As I've pointed out in other posts to this group, and I will be the first to acknowledge that there are conflicting opinions and facts on this, it is my understanding and experience that for GET requests that require authorization the rate limit is per user per IP address: - If *EITHER* the user or the IP address or both are white-listed, then the rate limit is 20k requests per hour for that user using that IP address. - If *NEITHER* the user nor the IP address is white-listed, the the rate limit is 150 requests per hour, again for that user using that IP address.
So, again as I understand it, either of your scenarios should work OK, and in neither case should you be black-holed. In scenario 1, you would have 10k users * 20k requests per hour for an aggregate rate limit of 200kk (i.e., 200 million) requests per hour. Even if you corner the market on twitter API usage, I can't imagine generating that many requests per hour! :-) In scenario 2, you would have 10k users * 150 requests per hour for an aggregate rate limit of a mere 1.5kk (i.e, 1.5 million) requests per hour. You probably can't corner the market with that limited capacity. Oh well, I guess you'll have to find another business model! :-) BTW, IMHO, I believe that what the twitter API spec is calling "authenticated" requests should be called "authorized" requests. Authentication is a prelude and prerequisite to authorization, and in delivering the requested service the API is authorizing you to receive the service for the authenticated user. If the API were just authenticating the user, it would return a simple, binary "Yes, the user has been authenticated to our satisfaction" or "No, the user has not been authenticated to our satisfaction" answer to a request for authentication. Comments expected and welcome. Jim Renkel On Aug 11, 6:51 pm, shiplu <shiplu....@gmail.com> wrote: > On Wed, Aug 12, 2009 at 6:41 AM, Julio Biason<julio.bia...@gmail.com> wrote: > > > On Wed, Aug 12, 2009 at 7:01 AM, shiplu<shiplu....@gmail.com> wrote: > >> Oops! Basic Mistake! > >> But what about I am talking about GET requests. > > > If you're doing a GET 3 times every hour, then it would be better not > > use a whitelisted IP. This way, the rate limit will count to each > > user, not the IP (considering that you're authenticating those users.) > > But there is a chance my IP will be blacklisted, isn't it? > Also If I just cache every request, It will never hit the rate limit. > > -- > A K M Mokaddimhttp://talk.cmyweb.nethttp://twitter.com/shiplu > Stop Top Posting !! > বাংলিশ লেখার চাইতে বাংলা লেখা অনেক ভাল > Sent from Dhaka, Bangladesh
