Dear Sir/ Madam,

I have several questions about the whitelisting, hope you can provide

Question 1)

>From the link "";, it mentioned
"IP whitelisting takes precedence to account rate limits. GET requests
from a whitelisted IP address made on a user's behalf will be deducted
from the whitelisted IP's limit, not the users. Therefore, IP-based
whitelisting is a best practice for applications that request many
users' data."

So if we whitelist our IP and call api (authenticated or
unauthenticated), through that ip, then all the rate limit by IP will
be exhausted very soon.  And when the rate limit by IP is used up, the
mechanism starts to use rate limit by user, but unauthenticated api
will not allowed to use this rate limit by user, and hence fail.

So under this situation, it is best to call authenticated and
unauthenticated through 2 different IPs?

Question 2)
"Each whitelisted entity, whether an account or IP address, is allowed
20000 requests per hour. This means that two authenticated users using
the same IP address would each get 20000 requests per hour. "

The limit of "account" is per application account basis, or per user

Reply via email to