Rate limit on POST /2/oauth2/token

ldemesla · 2022-10-26T09:48:03.155Z

I’m getting rate limited on the endpoint POST /2/oauth2/token, I’m receiving this error in the response:
{ error: "rate_limited", error_description: "The request has been rate limited" }

But there is no mention of such rate limits in the documentation.

What should I do?

IgorBrigadir · 2022-10-26T11:21:42.610Z

How many times are you calling the endpoint roughly?

ldemesla · 2022-10-26T11:48:14.394Z

150 times per minutes roughly

IgorBrigadir · 2022-10-26T12:49:22.904Z

This endpoint is for obtaining an an app-only OAuth 2.0 Bearer Token - which does not expire, so you can generate it once, and persist it and reuse it - there is no need to regenerate it per request or anything.

ldemesla · 2022-10-26T13:55:23.605Z

We are not regenerating it per request, we just have a bunch of new users everyday. We are using the PKCE flow, which means that the access tokens of our users are only valid for 2 hour, after that we need to use the refresh token to get a new accessToken

IgorBrigadir · 2022-10-26T14:07:10.719Z

Ah, right Step 3 in PKCE right? OAuth 2.0 Making requests on behalf of users | Docs | Twitter Developer Platform ? Are you also making POST calls to /2/oauth2/token for refresh tokens too? Maybe it’s tripping up a rate limit if you’re hitting this endpoint multiple times in too short of a space of time, and you could spread out the refresh token calls more so that the new logins don’t fail? That’s the only thing that comes to mind right now.

ldemesla · 2022-10-26T14:33:10.566Z

But how are we supposed to scale our application if there is a rate limit on that?

IgorBrigadir · 2022-10-26T14:40:49.455Z

I’m not twitter so i’ve no idea what the exact rate limit is (clearly there is one) the best i can suggest is maybe have a queue to throttle signups by a few seconds to spread out the calls, and maybe some trial and error to get it to whatever limit exists there.

ldemesla · 2022-10-26T14:44:13.449Z

Ok thanks for your help, I can’t find anywhere were we can contact the support directly. Don’t they have an email or something?

IgorBrigadir · 2022-10-26T14:49:19.469Z

The only place is here, and maybe Platform form.

I wonder if filling out the Elevated POST limits form is the right one here? It’s usually for elevated POST limits for posting tweets etc, but technically this is POST limits too? Someone from twitter may have to clarify that.

ldemesla · 2022-10-26T14:57:38.503Z

Thank you so much for you help , I will fill out the form and see whats happen

jessicagarson · 2022-10-26T16:31:16.479Z

Hi @ldemesla, I’ve reached out to the team to confirm the rate limit and see if there are any escalation pathways. I’ll let you know what I find out.

ldemesla · 2022-10-26T16:32:39.286Z

Thank you, it’s really hurting our platform since It relies a lot on the Twitter Oauth2

jessicagarson · 2022-10-26T17:12:25.361Z

I confirmed the rate limit is 100 requests per 30 mins at the user level, but unfortunately, we do not have an elevation pathway. I passed this onto the team to consider for the future.

ldemesla · 2022-10-26T17:19:36.373Z

I’m not exceeding a rate limit at the user level, it’s global to my app. Users that have never linked their Twitter account are getting rate limited.

ldemesla · 2022-10-26T19:25:44.717Z

Is there a global rate limit per app? How can it be increased?

ldemesla · 2022-10-27T14:53:33.540Z

Hey @eli possible to have some help there?