Goodreads Developers discussion

The terms of service say to limit requests to at most one a second - does this apply to oauth calls like http://www.goodreads.com/oauth/reques... and http://www.goodreads.com/oauth/access...?

Yes, but if your users sign in too fast, we will not ding you. The intention is to prevent additional load to our web fleet from, automated api requests and poor api usage. Inserting sleeps into a oauth connection flow should not


if you're not preserving state and have 1000s of users reauthenticating every minute, then thats a problem, and we would take steps, to lessen impact on our other customers.

What does your app do?

The app will give recommendations based on the user's reading history and ratings.

I wouldn't think it would have a lot of traffic (especially in the beginning) but the only way to be sure that I'm not exceeding one request per second is to write code to wait between requests. I just wanted to check if I needed to add the complication to rate limiting to the oauth flow or not.

If I don't need to insert sleeps into oauth then this would be the flow for a new user:

* I get a response token using my API key and create an authorize URL.
* The user goes to the authorize URL, logs in and gets redirected to my callback URL.
* I get the verifier from the callback URL and use it to get an access token.
* I call auth_user to get the user ID (and wait a second).
* I call review/list to get a list of the user's read books (and wait a second).
* If the attributes on the reviews tag indicates that there are more results then I call review/list again (and wait a second). Repeat as necessary.
* I generate some recommendations based on the user's read books and show them to the user.

That should work fine for us. BTW review/list takes a per_page parameter, and i think the max is 200, I'd recommend going with the max.

Yeah, maybe I read more books than average but when I tested it with my account it was page 1/3 even with per_page set to 200 :)