Room362.com

mubix this is really a great point. I think this should not only go for twitter but a lot of other services as well(read: internet banking, and other personal information sites). I am thinking of Darren @hak5 with his pineapple / jasager setup and the hamster ferret attack. just a thought for now,

I guess from my perspective API throttling is not a problem per-se. I'm not sure the logging out sessions really helps either because I don't believe state is held across direct API transactions, it's per transaction right? If you're doing more than 100 'friends_timeline' calls per hour you're 1) doing something wrong or 2) need to really get a life. :) I think apps like TweetDeck should be smarter about how they manage accessing the API... There is a method called "rate_limit_status" that will allow the user to view "the remaining number of API requests available to the requesting user before the API limit is reached for the current hour." Since you can call this method without decrementing the number of calls you have available why can't TweetDeck be "smart" and say, if I made 20 calls in the past minute warn the user. Or implement a throttling mechanism itself where if I want to post it's spaced out in uniform time as to not hit my limit... Twitter needs a throttling API. People who are using more than 100 calls an hour are, rightfully, abusive in some form or another. Maybe, just maybe, they'll be opening up "premium" accounts next year as part of their revenue model. 500 calls per hour for $5/month.

In the end, it's not a problem. If you were Twitter, you'd be looking at the world from a different perspective I think.

Here's a method call example to rate_limit_status:

100
2009-03-04T18:53:25+00:00
1236192805
98

We should be using this information smarter! *cough*TweetDeck*cough*

I think you make a great point, and I wasn't trying to blame Twitter (title is because I think it's a use problem), simply suggest a way that a Twitterholic, or even someone who simply leaves TweetDeck running, can combat their accidental abuse of the API. Whereby adding a security feature in as well. I don't claim to know how Twitter handles it's use of the API so I couldn't begin to tell you how they could implement a 'logout'. Maybe a temporary IP ban? Which could also go into reporting. (Hey Twitter, this IP is using my account, and it's definitely not me). I can already see that leading into a support nightmare but you know, just pushing out ideas.

Actualy you CAN throttle TweetDeck's use of the API in the settings menu. there are 3 sliders that will poll how often each one can access the API and you can throttle from there. as well as does it have a lil space by the buttons up at the top right that says API calls remining. Do take this as I run TweetDeck spread wide so I can see 4 colums of data at one time. and I also tweak diffrent things on how information is pulled in tweetdeck, like groups and things of that nature.

Given the provided Apis, a client already has the ability of warning you that Twitter is being accessed from somewhere else. That'd be a start.

I agree with mubix. Cutting off a rogue client would be a great addition though.