Rapid access of social graph method results in account being locked?
1 view
Skip to first unread message
Sal Conigliaro
Dec 13, 2009, 1:23:38 AM12/13/09
to Twitter Development Talk
Hi there-
I have an app that compares who you're following to your friends
followers. To do this, I query ttp://twitter.com/friends/ids.json?user_id=X
and compare that to my (saved) list of IDs.
I noticed that if I make repeated (unauthenticated) queries to
http://twitter.com/friends/ids.json?user_id=X (ie, I'm comparing my
friends to friend A's friends, then to friend A's friend (B), then to
friend B's friend (C)) that user_id X gets locked out (I get the
"We've temporarily locked your account after too many failed attempts
to sign in. Please chillax for a few, then try again." when trying to
login to the website (or from a Twitter client).
I'm guessing that the rapid, multiple queries look like abuse.
I did notice, however, then if I make authenticated queries to the
same API method, the account locking does *not* happen.
Is this an anti-abuse method? Is my only option to use authenticated
calls?
Sal
I have an app that compares who you're following to your friends
followers. To do this, I query ttp://twitter.com/friends/ids.json?user_id=X
and compare that to my (saved) list of IDs.
I noticed that if I make repeated (unauthenticated) queries to
http://twitter.com/friends/ids.json?user_id=X (ie, I'm comparing my
friends to friend A's friends, then to friend A's friend (B), then to
friend B's friend (C)) that user_id X gets locked out (I get the
"We've temporarily locked your account after too many failed attempts
to sign in. Please chillax for a few, then try again." when trying to
login to the website (or from a Twitter client).
I'm guessing that the rapid, multiple queries look like abuse.
I did notice, however, then if I make authenticated queries to the
same API method, the account locking does *not* happen.
Is this an anti-abuse method? Is my only option to use authenticated
calls?
Sal
Mark McBride
Dec 13, 2009, 1:28:03 AM12/13/09
to twitter-deve...@googlegroups.com
Sal Conigliaro
Dec 13, 2009, 8:01:40 PM12/13/09
to Twitter Development Talk
Thanks Mark. I appreciate it.
On Dec 13, 1:28 am, Mark McBride <mmcbr...@twitter.com> wrote:
> I'll check with our abuse team, but this looks odd.
>
>
>
>
>
> On Sat, Dec 12, 2009 at 10:23 PM, Sal Conigliaro <sco...@gmail.com> wrote:
> > Hi there-
>
> > I have an app that compares who you're following to your friends
> > followers. To do this, I query ttp://twitter.com/friends/ids.json?user_id=X
> > and compare that to my (saved) list of IDs.
>
> > I noticed that if I make repeated (unauthenticated) queries to
> >http://twitter.com/friends/ids.json?user_id=X(ie, I'm comparing my
On Dec 13, 1:28 am, Mark McBride <mmcbr...@twitter.com> wrote:
> I'll check with our abuse team, but this looks odd.
>
>
>
>
>
> On Sat, Dec 12, 2009 at 10:23 PM, Sal Conigliaro <sco...@gmail.com> wrote:
> > Hi there-
>
> > I have an app that compares who you're following to your friends
> > followers. To do this, I query ttp://twitter.com/friends/ids.json?user_id=X
> > and compare that to my (saved) list of IDs.
>
> > I noticed that if I make repeated (unauthenticated) queries to
Sal Conigliaro
Dec 16, 2009, 10:08:53 AM12/16/09
to Twitter Development Talk
It appears that repeated (unauthenticated) calls to the API lock out
the account.
The workaround is to use authenticated credentials when querying the
API. It would be helpful if the API docs could be revised to reflect
this.
Sal
the account.
The workaround is to use authenticated credentials when querying the
API. It would be helpful if the API docs could be revised to reflect
this.
Sal
Abraham Williams
Dec 16, 2009, 11:30:06 AM12/16/09
to twitter-deve...@googlegroups.com
How does it pick which account to lock if the calls are unauthenticated? perhaps you are passing incorrect authentication instead?
Abraham
--
Abraham Williams | Awesome Lists | http://bit.ly/sprout608
Project | Intersect | http://intersect.labs.poseurtech.com
Hacker | http://abrah.am | http://twitter.com/abraham
This email is: [ ] shareable [x] ask first [ ] private.
Sent from Madison, WI, United States
Abraham Williams | Awesome Lists | http://bit.ly/sprout608
Project | Intersect | http://intersect.labs.poseurtech.com
Hacker | http://abrah.am | http://twitter.com/abraham
This email is: [ ] shareable [x] ask first [ ] private.
Sent from Madison, WI, United States
Sal Conigliaro
Dec 16, 2009, 11:47:45 AM12/16/09
to twitter-deve...@googlegroups.com
Exactly. That's what I can't figure out.
I'm not passing any authentication info:
http://twitter.com/friends/ids.json?user_id=A
http://twitter.com/friends/ids.json?user_id=J
http://twitter.com/friends/ids.json?user_id=K ... etc
It appears that, afterward, any attempts to login from the same IP
(that I made the Social graph calls) fail (because the account is
locked). I spoke with Mark and one possible explanation is that when
you make the call without
providing proper authentication, they're treating it like a failed
attempt to login.
The locked account has IP lockout entries that match his last login IP
(which is the same one I'm making the social graph calls from). So the
suggestion was to use authenticated requests for the API.
I'm not passing any authentication info:
http://twitter.com/friends/ids.json?user_id=A
http://twitter.com/friends/ids.json?user_id=J
http://twitter.com/friends/ids.json?user_id=K ... etc
It appears that, afterward, any attempts to login from the same IP
(that I made the Social graph calls) fail (because the account is
locked). I spoke with Mark and one possible explanation is that when
you make the call without
providing proper authentication, they're treating it like a failed
attempt to login.
The locked account has IP lockout entries that match his last login IP
(which is the same one I'm making the social graph calls from). So the
suggestion was to use authenticated requests for the API.
Reply all
Reply to author
Forward
0 new messages