Hi Rushikesh,

You won't be able to use your two whitelisted accounts to enquire about rate
limiting for other accounts.

Think of an access token as essentially the user. Your consumer key is
essentially your application.

In basic auth, these two concepts were more intertwined. In the world of
OAuth they are separate.

When a method says it "requires authentication" -- that means it requires an
access token, meaning that the call is from the perspective of a user. It's
not just that there's some need for authentication, it's that the entire
operation, when used with an access token, is predicated on the perspective
of the member represented by your access token.

As you said, some member accounts are whitelisted and have higher rate
limits. Some do not. The only way you'll find out the rate limit for a
specific twitter member, in relation to your application and the IP address
being used, is by using an access token for that member. If you don't have
an access token for the member, you'll have no way to discover their rate

In our current implementation of OAuth, there is no concept of an
application acting on its own behalf without a user context. This context
will come, but whether an application can inquire about rate limits for
users that haven't explicitly given the application permission (through the
OAuth process) is unlikely.


On Tue, May 4, 2010 at 11:28 PM, Rushikesh Bhanage

> Hi Taylor,
>      Thank you for your reply first.
>      I think I could not explain my problem properly. OK first thing is my
> app does not have two users only, there are n number of users that are going
> to visit the website, the two users I mentioned are white listed user
> accounts, that I want to use as a authentication credentials to get rate
> limit status for each account in OAuth(user is not going to authenticate).
> There some queries to me as under:
>    1. would I be able to get rate limit status of above two account
> separately by skipping to authentication window of twitter, because I need
> this rate limit status in my code to perform user operation without
> acknowledging user about this OAuth.
>    2. As you mentioned in the last lines that when I shall use access token
> in the request, I would be getting rate limit status for the user indicated
> by the access token. Can you elaborate more on this.
>     Thank you in advance.
> On Tue, May 4, 2010 at 7:26 PM, Taylor Singletary <
> taylorsinglet...@twitter.com> wrote:
>> Hi Rushikesh,
>> You're asking a few things here, so I'll try to help clear them up:
>>   - Your app will need to do some kind of authentication for each of the
>> users. If your application is a web application, and you plan to have more
>> than just the two users you've mentioned, you'll want to implement the
>> entire OAuth 1.0a flow: request token acquisition, sending the user to
>> Twitter's authentication page, and then exchanging the request token for an
>> access token. You would then use the access token for each member to make
>> API calls. If the pool of users for your application will not go beyond the
>> two you mentioned, you might find yourself better served by applying for a
>> one-time use of xAuth to exchange your login credentials for access tokens.
>> If you're building a desktop or mobile application, you will want to use
>> either the OAuth 1.0A PIN/oauth_verifier flow or use xAuth.
>>   - Rate limiting is communicated through HTTP headers in the responses
>> you get from the API server.  See
>> http://dev.twitter.com/pages/rate-limiting
>>   - You can also use the
>> http://api.twitter.com/1/account/rate_limit_status end point to query on
>> rate limits. When using an access token in the request, the response will
>> indicate the rate limit status for the user represented by that access
>> token. If you aren't using an access token, it will indicate the rate limit
>> for the IP address.
>> Taylor Singletary
>> Developer Advocate, Twitter
>> http://twitter.com/episod
>> On Tue, May 4, 2010 at 2:00 AM, Rushikesh Bhanage <rishibhan...@gmail.com
>> > wrote:
>>> Hi there,
>>>       I am studying Abraham's code on github for Oauth to deal with my
>>> problem. In my app, user is not going to do authentication. I have two
>>> account with(username/password) and I have to use it to get ratelimit
>>> status. Studying code shows that, it is redirected(redirect.php) to
>>> twitter's window for user authentication. So instead of authenticating user
>>> on authentication window,  can I get ratelimit status of these two accounts
>>> authenticated through the code on github. Is it possible to do or
>>> alternatively what should I do?
>>>       can you suggest me any clue, please?
>>> Thank you in advance.

Reply via email to