On the twitter Rate Limiting page(https://dev.twitter.com/docs/rate-limiting) it says
"Unauthenticated calls are permitted 150 requests per hour. Unauthenticated calls are measured against the public facing IP of the server or device making the request."
Is that the measurement based on enduser IP address or the server IP(ip of http:xxxx.com) ?
Is there a way to increase the limit may be through some paid service of Twitter ?
Regards,
Navin
Server IP
No. But you should use authenticated calls (oAuth) - you get 350 requests per hour. Each authenticated user of your app has 350 calls you can use, IP ignored.
Related
We have implemented a central token store for making multiple Podio API requests from AWS Lambda using the same access tokens. I have been seeing frequent "unauthorized" exceptions returned from Podio. When I use the token from the "unauthorized" request directly in REST Client it works fine. In addition, the rate limit values show that I am not near the limit. Is there a limit to the number of concurrent requests in Podio by account? Thanks for any help.
If Podio returns 403 Unauthorized then access token you've provided is not valid for resource requested. And there is no way that same request for same resource with same access token that got 403 once will get successful response when you run it from another client.
If you want to troubleshoot it well: record/log full https request and response.
Regarding rate limit part of your question: there is different limit for login operation. And there is no general limit on number on concurrent requests by account, but load balancer and DDOS protection might kick in if you go insane.
I saw that Twilio has a default 15 second timeout for SMS inbound requests. I'm using a Java-based AWS Lambda behind API Gateway for my SMS inbound requests, and it takes a few seconds to spin up a java-based lambda function if it's been dormant for a while. Is it possible to increase my timeout in Twilio?
I've been having issues with Twilio not being able to connect to our server within the 15 second timeout and their support just plainly refuses to increase the timeout. So no, you can't increase it.
You can provide a fallback URL but it is not helping things at all for us.
Something is not right with their setup, they should have built in retries like other service providers.
I am using Google directions and geocode services in my iOS App, and it works fine. I am also using Google maps API.
For google maps, I am using an API Key, but for geocoding and directions services, I am calling them as any REST Webservice, without adding the API Key parameter, and it works.
My questions here are
Is the API Key mandatory for client-side calls ? Is it legal ?
If not, what are the risks?
If I add an API Key, the 2500 query per day per key limit will apply, or the limit will be per users IP address?
In https://developers.google.com/maps/documentation/directions/ I can read
All Directions API applications should use an API key
In https://developers.google.com/maps/documentation/geocoding/ I can read
All Geocoding API applications should use an API key
At the same time, I am not using Server side Geocoding/Directions, but Client side calls, and for now, I haven't sent any ApiKey when using it.
A key is not required for these webservices, they may work without.
The difference is the quota: without a key it will be based on the IP-address of the server. When your domain shares the same IP-address with other domains(usually it's the case) you will also share your quota with these domains.
The result: when applications placed at other domains with the same IP(may be houndreds) also request these services(without a key) you'll often hit the limits.
When you use the services on clientside(via the methods of the maps-Javascript-API) it doesn't matter at all, any limit will apply to the user of your application, not to the application.
How do I implement the oauth_token into my request?
When making a request to twitter's REST API:
https://api.twitter.com/1/users/show.json?screen_name=shakira
I get the rate limit error (Rate limit exceeded. Clients may not make more than 150 requests per hour.)
I have created a twitter application and received an access token, which I am now trying to use to boost my rate limit to 350. I have tried adding it to the url, like so:
https://api.twitter.com/1/users/show.json?oauth_token=MyAccessTokenGoesHere&screen_name=shakira
But that isn't working...
OAuth parameters should go to the header of your request, not in the URL. For more details check the following article in the documentation:
https://dev.twitter.com/docs/auth/authorizing-request
Here http://developer.twitter.com/pages/rate-limiting we can read that:
Anonymous calls are based on the IP of the host and are permitted 150 requests per hour. This classification includes unauthenticated requests (such as RSS feeds), and authenticated requests to resources that do not require authentication.
OAuth calls are permitted 350 requests per hour.
And as we can see at http://dev.twitter.com/doc/get/users/show - it does not require authentication.
So I expected my localhost will reach limit of accessing users/show/zerkms endpoint after 150 requests. But I was able to perform all 350 requests.
Where is the truth?
If you are sending authentication headers to Twitter, then your rate limit will be the authenticated rate limit of 350 requests to rate limited resources per hour, and this is regardless of whether you are calling methods that do not require authentication.
So, since you were authenticated, you had 350 API calls you could burn. If you were unauthenticated, you could only have made 150 calls.
Edit:
I believe the documentation you specify is indeed incorrect. Authenticated requests to resources that do not require authentication, are not subject to the unauthenticated rate limit. Rather they are subject to the rate limit restriction of the currently authenticated account.
For example, if I make an authenticated call to users/show (a resource that does not require authentication) the rate limit headers on the HTTP response show X-RateLimit-Limit: 20000, X-RateLimit-Remaining: 19999. If I then make an unauthenticated call immediately to users/show, my rate limit headers show X-RateLimit-Limit: 150, X-RateLimit-Limit: 149.
There's a difference between requiring authentication and supporting authentication. If you provide authentication, in most cases, the Twitter API will consider it an authenticated request. If you want to ensure that your request is evaluated unauthenticated, don't send authentication.
I think it's related to http://dev.twitter.com/doc/get/statuses/followers and the old 'basic auth' because it starts with "depending on the authorization method" (even though there's only one method nowadays?). It doesn't require authentication but in some cases it does.
To make developers move to OAuth, they increased that rate limit when an API call is done using OAuth; that's what the second statement says.