#1 - Aug. 5, 2011, 10:36 p.m.
First of all, every request we receive is associated with an application. Even when an unauthenticated request comes in, we create a temporary fake application with an id generated from the IP address of the request. Each application falls under an application level or type and each of those levels/types has an associated point value.
Instead of throttling applications by the number of requests made, we look at the cost of the requests made. For example, requesting realm status information is very cheap, therefore has a reduced request cost compared to looking up a guild, which is more expensive.
It doesn't make any sense to say what the exact cost of requests are because we regularly evaluate and tweak the cost of requests based on hardware, software and application usage. What I can do is give you some rough guidelines to use when making lots of requests to the API.
- Requests that hit the data APIs and the realm status cost the least. These represent the baseline cost of a request.
- Characters are expensive to request, but we employ considerable caching to reduce this cost. They can be considered 3x the cost of the baseline.
- Guilds are expensive, especially fetching membership information. We cache as much as possible, but they still run about 3x the cost of the baseline.
- When you use HTTP last modified headers and get a cache hit (that is to say no information needs to be returned), the cost of that request is reduced to the baseline.
- Getting the list of AH dumps for a realm is cheap, so we'll consider it the same as the baseline.
- Downloading one of the generated AH dump files has no cost as it is generated offline and served as a static file.
When an application, either anonymous or registered, spends more points in a day than it has available, based on the application type/level, the request is denied.