Authenticated requests on user_timeline rate limited on per-ip basis

raphv
@raphv Raphaël @raphv

Hello,

I'm requesting api.twitter.com/1/statuses/user_timeline.json using OAuth and should therefore be allowed 350 requests per hour (which was OK a few months ago when I last tried), but now I'm limited to 150/hour. I've tried authenticating with another account, and it appears I'm IP-limited. I've tried other requests, such as lookup.json, which works OK and doesn't seem affected by this limit.

Thanks in advance for your help

2 years 40 weeks ago

Replies

episod
@episod Taylor Singletary

Check your response headers when you're using authentication. You may have an X-Warning header telling you that your OAuth is being detected as invalid. For certain methods and contexts, the API will return you a result in an unauthenticated context if your OAuth isn't correct. It's likely that you're OAuth signature or signature basestring is incorrect in some way.

2 years 40 weeks ago
raphv
@raphv Raphaël @raphv

Thanks a lot. I do have a signature issue, I've been trying to follow instructions I've found on http://osdir.com/ml/twitter-development-talk@googlegroups.com/2011-06/msg00373.html but it's still not working properly. I don't have the "Invalid OAuth Credentials detected" error anymore, but now I have "Could not authenticate with OAuth." with a "401 Unauthorized" status

2 years 40 weeks ago
episod
@episod Taylor Singletary

Make sure that your oauth_token (access token) is valid -- if you've walked it through the OAuth flow recently, the string may have changed and perhaps you didn't update them in your app. Try making a request with no parameters to GET account/verify_credentials. This error usually means that while your request was well-formed, the user context you're attempting isn't allowed or found.

2 years 40 weeks ago
raphv
@raphv Raphaël @raphv

I've tried generating a new oauth_token, but still my scripts work perfectly with users/lookup using both GET and POST, and fail with both account/verify_credentials and statuses/user_timeline

2 years 40 weeks ago
episod
@episod Taylor Singletary

Can you share an example URL that you're executing that fails along with the OAuth authorization header you're using (hopefully you're using header-based auth as it makes things much easier).

If you can access your signature base string, that would also be useful.

2 years 40 weeks ago
raphv
@raphv Raphaël @raphv

This is the signature base string that fails with account/verify_credentials :

GET&https%3A%2F%2Fapi.twitter.com%2F1%2Faccount%2Fverify_credentials.json&oauth_consumer_key%3DH8l1AzChHo9BJk9zSpQvQ%26oauth_nonce%3D5ac778f70f9d93a3ba89a977b961e742%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1310485589%26oauth_token%3D121754428-IPLs8xhQADS7MwrZQ86K1zjEgg8OvhZfnWHde8jK%26oauth_version%3D1.0

Here are the headers I send out

Expect:
Authorization : oauth_nonce="1ef29b5cf5e42964b6c243915e89d9e6", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1310485839",
oauth_consumer_key="H8l1AzChHo9BJk9zSpQvQ", oauth_token="121754428-IPLs8xhQADS7MwrZQ86K1zjEgg8OvhZfnWHde8jK", oauth_signature="%2FtJhwAplreKv4ti%2FEFSaFK%2BTmpo%3D", oauth_version="1.0"

These are the headers the API send in return
[HTTP/1.1 401 Unauthorized] =>
[Date] => Tue, 12 Jul 2011 15:50:40 GMT
[Server] => hi
[Status] => 401 Unauthorized
[WWW-Authenticate] => OAuth realm="https://api.twitter.com"
[X-Runtime] => 0.00291
[Content-Type] => application/json; charset=utf-8
[Content-Length] => 90
[Cache-Control] => no-cache, max-age=300
[Set-Cookie] => _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCOEACx8xAToHaWQiJTgzMzUwZjQwMzJlOTNk%250AYTUyOGRhYmFlNzdmMGM2YWIwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--13b0f19b3c21e3cf84f1186f80282a50e6f9ad00; domain=.twitter.com; path=/; HttpOnly
[Expires] => Tue, 12 Jul 2011 15:55:40 GMT
[Vary] => Accept-Encoding

2 years 40 weeks ago
raphv
@raphv Raphaël @raphv

It finally seems to be a token issue, but I don't know what's wrong, as my authentication seems successful and returns what looks like a valid token, though it seems the token is the same each time I request it

2 years 40 weeks ago
episod
@episod Taylor Singletary

Your OAuth details do seem correct generally here.

If you continue running into issues with your token, I recommend taking a very deliberate course to kind of shake off the issue:

1) Expunge the current representation of the access token in your application
2) Go to http://twitter.com/settings/applications and revoke access for the application
3) Wait 5 minutes for good measure to make sure the system's processed this revocation
4) Walk through the OAuth steps to consume a new access token. The strings for the key & secret should have changed.

2 years 40 weeks ago
raphv
@raphv Raphaël @raphv

Well, I finally decided to try these tokens with a third-party OAuth implementation (themattharris), and they work well. I still haven't figured out what's wrong.

2 years 40 weeks ago
jacja
@jacja ♥♡ Jackie Charles ♡♥

can anyone explain how i can get my embed messages back to the old way of copy & paste as the embed is got numbers brackets symbols on it and is far to long to copy & paste im not computer literated by the jargon so please anyone can you help me and give me a guide tour of what to do thank u

1 year 3 weeks ago