A mobile app using the Google Analytics API ran into a really good problem to have. It got popular. The Analytiks app had enough users that it was frequently going beyond the 50K requests per day allotted to each developer. Each users has to authenticate, but then all share a single pool of requests. By contrast, the Twitter API's per-user limit makes more sense.
Analytiks for iPhone creates beautiful charts and graphs from your Google Analytics data. It's cleanly presented and became a favorite of dashboard-seeking website owners.
"We got to a point of 4.4 downloads per minute and, as you can imagine, we reached the 50K half the way through the day," said Analytiks creator Stefanos Kofopoulos. "We asked Google to increase that limit to 100K, but we broke that limit, too. We got loads of 1 star reviews for obvious reasons, people couldn't use Analytiks."
Google, to its credit, has now given Analytiks a much larger quota. But it points to per-app restrictions as an obsolete method for limiting applications.
For some time, Twitter has had per-user Twitter API rate limits for apps using multiple user OAuth Authentication. The rate is low: 350 requests per hour. But this helps avoid single users hitting a quota immediately based on the requests of other users.
With the Twitter API changes in August, the company also announced user limits. If an app needs more than 100,000 users, the developer must request specific approval. While the process for approval isn't well-defined publicly, the concept works well with the per-user limit. It gives the API provider some controls while letting the developer have plenty of runway.
According to Kofopoulos, Google Analytics does have a per-user limit of five requests per second. However, those requests also count against the overall application limit. However, if Google implemented the Twitter method for its Analytics API, the Kofopoulos' iPhone app would not have experienced the growing pains. Or, at the very least, the developer would have had more time to see the limit coming.
With over 400 OAuth APIs, more providers should consider making per-user rate limits.