19,999? Or does one see 19,999
and one see 20,000?

If one user still sees 20,000, then I'm wrong, and you've got 20,000
requests per hour per user (and I'm gonna go apply for
whitelisting :). If they both see 19,999, then I'm right - your IP has
a single pool of 20,000 requests from which all of your users draw.


On Jul 24, 2:36 am, srikanth reddy <srikanth.yara...@gmail.com> wrote:
> @jim.renkel. Thanks a ton. I think now it is clear.
>
> <<It appears to me that each user of a white-listed site gets 20k
> requests per hour, independent of any other users of that site or *any
> other uses of the twitter API at other sites by that user *>>
>
> probably this is what they mean by
>
> *"IP whitelisting takes precedence to account rate limits*. *GET requests
> from a whitelisted IP address made on a user's behalf will be deducted from
> the whitelisted IP's limit, not the users*."
>
> If the IP limit  is for the consumer then it will lead to denial of service
> attacks.
> This is how we wanted it to work.
>
> Srikanth
>
>
>
> On Fri, Jul 24, 2009 at 12:52 AM, jim.renkel <james.ren...@gmail.com> wrote:
>
> > My experience with this is, I think, a little bit different than what
> > you describe.
>
> > It appears to me that each user of a white-listed site gets 20k
> > requests per hour, independent of any other users of that site or any
> > other uses of the twitter API at other sites by that user.
>
> > I didn't think this was what twitter intended and reported it as a bug
> > (See:http://code.google.com/p/twitter-api/issues/detail?id=617), but
> > the twitter folk said "Yup, working as intended".
>
> > After you log in athttp://twxlate.com, the site reports rate limit
> > information on every page view, so you can see how this works there.
>
> > Comments expected and welcome.
>
> > Jim Renkel
>
> > On Jul 23, 3:48 am, jmathai <jmat...@gmail.com> wrote:
> > > > In other words, you have a web app running on a single server with a
> > > > single IP. You make authenticated requests using each user's account.
> > > > If your IP is whitelisted, the calls go towards your 20k limit, if it
> > > > is not whitelisted, it goes against the current 150 limit for the
> > > > respective accounts. That's what it means by "IP whitelisting takes
> > > > precedence to account rate limits".
>
> > > I don't believe that is true.  If your web app is running on a
> > > whitelisted IP then you get up to 20k GET calls per hour.  POST
> > > requests (status or DM) are counted against the user being
> > > authenticated.  You CANNOT retrieve a user's rate limit status.

Reply via email to