/ 1/friendships/show with Authentication return "ip-based ratelimit"?


#1

I tested using oauth tool.
“X-RateLimit-Limit” of “/ 1/friendships/show” is 150.
Similarly, “X-RateLimit-Limit” of “/ 1/friendships/exists” it is 350.
Is this by design?


curl --get ‘https://api.twitter.com/1/friendships/show.json’ --data ‘source_
screen_name=kurrik&target_screen_name=episod’ --header ‘Authorization: OAuth oauth_consume
r_key=“il0wSnZ2ctnFFKHuqCUCLw”, oauth_nonce=“96e2adfdb70fc7af6e8c2d14c128a510”, oauth_sign
ature=“2zibDWCyTdq7dujDnmaKpkRBu94%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestam
p=“1355137285”, oauth_token=“152239379-5JKLL7HK9RBeNAHgiHzTjvNsiSCw2X06KnWy2QQX”, oauth_ve
rsion=“1.0”’ --verbose

  • About to connect() to api.twitter.com port 443
  • Trying 199.59.149.232… connected
  • Connected to api.twitter.com (199.59.149.232) port 443
  • successfully set certificate verify locations:
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • SSLv2, Client hello (1):
    SSLv3, TLS handshake, Server hello (2):
    SSLv3, TLS handshake, CERT (11):
    SSLv3, TLS handshake, Server finished (14):
    SSLv3, TLS handshake, Client key exchange (16):
    SSLv3, TLS change cipher, Client hello (1):
    SSLv3, TLS handshake, Finished (20):
    SSLv3, TLS change cipher, Client hello (1):
    SSLv3, TLS handshake, Finished (20):
    SSL connection using RC4-SHA
  • Server certificate:
  •    subject: /C=US/ST=California/L=San Francisco/O=Twitter, Inc./OU=Twitter Security/CN=api.twitter.com
    
  •    start date: 2012-05-02 00:00:00 GMT
    
  •    expire date: 2013-05-03 23:59:59 GMT
    
  •    subjectAltName: api.twitter.com matched
    
  •    issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
    
  • SSL certificate verify ok.

GET /1/friendships/show.json?source_screen_name=kurrik&target_screen_name=episod HTTP/1.1
User-Agent: curl/7.15.5 (i386-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: api.twitter.com
Accept: /
Authorization: OAuth oauth_consumer_key=“il0wSnZ2ctnFFKHuqCUCLw”, oauth_nonce=“96e2adfdb70fc7af6e8c2d14c128a510”, oauth_signature=“2zibDWCyTdq7dujDnmaKpkRBu94%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1355137285”, oauth_token=“152239379-5JKLL7HK9RBeNAHgiHzTjvNsiSCw2X06KnWy2QQX”, oauth_version=“1.0”

< HTTP/1.1 200 OK
< Date: Mon, 10 Dec 2012 11:01:51 GMT
< Status: 200 OK
< X-Runtime: 0.04439
< X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef1148c9d3919
< Expires: Tue, 31 Mar 1981 05:00:00 GMT
< X-RateLimit-Class: api
< Content-Type: application/json; charset=utf-8
< X-MID: 0a9692d0618685fa06a97a3584bd53d50ab0a3e2
< Pragma: no-cache
< Last-Modified: Mon, 10 Dec 2012 11:01:50 GMT
< Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< Content-Length: 338
< X-Access-Level: read-write-directmessages
< X-RateLimit-Reset: 1355140712
< X-RateLimit-Remaining: 148
< X-Frame-Options: SAMEORIGIN
< ETag: “f8d580f69c5114508edebe768d8ed05c”
< X-RateLimit-Limit: 150
< X-Transaction: 2ad98eaf5d4db5ba
< Set-Cookie: k=10.36.75.101.1355137310880460; path=/; expires=Mon, 17-Dec-12 11:01:50 GMT; domain=.twitter.com
< Set-Cookie: guest_id=v1%3A135513731088332480; domain=.twitter.com; path=/; expires=Wed, 10-Dec-2014 23:01:50 GMT
< Set-Cookie: dnt=; domain=.twitter.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
< Set-Cookie: lang=ja; path=/
< Set-Cookie: lang=ja; path=/
< Set-Cookie: lang=ja; path=/
< Set-Cookie: twid=u%3D152239379%7ChOZqaCztHM9D%2FUvw0TW3NIm8CIw%3D; domain=.twitter.com; path=/; secure
< Vary: Accept-Encoding
< Server: tfe
Connection #0 to host api.twitter.com left intact

  • Closing connection #0
  • SSLv3, TLS alert, Client hello (1):
    {“relationship”:{“target”:{“following”:true,“screen_name”:“episod”,“followed_by”:true,“id_str”:“819797”,“id”:819797},“source”:{“notifications_enabled”:null,“following”:true,“screen_name”:“kurrik”,“all_replies”:null,“blocking”:null,“want_retweets”:null,“marked_spam”:null,“can_dm”:true,“followed_by”:true,“id_str”:“7588892”,“id”:7588892}}}[dayny@sv ~]$

curl --get ‘https://api.twitter.com/1/friendships/exists.json’ --data ‘scree
n_name_a=episod&screen_name_b=rno’ --header ‘Authorization: OAuth oauth_consumer_key=“il0w
SnZ2ctnFFKHuqCUCLw”, oauth_nonce=“37ddc0ccc807a2012043a375bc1080a3”, oauth_signature=“XBWj
cdbsr5qSi9qkMwQ0CO%2BK99M%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“135513
7410”, oauth_token=“152239379-5JKLL7HK9RBeNAHgiHzTjvNsiSCw2X06KnWy2QQX”, oauth_version=“1.
0”’ --verbose

  • About to connect() to api.twitter.com port 443
  • Trying 199.59.149.232… connected
  • Connected to api.twitter.com (199.59.149.232) port 443
  • successfully set certificate verify locations:
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • SSLv2, Client hello (1):
    SSLv3, TLS handshake, Server hello (2):
    SSLv3, TLS handshake, CERT (11):
    SSLv3, TLS handshake, Server finished (14):
    SSLv3, TLS handshake, Client key exchange (16):
    SSLv3, TLS change cipher, Client hello (1):
    SSLv3, TLS handshake, Finished (20):
    SSLv3, TLS change cipher, Client hello (1):
    SSLv3, TLS handshake, Finished (20):
    SSL connection using RC4-SHA
  • Server certificate:
  •    subject: /C=US/ST=California/L=San Francisco/O=Twitter, Inc./OU=Twitter Security/CN=api.twitter.com
    
  •    start date: 2012-05-02 00:00:00 GMT
    
  •    expire date: 2013-05-03 23:59:59 GMT
    
  •    subjectAltName: api.twitter.com matched
    
  •    issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
    
  • SSL certificate verify ok.

GET /1/friendships/exists.json?screen_name_a=episod&screen_name_b=rno HTTP/1.1
User-Agent: curl/7.15.5 (i386-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: api.twitter.com
Accept: /
Authorization: OAuth oauth_consumer_key=“il0wSnZ2ctnFFKHuqCUCLw”, oauth_nonce=“37ddc0ccc807a2012043a375bc1080a3”, oauth_signature=“XBWjcdbsr5qSi9qkMwQ0CO%2BK99M%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1355137410”, oauth_token=“152239379-5JKLL7HK9RBeNAHgiHzTjvNsiSCw2X06KnWy2QQX”, oauth_version=“1.0”

< HTTP/1.1 200 OK
< Date: Mon, 10 Dec 2012 11:03:54 GMT
< Status: 200 OK
< X-RateLimit-Reset: 1355141034
< X-MID: f0833ffbe307a7eb8ee41a28477fb0fe4f2cc15e
< X-Transaction: 3639eef566929518
< Last-Modified: Mon, 10 Dec 2012 11:03:54 GMT
< Content-Length: 4
< X-RateLimit-Remaining: 349
< X-Access-Level: read-write-directmessages
< Pragma: no-cache
< ETag: “b326b5062b2f0e69046810717534cb09”
< X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef1148c9d3919
< X-RateLimit-Limit: 350
< Expires: Tue, 31 Mar 1981 05:00:00 GMT
< Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< X-Frame-Options: SAMEORIGIN
< X-RateLimit-Class: api_identified
< Content-Type: application/json; charset=utf-8
< X-Runtime: 0.03790
< Set-Cookie: k=10.35.47.138.1355137434611864; path=/; expires=Mon, 17-Dec-12 11:03:54 GMT; domain=.twitter.com
< Set-Cookie: guest_id=v1%3A135513743461644980; domain=.twitter.com; path=/; expires=Wed, 10-Dec-2014 23:03:54 GMT
< Set-Cookie: dnt=; domain=.twitter.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
< Set-Cookie: lang=ja; path=/
< Set-Cookie: lang=ja; path=/
< Set-Cookie: lang=ja; path=/
< Set-Cookie: twid=u%3D152239379%7ChOZqaCztHM9D%2FUvw0TW3NIm8CIw%3D; domain=.twitter.com; path=/; secure
< Vary: Accept-Encoding
< Server: tfe
Connection #0 to host api.twitter.com left intact

  • Closing connection #0
  • SSLv3, TLS alert, Client hello (1):
    true

#2

No, that is not be by design, it just started happening recently, see this thread:
https://dev.twitter.com/discussions/13097