Who will be impacted by these changes?
The following material only applies to Extensions submitted for review on or before January 31, 2020, a subset of Extensions we previously mentioned in Requiring OAuth for Helix Twitch API Endpoints that could continue to use Helix endpoints without authorization.
In that announcement, we mentioned that rate limits would no longer be based on IP address, though we did not explicitly state this rate limit change would affect all applications, including the Extensions given OAuth exemptions.
What’s changing and why?
We recently discovered that these Extensions were incorrectly rate limited per minute per IP address, rather than rate limited per minute globally. Some Extensions have relied on the throughput permitted by this logic, so to correct the rate limit and minimize disruption for these Extensions and their users, we’ve taken the following actions:
- For any Extension over 30 RPM during the last two weeks, we updated its rate limit to whichever of the following values was the greatest: its current rate limit, 800 RPM, or 120% of the peak RPM.
- We began enforcing the correct rate limiting policy (i.e. global vs IP-based) as of today, January 26, 2021.
These increases should provide sufficient tokens for your requests to Helix without the need of IP-based rate limiting.
What action needs to be taken?
No action is required. If you own and operate one of the Extensions submitted on or before January 31, 2020 and request Helix endpoints, you should notice a update to your Ratelimit-* response headers.
If your Extension front end is calling Helix endpoints, please consider employing caching, throttling, or proxying requests through your backend or the Extension configuration service to achieve more efficient request rates. Additionally consider ensuring your front end has logic to gracefully back-off requests when a 429 is returned.
If you have any questions or comments regarding this rate limit update, please add them below.