fix(auth): resolve V2 API 429 rate limit during authentication#34
Draft
mattpetters wants to merge 1 commit intodev-mirzabicer:mainfrom
Draft
fix(auth): resolve V2 API 429 rate limit during authentication#34mattpetters wants to merge 1 commit intodev-mirzabicer:mainfrom
mattpetters wants to merge 1 commit intodev-mirzabicer:mainfrom
Conversation
The V2 API signon endpoint now requires additional headers to avoid 429 rate limiting at the AWS ELB level: - Add Origin: https://ticktick.com header - Add Referer: https://ticktick.com/ header - Update X-Device header to use full web app format (os, device, channel, etc.) The version number in X-Device is NOT strictly validated - the original 6430 works fine. The key fix is the Origin/Referer headers and the full X-Device structure. Fixes dev-mirzabicer#33
mattpetters
force-pushed
the
fix/v2-auth-429-rate-limit
branch
from
3c63359 to
23f4ab5
Compare
TWDickson
added a commit
to TWDickson/ticktick-sdk
that referenced
this pull request
Mar 9, 2026
- Add Origin: https://ticktick.com header - Add Referer: https://ticktick.com/ header - Update X-Device header to web app format with full device info - Update User-Agent to Chrome 120.0 Fixes upstream issue dev-mirzabicer#33, based on PR dev-mirzabicer#34 by mattpetters
hardane
pushed a commit
to hardane/ticktick-sdk
that referenced
this pull request
Mar 16, 2026
- auth.py & client.py: Mimic real browser headers (Chrome UA, Origin, Referer, full x-device) to avoid TickTick's AWS ELB rate limiting. Ref: dev-mirzabicer#34 - task.py: Add field_validator for repeat_from to handle string/empty values from TickTick API (e.g. "0", "1", ""). Ref: dev-mirzabicer#29 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #33 - V2 API returns 429 rate limit during
client.connect()after fresh OAuth flow.Root Cause
TickTick added rate limiting at their AWS ELB level that blocks requests missing proper browser headers. The SDK's minimal header approach was being flagged as bot traffic.
Changes
Origin: https://ticktick.comheader (required)Referer: https://ticktick.com/header (required)X-Deviceheader to match web app format with full device info6430to8010Investigation
Headers were identified by:
Testing
Verified fix works with: