Souncloud error rate_limit while getting authentication token

Question

My application just stopped getting authentication tokens from soundcloud. I am using php api and sending request as:

$client = new Services_Soundcloud(CLIENT_ID, CLIENT_SECRET, REDIRECT_URL);
$code = $_GET['code'];
$access_token = $client->accessToken($code);

It is returning me the following response since morning:

{"errors":[{"meta":{"rate_limit":{"bucket":"by-ip","max_nr_of_requests":100,"time_window":"PT1H","group":"oauth2_token"},"remaining_requests":0,"reset_time":"2015/08/13 12:03:38 +0000"}}]}

Till last night it worked fine with the same code.

Answer 1

SoundCloud, in their infinite wisdom, chose to roll out a rate limit on the /oauth2/token endpoint. They only allow 100 requests/hour from the same IP address. This causes major problems for applications that use the server-side authentication flow, since all requests to the /oauth2/token endpoint for that app originate from the server, causing it to hit the rate limit as soon as the app has more than 100 people try to authenticate within an hour.

I was able to work around this issue by switching to a client-side authentication flow using the SoundCloud Javascript SDK. This makes it so that your users' browsers make the /oauth2/token requests, and not your servers, which lets you avoid the rate limit.

This is all what I've learned by dealing with the problem myself- SoundCloud hasn't actually publicly released any documentation on this new rate limit. It seems they are becoming less and less developer friendly, so I would be wary of relying on the stability of their API in the future.