Hey @episod, I wish you can help with the following issue which should not stand according to your answers of this thread, but I can’t get it to work.
I will enumerate all the steps of an user session of my website, so hopefully you can understand what I’m doing wrong:
-
When the user “Logins by Twitter”, a GET request is sent to my backend app which performs a POST to api.twitter.com/oauth/request_token.
-
When the client-side receives the request token, it redirects to api.twitter.com/oauth/authenticate.
-
The Callback URL of my twitter app is a backend route, which saves the oauth_token and oauth_verifier as cookies, and redirects the user to the website main page.
-
Once an user is logged in, he can make one request to my backend side which will make 15 calls to the api.twitter.com/1.1/friends/list.json endpoint on the user behalf, i.e, with the oauth token saved on the request cookie.
So what is happening is that if this process is done simultaneously by more than 2 users, I always get a “Rate limit exceeded” error, which makes me conclude that the requests are being done with the “app auth” and not the “user auth”, although each request is made with the user own requested token.
After reading a lot of the REST API docs and threads of this forum I understood that each user can make up to 15 requests within a 15min window, but I’m being only able to make 30 request per 15min window, which is the “app auth” limit.
So did I understood it wrong and the user limit only makes sense in a multi app context, or is there really a flaw in my authentication/request process?
I really hope you can help, cheers!
