I am trying to establish what a token is in the instagram API. The API limit is 5000 per hour per token. Does this mean we can only call the API 5000 times collectively for all our app users or is it 5000 times per user per hour? Thank you.
It depends on whether you're using your client_id or access_token. (Recall that the client_id is app-wide while the access_token is per user.) If you're using just the client_id the limit is 5000 requests/hour app-wide, while if you're using the access_token it's 5000 requests/user/hour.
Related
I created a Web API that uses AAD for authentication. The client is a daemon application requesting tokens from AAD using client id and secret.
I was doing a stress test on the client/web API where a client requests a token for each call to the service.
After around 26 mins of the test run, I start to see a very high request rate error from AAD when trying to get the token.
I understand I can reuse the token and avoid the issue but, I am curious to know what's the throttle limit? Does anyone have a pointer to the document explaining the request rate limit/throttle?
Thanks!
Throttling behavior can be dependent on the type and number of requests. For example, if you have a very high volume of requests, all requests types are throttled. Threshold limits vary based on the request type. When you reach the limit, you receive the HTTP status code 429 Too many requests. Exact request rate limit is not exposed currently.
Please refer these articles which may help you in understanding more.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/request-limits-and-throttling
https://learn.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#retry-usage-guidance
I made my custom backend with nodejs using firebase cloud functions and the auth token expiry time is only 1 hour for the admin sdk how to increase the expiry time of token or something to counter this issue without using the firebase-client in my web app
If you're creating custom tokens you're bound by this requirement that Firebase places on the exp claim:
exp: Expiration time
The time, in seconds since the UNIX epoch, at which the token expires. It can be a maximum of 3600 seconds later than the iat.
You might want to look into session cookies, which (according to the documentation) allow:
Ability to create session cookies with custom expiration times ranging from 5 minutes to 2 weeks.
Am i getting this right?
https://www.instagram.com/developer/authentication/
A visitor of a website that calls the Instagram API must login with their own account in order for the application to fetch data from the Instagram API?
Certainly it's the best way to do it.
Until June 2016 it's also possible to use client-id to make requests despite of access token. But this is deprecated, so don't use it.
From Instagram:
The Instagram API requires an access_token from authenticated users for each endpoint. We no longer support making requests using just the client_id.
To avoid users must login, you can authorize your user to create an access_token and make all requests with this token. But it's not a good idea because of the rate limits on the API.
From Instagram:
All rate limits on the Instagram Platform are controlled separately
for each access token, and on a sliding 1-hour window.
And Global Rate Limits:
Sandbox Mode - 500 requests/hour
Live Mode - 5000 requests/hour
So if you use just one access_token you will be limiting to 5000 requests per hour (live mode) to all users of your site and your app access could easier be blocked by Instagram.
The best and safer way is to force users to login with Instagram, generate an access_token for each user and then perform requests using users token (with 5000 requests per user, per hour).
Good luck.
DocuSign RestAPI Guide says "Up to 10 access_tokens are supported per userId."
I have been using demo.docusign.net account to create access tokens. More than 10 access tokens are generated by this account using the same Integrator key and username.
There are some posts related to OAuth access token limit
DocuSign OAuth Token error - “An entry with the same key already exists” when access token limit crosses 10.
I verified lists of tokens generated at Preferences -> connected Apps in my DocuSign web console. They are already been crossed 50 and no maximum limit exception been thrown by DocuSign endpoint.
So What is OAuth2 access token limit? Is it only applicable to Production environment?
The user OAuth token limit has been increased in the DocuSign Demo (Developer) environment to 200. The OAuth token limit in production, though, is still the expected 10. Once you try to create more than 10 tokens in production it will error out.
I have using docusign node module for using embedded signing flow. Things have been working fine but suddenly we have started seeing errors such as access token limit exceeded.
Here is the error
Description: Maximum number of access tokens exceeded.
at /Users/amitagwl/Projects/Personal/support.birdeye.com/node_modules/docusign-node/components/auth.js:105:17
Questions:
In quick look up I found that production accounts have 10 as token limit. Why is that ? If I have exceeded the limit, does it mean I can't use my account any more ?
Can I reuse existing token ? How do I see my previously created token ?
Each application is allowed 10 tokens per authenticated user. In other words your app can connect to a user's account only 10 times. The tokens can (and should) be reused. Typical apps will require only one token for each user - or one token for each account of Send-On-Behalf-Of is used.
In general you should authenticate once, get the token, store that token, and use it for future access to that user's account. The user may revoke that token at any time so your app should prompt for authentication if necessary.
I got the answer. Tokens can be revoked under "connected apps". (Classic experience only).