Twitter rate limiting and Google App Engine

Twitter blocked icon@markovator has been silent for some time. He’d been replying to people but he’d not been able to come up with his own original tweets. The reason for this is the that he was being rate limited by Twitter. Initially this seemed strange to me as markovator tweets quite infrequently (at the very most once every minute if people are constantly pestering him). However the markovator code was inconsistent in how it authenticated with the twitter api. When it didn’t seem necessary to authenticate I didn’t (for example when requesting an unprotected user’s tweets). Twitter applies the rate limit to the IP of the machine making the request and when you’re running on Google App Engine you never know anything about the node you’re making http requests from or who else is using it. Whilst App Engines IPs seem to have been whitelisted (they can make 20000 requests per hour) all it would take (and did take, it seems) to cause markovator’s requests to be refused is a few more apps with very heavy unauthenticated twitter usage.

So you’ve been warned. If you’re building an app the uses twitter on app engine always OAuth authenticate, even when this seems unnecessary or a pain otherwise you’ll always be at the whim of twitter’s IP limiting. Obviously markovator always authenticates as @markovator now. If you usually authenticate on behalf of your users then you should use the twitter account you used to register your twitter app just for making those public, read only requests you might have thought could go unauthenticated.  You can avoid the OAuth flow by getting a single access token for that account from your twitter app page on

On a side note the account/rate_limit_status endpoint seems a little capricious. I have an admin endpoint that reports the status of the markovator app, including it’s authenticated rate limit status. When run locally it returns 350 per hour whilst when run on app engine it returns 20000 per hour.  Perhaps the whitelisted status of App Engine overrides the fact that the status request is authenticated.  Despite this the authenticated rate limiting does seem to apply when making authenticated requests from App Engine to Twitter.


This entry was posted in Development, markovator, Python and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">