According to https://developers.podio.com/index/limits the "Rate limits are per user per API key."
In our experience this seem to be true for apps as well.
What I am looking for is a confirmation on how API rate limit works.
Are all of these statements true?
Rate limits are per user and app authentification per API key
When the rate limits are hit in one API key for one spesific user or app authentification, the other user/app authentifications remains unaffected
Yes. It has worked this way for me, and I have had scripts that have hit the rate limit before.
Related
I'm using twitter developer API for my project. I have created an account with my phone number and email address. As you know there are some rate limits in twitter API!
For using API I should create app and user tokens of that app.
My question is that if I create multiple apps for that single account and use them in my project, my rate limit is multiplied by number of apps or requests are aggregated so my rate limit doesn't change?
Yes. It is limited by account.
Rate limiting of the standard API is primarily on a per-user basis —
or more accurately described, per user access token. If a method
allows for 15 requests per rate limit window, then it allows 15
requests per window per access token.
See: https://developer.twitter.com/en/docs/basics/rate-limiting.html
Apologies if this question has already been asked.
I have followed this guide to create a script that will bulk delete members from a specified Yammer group and I have this working perfectly.
The process used at the minute is obtaining a token for a user, then using that token to remove the user from the group, which takes two API calls.
My question is about "sleeping" to avoid tripping the rate limiter. On the documentation for the Yammer API rate limits (link) it states that "rate limits are per user per app".
In another stackoverflow question (link) it's mentioned that in this context, the user refers to the user token.
Since in my script, I'm only using a single API call per user token (to remove the user from the group), is it necessary implement a sleep to avoid tripping the limit?
I'm also wondering whether the API call to retrieve the token for a user may possibly trip the limiter since it's called using the admin token?
I've run a few tests removing 52 users from a group using a script without any "sleeps" and it completed successfully in around 27 seconds, just trying to understand why this didn't break the limiter.
Thanks in advance!
is it necessary implement a sleep to avoid tripping the limit?
Yes, the admin user (or token if you like) could trip the limit in this case. To be on the safe side, that is, to avoid your app from being (manually or automatically) blocked, you shouldn't make more than request per second to Yammer endpoints that are categorised under "Other Resources". That's the Official guideline.
Sorry this question might seem a little dumb, but does instagram limit access to the access tokens they give you. I know on twitter you're limited to 100,000 access tokens, so does instagram do the same on their api? Lets say I have 150,000 users, will instagram's api allow those users to be authorized?
The official documentation does not say about any limits about access tokens. However they have limits per hour.
Global rate limits are applied inclusive of all API calls made by an app over the 1-hour sliding window, regardless of the particular endpoint. The limits are applied independently from each other; authenticated calls are not counted against the rate limit for unauthenticated calls and vice-versa.
So the answer is No, as of now.
I am getting this error whenever I try to follow someone on Instagram via API no matter how many follows have been done before:
{"meta":{"error_type":"APIError","code":400,"error_message":"Client request limit reached"}}
My app allows authenticated users to follow interesting people. I know that there is a 5000 call/hour limit per authenticated user, but it fails even with new users.
Do my app is reaching some kind of client level limit?
APIs like follow, unfollow, comment are limited to 350 requests per hour. However sending requests from client side will fix this problem to some extent but it allows the users to see your API token.
In this case it looks like it would be beneficial to get some more data from your users. You could use Google analytics to track the "follow" action
https://developers.google.com/analytics/devguides/collection/gajs/eventTrackerGuide
This would give you a timestamp and information about user behavior.
Even with an advertised rate of X requests per hour, one user hammering the service with your API key can cause everyone to get throttled. (Not guaranteed, but pretty common practice for companies to keep their services alive)
It might be a good idea to reset your API, its possible (though unlikely) that someone has acquired your key and is using it.
Well, pretty much what it says on the tin.
I'm really curious about how pages like Statigram do their search functionality without users authentication and not exceeding the limits?
If I'm correct, Instagram API allows 5000 calls per hour, so I believe it's very likely that they indeed have more traffic than 5000 requests per hour.
Maybe It's a dumb question and Statigram has a special deal with Instagram to use their API or maybe they don't use the API and they use some other method?
The only special request you have to send to Instagram is the request to post comments.
The API limit is 5000 requests per hour per access_token or client_id. Every user has their own access_token, so as long as the requests from the third party application uses each individual access token, they will be hard pressed to exceed 5000 per user per hour.
That works out to 83 requests per minute and any user interacting with your application is highly unlikely to hit that.
From the docs:
You are limited to 5000 requests per hour per access_token or client_id overall. Practically, this means you should (when possible) authenticate users so that limits are well outside the reach of a given user.
If you are not using user authentication, you will likely hit the limit with just your client_id.
Most likely they're using one of the following methods:
An arrangement with Instagram
Credential rotation
IP rotation
Heavy caching (especially across credentials or IPs)
Screenscraping
In cases like this, if you don't have a special arrangement, you're almost certainly violating the terms of service. If you think your service is useful enough that Instagram would be willing to whitelist you to make more requests, get in touch with them.
They must have some sort of arrangement with Instagram as #RunscopeAPITools mentions. You are able to post comments to Instagram from Statigram, which requires special permission.