I got the same response from Alex awhile back (and I think confirmed by Doug). And I'm seeing the same results, as well. I'm pretty sure it's 20,000 per IP without regard to user. Jesse
On Thu, Aug 6, 2009 at 1:24 PM, Dewald Pretorius <dpr...@gmail.com> wrote: > > Just some background. I talked with Doug about this a few months ago, > because I observed in the Rate Limit Header of get calls that the > 20,000 number decremented by user, not by IP address in aggregate. > > Doug informed me that he was going to hand the issue over to Matt, who > was on vacation at that point, to look into when he got back from > vacation. > > Doug specifically said that the intended behavior was for the 20,000 > rate limit to be by IP address only. > > So, the point I'm trying to make is, at one point the API did count > the 20,000 rate limit per IP address per user, but that was a bug that > should have been fixed. > > I have not checked whether it is actually fixed. But, it's easy to > check. Just do a GET call from a whitelisted IP with one user's > credentials, check the remaining rate limit number, and then do the > same call with another user's credentials. If each call gives you > 19,999 remaining, then you know the bug still exists, and consequently > no IP rate limiting is currently being done. > > Dewald > > On Aug 6, 2:04 pm, Chad Etzel <c...@twitter.com> wrote: > > Hi Dewald, > > > > I asked "The Powers That Be" about it, and that was the response I > > got. However, I am double and triple checking because that does sound > > too good to be true :) > > > > -Chad > > > > On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretorius<dpr...@gmail.com> > wrote: > > > > > Chad, > > > > > Are you 100% sure of that? > > > > > I mean, in terms of rate limiting that simply does not make sense. > > > > > For my site, TweetLater.com, it would mean I have an effective hourly > > > rate limit, per IP address, of 2 BILLION IP GET calls per hour! > > > (20,000 per user for 100,000 users). > > > > > It sounds wrong to me. > > > > > Dewald > > > > > On Aug 6, 1:37 pm, Chad Etzel <c...@twitter.com> wrote: > > >> Hi Inspector Gadget, er... Bob, > > > > >> Yes, the current whitelisted IP rate-limit allows 20k calls per hour > > >> *per user* on Basic Auth or OAuth or a combination thereof. > > > > >> Go, go gadget data! > > > > >> -Chad > > >> Twitter Platform Support > > > > >> On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishel<bobfis...@gmail.com> > wrote: > > > > >> > Well it seems as though Twitter is saying that 20k calls per user is > > >> > the intended functionality. Chad or someone else can you confirm > this? > > > > >> > Also if the correct functionality is 20k per ip per hour will you > then > > >> > fail over to 150 per user per hour or is it cut off? > > > > >> > Thanks > > > > >> > -Bob > > > > >> > On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretorius<dpr...@gmail.com> > wrote: > > > > >> >> Bob, > > > > >> >> Don't base your app on the assumption that it is 20,000 calls per > hour > > >> >> per user. > > > > >> >> You get 20,000 GET calls per whitelisted IP address, period. It > does > > >> >> not matter if you use those calls for one Twitter account or 10,000 > > >> >> Twitter accounts. > > > > >> >> If the API is currently behaving differently, then it is a bug. > > > > >> >> I have had discussions with Twitter engineers about this, and the > > >> >> intended behavior is an aggregate 20,000 calls per whitelisted IP > > >> >> address as I mentioned above. > > > > >> >> Dewald > > > > >> >> On Aug 6, 4:09 am, Robert Fishel <bobfis...@gmail.com> wrote: > > >> >>> Wowzers (bonus points for getting the reference) > > > > >> >>> It appears as if each user does get 20k (according to the linked > > >> >>> threads) this is I think what they intended and makes apps a LOT > > >> >>> easier to develop as you can now do rate limiting (ie caching and > > >> >>> sleeping etc...) based on each user and not on an entire server > pool, > > >> >>> makes sessions much cleaner. > > > > >> >>> I am whitelisted and I'll test this tomorrow evening to make > double > > >> >>> sure but this sounds great!. > > > > >> >>> Thanks > > > > >> >>> -Bob > > > > >> >>> On Thu, Aug 6, 2009 at 2:53 AM, srikanth > > > > >> >>> reddy<srikanth.yara...@gmail.com> wrote: > > >> >>> > With a whitelisted IP you can make 20k auth calls per hour for > each user. > > >> >>> > Once you reach this limit for a user you cannot make any auth > calls from > > >> >>> > that IP in that duration. But the user can still use his 150 > limit from > > >> >>> > other apps. > > > > >> >>> > > http://groups.google.com/group/twitter-development-talk/browse_thread... > > > > >> >>> > On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel < > b...@bobforthejob.com> wrote: > > > > >> >>> >> From the Rate Limiting documentation: > > > > >> >>> >> "IP whitelisting takes precedence to account rate limits. GET > requests > > >> >>> >> from a whitelisted IP address made on a user's behalf will be > deducted > > >> >>> >> from the whitelisted IP's limit, not the users. Therefore, > IP-based > > >> >>> >> whitelisting is a best practice for applications that request > many > > >> >>> >> users' data." > > > > >> >>> >> Say for example I wanted to simply replicate the twitter > website. One > > >> >>> >> page per user that just monitors for new statuses with > authenticated > > >> >>> >> (to catch protected users) calls to > > >> >>> >>http://twitter.com/statuses/friends_timeline.json > > > > >> >>> >> Say I was very popular and had 20k people on the site. Would > this > > >> >>> >> limit me to 1 call per minute per user or would it fall over to > the > > >> >>> >> user limit of 150 an hour once I hit my 20k? If so how can I > tell it > > >> >>> >> has fallen over besides for simply keeping track of the number > of > > >> >>> >> calls per hour my server has made. > > > > >> >>> >> Thanks > > > > >> >>> >> -Bob >