Per application - per user & per IP rate limit from different IPs


#1

Hello, we are developing a social media center for companies and we understand that rate limit is per user and per IP, as written here: https://dev.twitter.com/docs/rate-limiting/faq#measurement

But we are not sure if when user connect from they own servers (with different IP’s, different user but same application ID) the application rate limit is being affected or only the user’s, as they are different IPs.

Thank you


#2

If you’re signing requests, the rate limit is per user per application per IP. Otherwise, it is per IP of the machine executing the code. Hope that helps.


#3

Update: you can tell you’re using the authenticated one when you have higher rate limits in the x-headers, and you use the correct client keys…

How can we tell if we are making authenticated requests? Some methods support unathenticated and authenticated versions. Is there a different HTTP header or such?


#4

Absolutely right, @funkatron. You’ll also get an X-Warning HTTP header if you make a “bad” authenticated request to a method that supports but does not require authentication – we’ll go ahead and serve you the content as if it weren’t an authenticated request, but tell you that the signing or token used in the request was incorrect in the X-Warning header.


#5

Yep, x-warning was what tipped me off that our client creds were wrong. thanks!