Assume there's a mobile app and a server.
I have question about rate limiting and hoping someone can give some advice on a design as I'm banging my head on how to navigate around rate limit. There must be something I"m missing because the 150 unauthenticated rate limit per IP per hour is extremely low.
Imagine the scenario I want to build is the following (simplified into a trivial example for this discusion). Assume user is signed into Twitter for this entire discussion to remove discussion about oAuth.
Mobile talks to our service to show users twitter friends list. Every time the mobile app is loaded, it will show the entire friends list, and highlighting the new friends that were added within the last 2 days.
That's it. But the trick is that I want to ensure that the friends list is always up to date in the client, which means our server has to have the most recent up to date friends list.
Periodically, I want my server to automatically scan the Twitter friends list for every user of my app to see if new friends have been added.
Our initial design was getting our server to do all the work with this flow:
New User signs in on client, gives access token to server
Server makes call to Twitter REST APIs to get initial friends lists
Server stores the Twitter Friends IDs and shows responds to the client with that list.
Periodically (e.g. every 48 hours), server checks Twitter REST APIs for friends list for each user and compares it to our cached Twitter friends list we have for them to see who is new and to highlight in the mobile app.
The good thing about this is that all the interaction with twitter to get friends list, compare and peridiocally refresh is on the server. Mobile client just makes a single call to my server and gets friends list.
The problem with this design is that it will work for a single user, but since the rate limit is 150 per hour on un-authenticated calls, I will hit my limit as soon as 151 users user my service (which has a fixed IP).
The only solution I can see is to have the client do the work for each user, then send me the friends list which my server caches. This takes care of Step #2 above. However, for Step #4, I'd have to build something into the client to auto refresh twitter friends and send back to the server.
This is super clumsy to have the client involved at all in this Twitter friends list operation.
At first I thought I was crazy and the public unauthenticated APIs like getting friends lists wouldn't be subject to rate limiting. However, according to their docs, it is.
Am I missing something obvious or is the only way to solve this is to put heavy logic into the client?
With whitelisting gone for those that aren't grandfathered or Twitter business partners, I don't think you have any alternative but to have your mobile app do the Twitter API calls from the handset.
Having the handset call Twitter isn't a bad thing by any means. Pretty much every Twitter client in the world does it. One benefit will be that the user will be authenticated to Twitter, and thus her full 350 calls per hour will be available to you. Keep in mind, however, that you should minimize your calls since the user may have other Twitter-aware applications installed on her handset eating into your call allotment, and vice versa.
Now to the solution. The way I would implement your use case would be to first fetch the complete list of friends for your user by calling the friends/ids method.
http://api.twitter.com/1/friends/ids.json?screen_name=yourUsersName
The above call will return the most recent 5,000 friend IDs, in order followed, for #yourUsersName. If you want to fetch more friend IDs than the first 5,000, you'll need to specify the cursor parameter to initiate paging.
Next, I would check the latest list of friends we just fetched against the list on the handset, syncing them by removing any IDs that are no longer present, while adding any that are new.
If we only need the friend IDs, then we're done at a cost of one API call per 5,000 friend IDs. If, however, we need to get user info for these new friends as well, then I would call users/lookup and pass in the list of all new users that we discovered while syncing friend IDs. You can request up to 100 user objects at a time.
http://api.twitter.com/1/users/lookup.json?user_id=123123,5235235,456243,4534563
You user must be authenticated in order to make the above request, but the call can fetch any Twitter user profiles you wish -- not just those that are friends of the authenticated user.
So, let's say for example that a user has 2,500 friends and has never used your app before. In that case, she would burn one call to fetch all of the friend IDs, and 25 calls for her friends' information. That's not too bad to get the app populated with data.
Subsequent calls should be more streamlined with probably only two calls burned (one for the IDs, and one to get the new friends).
Finally, once the data has been updated on the handset, the deltas for the IDs and user data can be gathered up and pushed to your server.
It may even be possible that your server application won't even have to interface with Twitter at all, and that should alleviate the 150 user limit you are encountering.
Some final notes:
Be sure to note in your app's privacy policy that you sync your user's friend list with your server.
I recommend specifying JSON as the return format for all Twitter API calls. It is a much more lightweight document format than XML, and you will typically transfer only about 1/3 to 1/2 as much data over the wire.
Pick a Twitter framework appropriate for your mobile device and your programming language. Twitter access is a commodity these days, and there's little to no reason to reinvent how to access the Twitter API.
I answered a similar question about an approach for efficiently fetching followers here.
Since you are making request on behalf of users you should make those requests be authenticated as those users. Then requests will count against each users own pool of 350 requests/hour.
Related
I know you must be thinking that its impossible or its been asked already.
But I have 2 queries. The first is that by using Twitter API, using an access token of my own profile, can I get all (more than 100) the retweets of my own tweet? Not someone else's, as all previous questions at stackoverflow have been asked.
Because there's a difference in private and public tweet and getting data related to it.
Secondly, if we cannot get more than 100 retweets, then how does this app Pickaw (formerly Twrench) https://pickaw.com/en gets all the retweets even if they're more than 500 and the corresponding data?
Any ideas?
The Twitter API only provides access to up to 100 Retweeters (IDs for users that RT'd a Tweet), regardless of whether this is your owned Tweet, or another one.
As for a specific app, it is only possible to speculate, unless the source code was Open Source and available. I would suggest there are two ways to get all the Retweets:
pay for premium or enterprise search access, and use the advanced PowerTrack rules to find Retweets of a specific Tweet ID;
use the Account Activity API webhooks to track whenever a user's Tweet is Retweeted. Not that this would only work in a real-time tracking case; you wouldn't be able to check historical Tweets.
I want to pull likes and comments from any account that I specify. Can this be done with the Instagram API or do you have to have the accounts permissions to pull this info.
Essentially I want to be able to analyze this data without having log in credentials for the account.
Thanks!
Following the June 2016 changes to the API, you will need to invite the other users to be "Sandbox Users" of your API client. And even then, the access will be limited to their last 20 posts. Here's a quick explanation of the new Instagram API rules.
TL;DR
Sandbox users are other Instagram users that you “invite” to your
client. The main reason to do this is so that your app will then be
able to “see” their last twenty posts in addition to your own. In
other words, when they accept the invitation, they show up on the tiny
desert island where your app lives.
So you don't need their actual login credentials, but they do need to accept your invitation in order for it to work. The only other alternative is getting your app through the submission process to "go live" but there are very few use cases which they will accept anymore.
I am getting this error whenever I try to follow someone on Instagram via API no matter how many follows have been done before:
{"meta":{"error_type":"APIError","code":400,"error_message":"Client request limit reached"}}
My app allows authenticated users to follow interesting people. I know that there is a 5000 call/hour limit per authenticated user, but it fails even with new users.
Do my app is reaching some kind of client level limit?
APIs like follow, unfollow, comment are limited to 350 requests per hour. However sending requests from client side will fix this problem to some extent but it allows the users to see your API token.
In this case it looks like it would be beneficial to get some more data from your users. You could use Google analytics to track the "follow" action
https://developers.google.com/analytics/devguides/collection/gajs/eventTrackerGuide
This would give you a timestamp and information about user behavior.
Even with an advertised rate of X requests per hour, one user hammering the service with your API key can cause everyone to get throttled. (Not guaranteed, but pretty common practice for companies to keep their services alive)
It might be a good idea to reset your API, its possible (though unlikely) that someone has acquired your key and is using it.
I've been building an app which allows the user to search through recent (i.e. 6-9 days worth) public tweets on Twitter using the Twitter Search API.
Currently, the site is entirely public - that is, users do not need to sign in to Twitter (or even be Twitter users at all) to use my app.
However, the upcoming changes to the Twitter API have left me confused, particularly the fact it would appear that every request to Twitter's API will need to be authenticated.
My limited understanding of how Twitter's API works is that I need to authenticate my app using OAUTH, which in turn means that, if I want to continue accessing the Twitter Search API, users will need to sign in to my site before they can use the functionality related to the Search API - hence, only Twitter users will be able to use that section of my app.
Am I understanding this correctly, or is the Twitter Search API exempt from the changes? If I authenticate my app, does this mean the rate at which users can search Twitter status updates through my app is increased (or any other advantages over having non-authenticated apps)? Note that I am currently implementing a caching feature to cache related searches.
Thanks!
The changes to the Twitter API would affect your application depending on how your application works. These are the changes that you should be aware of:
All requests used to be anonymous. Now, all requests must be authenticated via OAuth.
With the old rate limits, according to my tests, you where able to make about one request per second per IP address. Now you can make 180 requests per 15 minute block per authenticated user (1 request every 5 seconds on average).
Not related, but still worth mentioning, the data that the new API returns is more similar to the data that the Streaming API returns. It's much more complete.
So, according to these changes, if your application uses some kind of a bot which polls the Search API, stores the results into a database, and then your users search within these stored results; you will have to implement OAuth with your own access token, which you can get by creating an application at dev.twitter.com.
But, if your application connects to the Search API every time that your users interact with it, and you think that you will have to make more than one request every 5 seconds on average, then you will have to ask your users to authenticate in order to get their access tokens for your requests.
I'm working on an app that allows users to search for a particular friend on Twitter (and eventually Facebook) and then send them a message (sort of).
My problem is, the API limits me to only getting 100 friends per request. For a user with a lot of friends, this could take many requests (even if I cache it) and will make my app hit the rate limit pretty quickly.
Is there an official (or unofficial) Twitter API for searching for only your friends?
The solution I have implemented for now is this: whenever a user logs in, iterate through each 100 block of friends and put them in the Rails.cache. They stay there until the user logs out and logs back in. Now that I know that the API requests are counted against the logged in user, I shouldn't need to worry about hitting the rate limit API since each user will have 350 requests per hour.
However, I have found a few problems with this, and I have a few thoughts on solutions:
Problem: We are storing a large amount of data to cache someone's friends.
Solution: It would be best if we could cache all twitter users who are friends of one of our users in one object (or hash) and also cache only the IDs of the friends for each user (which can be grabbed with far less API calls). This would create a bit of a slowdown, but would be far less storage required. Then, whenever a user logs in, we would simply update the global friend cache with any changes (i.e. picture, name, etc.).
Problem: My application still has to store this and figure out how to parse it; it's not very organized.
Solution: Extract this functionality into a new application that creates a better API for searching. If I accomplish this, I'll post an update here with a link.