Hello, thanks you in advance for your help.
My team is having some difficulty figuring out how we can mitigate Search API rate limits by having our authorized application make requests on behalf of users. Please see this help doc: https://dev.twitter.com/docs/auth/application-only-auth (“requests made on behalf of users will not deplete from the rate limits available through app-only auth”).
Here is the scenario:
My company creates and hosts mobile websites for events. We have multiple customers and manage multiple events simultaneously. We host these mobile websites from a single IP address.
One commonly requested feature is an embedded Twitter stream. Example #1: A trade conference may want their official Twitter stream to appear on the homepage of the mobile website. Example #2: A music festival may want Twitter streams for each band to appear on the band’s official page.
In the past (with basic authorization) we accomplished this using the Search API requesting tweets from a specific Twitter user and/or search term. We would construct the request as needed and then publish it. Worked like a charm.
With oauth, the approach described in #3 no longer works. So we are switching to the new approach using application-only oauth. We’ve got the formatting all in place (adhering to Twitter’s requirements) and have begun testing.
During testing we hit the rate limit for obvious reasons–testing artificially creates demand. But we anticipate this is going to be a major issue in production as well–we may be offering this same feature to multiple customers simultaneously, or to one larger customer (e.g., an art studio tour or music festival) with periods of peak demand.
It appears from the documentation cited above that we could mitigate (if not avoid) this issue by submitting Search API requests for each mobile website (customer) using user-based authorization—our authorized app makes the request from our IP but on behalf of our customers. This does not avoid rate limits, but it mitigates the risk of a shutdown while also ensuring customers “pay for their own usage”.
Question #1: Is what we’re thinking of doing in #6 actually possible or are we misinterpreting the documentation?
Question #2: If this is possible, how the heck do we do this?