We are using authenticated calls to the Twitter search API.
The server that is doing the calls to the Twitter API is a shared server: It contains many applications that are configured with a different Twitter App and that are each calling the API. All of these apps have a cache mechanism and everything set up to not excess the rate limit.
This means that the calls are coming from the same IP but not from the same apps (they are apps created by our users).
The problem is that we very often receive errors 400 (with the exact 400 code).
The body of the response is empty and the x-rate-limit and x-rate-limit-remaining are “undefined”.
This is very strange. I would expect the x-rate-limit-remaining header to be 0 and the body to contain an “errors” attribute, telling us that we reached our rate limit. But it is not the case.
I suspect that the limit is applied to our IP adress instead of the user apps, but it shouldn’t since every call is authenticated.
Can someone help us ? Does anyone have the same issue ? Should I report it in the issue list ?