We can throttle logged-in users in our application code by inspecting the JWT and looking at how many requests they made in the last minute etc. But is there a good methodology to throttle non-logged in users? By IP address or something else?
Related
I would like to make a content management system that would post tweets on behalf of another user.
As far as I understand the rate limit for the twitter API at the moment is 15 requests per 15 minutes per user/application as described on their website. So in my case posting a tweet on behalf of another user would count as one request.
If this is the situation, creating a content management system would be unrealistic as an increase in the amount of users will cause rate limiting errors.
Is there any way around this or is this the limit of posting to twitter on behalf of another user?
I am new to this situation so I do apologize if I am incorrect. Thanks in advance.
I have a bot over Facebook which people are subscribing for sports updates.
I have 1,000 - 10,000 users I want to send out an update to.
Currently, in small scales like 20 messages , I would use a Facebook Batch request.
But, i'm not sure what would be the best way to send my messages in a large scale.
My two options are:
Batch - limited to 50 requests per batch request.
I don't really know if I should expect a delay in the execution of the request.
Regular calls - I will iterate through my receivers and send each of them a message separately.
I'm afraid Facebook might block me for thinking i'm spamming, or I will exceed the rate limits.
I have to say I was expecting a more generic method coming from Facebook since they are allowing users to subscribe for update through my bot, hence, I was expecting them to provide a guide on what are the best practices for sending the update users subscribed for.
You should definitely use Facebook Messenger Broadcast API for this. This will broadcast your message to all user subscribed to the bot.
Caveats:
You have to apply for this permission. (pages_messaging and pages_messaging_subscriptions.Takes about 1-2 days, but
can test on Admin/Test users of the app)
Each broadcast has to be a separate broadcast. (e.g. you can't send image and a text together, each has to be its own individual broadcast).
Have some kind of un-subscription option as well. FB user might think you are spamming even if you clearly say in the messages that your bot will send updates.
Use custom labels to create targetted sends. So you can either subdivide who you will send updates to about specific issues or just label people if they unsubscribe to your broadcast or not.
Basic workflow:
Get permission to broadcast.
Create message_creative_id via POST to endpoint
Use message_creative_id to POST a broadcast_messages
On a successful send you will get back broadcast_id
I want to monitor employees interactions inside companies. In the case the company is using Gmail, I was thinking about using https://developers.google.com/admin-sdk/email-audit/.
But i still have some questions regarding the "lawful" purpose and I'm wondering if Email Audit is the right API if my purpose is to monitor in real-time emails knowing there will be at least 10 000 emails/day to monitor.
If you check the Usage Limits and Quotas:
Limits and quotas protect the Google infrastructure from an automated process that uses the Email Audit API in an inappropriate way. Excessive requests from an API might result from a harmless typo, or may result from an inefficiently designed system that makes needless API calls. Regardless of the cause, blocking traffic from a specific source once it reaches a certain level is necessary for the overall health of the Google Apps system. It ensures that one developer's actions cannot negatively impact the larger community.
To answer you question, if your goals falls under this description - Google Apps Email Audit API Developer's Guide:
The Google Apps Email Audit API allows Google Apps administrators to audit a user's email, email drafts, and archived chats. In addition, a domain administrator can retrieve account login information and download a user's mailbox. This API can be used only for lawful purposes in accordance with your Customer Agreement.
Then the answer would be yes, it is the appropriate API to use. If you are thinking about the 10000 emails/day, you might want to check if it is reasonable to ask for quota increase.
Hope this helps!
I have searched for "public IP" and read all articles shown. I have a question that I cannot answer with my search.
We have a web application running on a dozen kiosks installed at a national attraction. The FB API is called when users would like to post their personal picture (taken by our system) to FB. We do not allow the user to augment the posting in any way, only log in.
Is there any way to register a physical or IP address as "trusted" so that the continual flow of guest users at this attraction do not run into the "unknown IP address" security instance? We allow guests to post tens of thousands of photos to FB on a continual basis. This security hurdle causes 50% of users to abandon the effort to post to FB.
We have a three year history with the same hardware running at same location running through millions of visitors who want to post to FB. Fixing this security hurdle somehow would double the number of posts to FB. Thank you. Mike
I need your expert advice on this one.
I have been asked to analyse a potential Facebook application.
This application is a parental monitoring for kids accounts. Basically it will search a kid status message for specific keywords amongst others things. And this application will alert the parents when it finds something.
Of course this application will have a valid token to access the kid's data. This is not a tool to spy on the kid.
I am using the Graph API coupled with the 'since' keyword to get the last updates. It's working fine with a single user.
My question is about scalability.
How should I get updates of a huge number of kids to monitor? (between 10,000 and 100,000 accounts)
And for each kids I have to monitor status messages, videos, images, friend, friends' status messages...
Here are some numbers:
~2.1M requests each day to get hourly updates of 10,000 kids' account.
~57.8M requests each day to get hourly updates of 10,000 kids'account plus their friends', with an average of 40 friends each.
And as I read here, it would be limited.
So what do you reckon?
ps: Maybe with real-time updates I won't have this problem or would it be worse?
Yes I would subscribe to real-time updates so as an account gets updated you get a callback and then you get the latest updates. This would avoid the overhead of constantly polling accounts for updates. You will need to get an offline_access token for this to work as well.