OAuth whitelisting?
491 views
Skip to first unread message
Bill Kocik
Apr 23, 2009, 4:58:17 PM4/23/09
to Twitter Development Talk
I was just looking at the form use to apply for whitelisting, which
says you must fill it out while logged in as the account you want the
rate limit raised for. In my case, my app will be used by arbitrary
Twitter account holders, who will not be using my credentials, so
whitelisting my Twitter login will do nothing for my app. I saw Alex
mention in another thread that whitelisting by OAuth will become the
preferred method for whitelisting apps running in clouds (mine will be
in EC2).
I am assuming that OAuth whitelisting means I'll be able to whitelist
my app, and the raised limit would apply for requests having OAuth
access tokens obtained by my application, regardless of the Twitter
user they belong to?
Thanks,
-Bill
Peter Denton
Apr 23, 2009, 11:35:48 PM4/23/09
to twitter-deve...@googlegroups.com
Hi Bill,
Whitelisting is done per IP, related to the number of requests by your server.
-Peter--
Peter M. Denton
www.twibs.com
in...@twibs.com
Twibs makes Top 20 apps on Twitter - http://tinyurl.com/bopu6c
Whitelisting is done per IP, related to the number of requests by your server.
-Peter
Peter M. Denton
www.twibs.com
in...@twibs.com
Twibs makes Top 20 apps on Twitter - http://tinyurl.com/bopu6c
Doug Williams
Apr 24, 2009, 12:16:25 AM4/24/09
to twitter-deve...@googlegroups.com
Whitelisting by OAuth is currently not available. You will need a static IP address if you are running an EC2 applicaiton.
Doug Williams
Twitter API Support
http://twitter.com/dougw
Doug Williams
Twitter API Support
http://twitter.com/dougw
Bill Kocik
Apr 24, 2009, 12:48:24 AM4/24/09
to Twitter Development Talk
Thanks. I realize it isn't available yet; my question could more
simply have been stated as "what will OAuth whitelisting mean,
exactly?", but since after I posted my question I realized I had a
fundamental misunderstanding of the effect whitelisting has on the
rate limits of app users (i.e., none) the question is really no longer
relevant. :)
Actually, since I'm here, let me try this one (I'm checking my
understanding of what whitelisting does): Am I correct in thinking
that even if my app (or IP) is whitelisted, when I make requests on
behalf of authenticated users, their 100/hr per user rate limit still
applies, and that the elevated limit applies to unauth requests coming
from my app (IP)?
On Apr 24, 12:16 am, Doug Williams <d...@twitter.com> wrote:
> Whitelisting by OAuth is currently not available. You will need a static IP
> address if you are running an EC2 applicaiton.
>
> Doug Williams
> Twitter API Supporthttp://twitter.com/dougw
simply have been stated as "what will OAuth whitelisting mean,
exactly?", but since after I posted my question I realized I had a
fundamental misunderstanding of the effect whitelisting has on the
rate limits of app users (i.e., none) the question is really no longer
relevant. :)
Actually, since I'm here, let me try this one (I'm checking my
understanding of what whitelisting does): Am I correct in thinking
that even if my app (or IP) is whitelisted, when I make requests on
behalf of authenticated users, their 100/hr per user rate limit still
applies, and that the elevated limit applies to unauth requests coming
from my app (IP)?
On Apr 24, 12:16 am, Doug Williams <d...@twitter.com> wrote:
> Whitelisting by OAuth is currently not available. You will need a static IP
> address if you are running an EC2 applicaiton.
>
> Doug Williams
>
> On Thu, Apr 23, 2009 at 8:35 PM, Peter Denton <petermden...@gmail.com>wrote:
>
>
>
> > Hi Bill,
> > Whitelisting is done per IP, related to the number of requests by your
> > server.
>
> > -Peter
>
> > On Thu, Apr 23, 2009 at 1:58 PM, Bill Kocik <bko...@gmail.com> wrote:
>
> >> I was just looking at the form use to apply for whitelisting, which
> >> says you must fill it out while logged in as the account you want the
> >> rate limit raised for. In my case, my app will be used by arbitrary
> >> Twitter account holders, who will not be using my credentials, so
> >> whitelisting my Twitter login will do nothing for my app. I saw Alex
> >> mention in another thread that whitelisting by OAuth will become the
> >> preferred method for whitelisting apps running in clouds (mine will be
> >> in EC2).
>
> >> I am assuming that OAuth whitelisting means I'll be able to whitelist
> >> my app, and the raised limit would apply for requests having OAuth
> >> access tokens obtained by my application, regardless of the Twitter
> >> user they belong to?
>
> >> Thanks,
> >> -Bill
>
> > --
> > Peter M. Denton
> >www.twibs.com
> > i...@twibs.com
> On Thu, Apr 23, 2009 at 8:35 PM, Peter Denton <petermden...@gmail.com>wrote:
>
>
>
> > Hi Bill,
> > Whitelisting is done per IP, related to the number of requests by your
> > server.
>
> > -Peter
>
> > On Thu, Apr 23, 2009 at 1:58 PM, Bill Kocik <bko...@gmail.com> wrote:
>
> >> I was just looking at the form use to apply for whitelisting, which
> >> says you must fill it out while logged in as the account you want the
> >> rate limit raised for. In my case, my app will be used by arbitrary
> >> Twitter account holders, who will not be using my credentials, so
> >> whitelisting my Twitter login will do nothing for my app. I saw Alex
> >> mention in another thread that whitelisting by OAuth will become the
> >> preferred method for whitelisting apps running in clouds (mine will be
> >> in EC2).
>
> >> I am assuming that OAuth whitelisting means I'll be able to whitelist
> >> my app, and the raised limit would apply for requests having OAuth
> >> access tokens obtained by my application, regardless of the Twitter
> >> user they belong to?
>
> >> Thanks,
> >> -Bill
>
> > --
> > Peter M. Denton
> >www.twibs.com
Doug Williams
Apr 24, 2009, 2:21:11 AM4/24/09
to twitter-deve...@googlegroups.com
Your application's IP-based whitelisting will apply to all calls
originating from the IP address. This includes unauthenticated and
authenticated methods, regardless of user. Additionally, your
application's authenticated calls made on behalf of a user will not
count toward their 100 credits elsewhere.
originating from the IP address. This includes unauthenticated and
authenticated methods, regardless of user. Additionally, your
application's authenticated calls made on behalf of a user will not
count toward their 100 credits elsewhere.
@dougw
--
Sent from my mobile device
Bill Kocik
Apr 24, 2009, 6:40:40 AM4/24/09
to Twitter Development Talk
Thanks, Doug. This was what I was originally thinking, but somehow I
convinced myself I was wrong.
Hypothetical: It kinda sounds like if I have a large number of
simultaneous users, I'm better off not being whitelisted. Say I have
1000 simultaneous users (humor me). If I'm not whitelisted, I can make
up to 100 authenticated queries per hour per user, since I'm using
their individual rate limits, but if I'm whitelisted I can only make
20 calls per hour for each of those users since my limit is 20k/hour.
Or am I missing something?
Doug Williams
Apr 24, 2009, 2:41:33 PM4/24/09
to twitter-deve...@googlegroups.com
You are correct.
Reply all
Reply to author
Forward
0 new messages