Exceeded login limit using Blogger API with XMLRPC

  • jackitguitar · Member ·

    Hello,

    at Scoop.it our users can connect their WordPress accounts to share Scoop.it posts on their blogs. We are using the Blogger API with XMLRPC. Recently our users started to report issues with their WordPress connections, and we have found out that it comes from “exceeded login limit” errors being sent to our production servers.

    For example, here is what we get when calling the API:
    curl -H”User-Agent: Mozilla/5.0″ -i -X POST -d ‘<?xml version=”1.0″ encoding=”UTF-8″?><methodCall><methodName>blogger.getUserInfo</methodName><params><param><value><i4>0</i4></value></param><param><value><string>jackitguitar</string></value></param><param><value><string>***password***</string></value></param></params></methodCall>’ http://jackitjack.wordpress.com/xmlrpc.php
    HTTP/1.1 200 OK
    Server: nginx
    Date: Wed, 05 Sep 2012 13:37:27 GMT
    Content-Type: text/xml; charset=UTF-8
    Content-Length: 399
    Connection: keep-alive
    X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.

    <?xml version=”1.0″ encoding=”UTF-8″?>
    <methodResponse>
    <fault>
    <value>
    <struct>
    <member>
    <name>faultCode</name>
    <value><int>403</int></value>
    </member>
    <member>
    <name>faultString</name>
    <value><string>Bad login/pass combination.</string></value>
    </member>
    </struct>
    </value>
    </fault>
    </methodResponse>

    The answer looks as a basic login/password error, but it’s not the case. Indeed when doing the same request from other machines it works good. And when trying to connect to the wordpress blog admin from our production servers, we get the following error message: “You have exceeded the login limit. Please wait a few minutes and try again.”

    So our guess is that we have reached some kind of login limit which works per IP address, which explains why only our production address is impacted so far.

    Could you please confirm that this is the problem? Do you have any solution to bypass this rate limit (API key, …)?

    Thanks,

    Fred
    Blog url: http://jackitjack.wordpress.com/

    The blog I need help with is: (visible only to logged in users)

  • jackitguitar · Member ·

    sorry for the noise, we’ve just found the authenticated API here:
    https://developer.wordpress.com/
    It should fit our needs. Thanks!

  • The topic ‘Exceeded login limit using Blogger API with XMLRPC’ is closed to new replies.