Dewald, Respectfully, I must (now) disagree that rate limiting should not be per user, i.e., that it *SHOULD* be per user based.
When my site, twxlate.com, was white-listed and I saw how the white- listing worked, namely that for authenticated requests each user of each white-listed IP address gets 20k requests per hour, I didn't think this was right. My logic was: "By white-listing my IP address, twitter has in effect white-listed each user of it." I reported this as what I thought was a defect (http://code.google.com/ p/twitter-api/issues/detail?id=617). In the follow up discussion, twitter folk have twice said, "Nope, working as intended." Based on discussions of the issue and elsewhere, I must now agree that this is operating as it should, i.e., per user based. My logic is now: "If rate limiting is not per user, then all users of an IP address will share one pool of 20k requests per hour. If a site has a 1,000 users at one time, then each user will get an average of 20 requests per hour. This is clearly not enough to do much useful. Therefore, rate limiting must be per user based." Currently, each user of a white-listed IP address get 20k requests per hour (You can verify this at twxlate.com: the site reports your rate limit after you sign in.). That may be too many, maybe they should only get, say, 150 requests per hour (Unless the user is also white- listed.), but whatever the number is, it has to be per user based. Twitter may have revised the rate limit policy or reduced the 20k number as part of dealing with the DOS attack. I don't see it at twxlate.com, but maybe other sites do. I hope, and expect, that twitter will revert to its former policy if, in fact, they have recently changed it. Or at least not change it for twxlate.com, since I just made a big announcement that this is an advantage of using my site! :-) Jim Renkel On Aug 10, 7:21 am, Dewald Pretorius <dpr...@gmail.com> wrote: > The API is currently counting down X-RateLimit-Remaining using the > logic of20krequests per hour perIP, not peruserperIP. > > That makes sense and I believe it is how it should work. > > Dewald > > On Aug 10, 2:17 am, Bob Fishel <b...@bobforthejob.com> wrote: > > > Since we have a lot of devs monitoring this now I'd like to bring back > > the discussion that we were having before this whole mess started. > > > Is the intention of Twitter to allow (for whitelistedIP's)20k > > requests per hour perUSERor20krequests per hour perIP. > > > I don't want to seem to be beating a dead horse and Chad has confirmed > > this but it still seems like there's quite a bit on contention. > > > Thanks > > > -Bob
