Rate limits with three-legged OAuth vs. application-only authentication?


Hi everyone,

I’m working on a demonstration of a useful application of the Twitter REST API. It would be much easier for me to use application-only authentication rather than wiring up three-legged OAuth. However, it would probably be worth it if, under three-legged OAuth, each user’s auth token is rate-limited separately, so that I get 180 queries per 15 minutes per user rather than 180 queries per 15 minutes for all users combined. Is that the case?

Anand Patil


You might want to look at this table, that has a nice overview of the differences of Rate Limits per endpoint.


Hey @ePirat , thanks for getting back to me. So the table says I get 180 GET requests to favorites/list per 15 minutes with user auth. If I issue tokens to 15 users on the same consumer key, does that mean they each get one request or do they each get 15?


Each gets 15 requests. This limit is per app+user combination.


Great, thanks for the answer!