API Limits Documentation / Throttling

Will the API limits, especially around things like per-API-key throttling, be documented?


The specific use case I'm thinking about is around managing App Store Connect access for users inside of large organizations. Suppose there exists a system that is responsible for facilitating user invitations, managing user roles, and periodically auditing that user access is valid according to internal policies.


Since such a system would have both periodic API usage (for auditing) and human-generated API usage (for invitations and roles), would API requests made with the same API Key be at risk for getting throttled?


Would it be wise to have a separate API key for requests that we can control the rate for?


For human-generated requests, would I need to implement some sort of least-recently-used API Key pool to avoid getting throttled?


These sorts of questions (and more) could be self-solved if the API documentation were to describe the how the API does throttling.

Up vote post of Calypso Down vote post of Calypso
6.6k views
Posted by
Calypso
Reply
Add a Comment

Accepted Reply

Hi Calypso!


I can't address your question about specific limits, which may vary. But I can provide some technical details that may help in your planning.


Every response from the API includes a 

X-Rate-Limit
HTTP header. Its value has this form:


user-hour-lim:10;user-hour-rem:8;


user-hour-lim
indicates the number of requests you can make per hour with the key being used. 
user-hour-rem
shows how many requests remain. So in this example, you are limited to 10 requests per hour, and you have 8 remaing. (Note that actual limits will be higher than this example.) This is a "rolling hour" so in practice, at any moment, the 
user-hour-rem
value is your per-hour limit minus the total requests you've made in the previous 60 minutes. The 
user-hour-lim
may change over time, so if you're trying to throttle a long-running process to work continuously you should consult this header on your first request and set your delays accordingly.


If you exceed your per-hour limit, the API will begin rejecting requests with an HTTP 429 response with the error code 

RATE_LIMIT_EXCEEDED
. You can find out more about how to interpret API errors here:


https://developer.apple.com/documentation/appstoreconnectapi/interpreting_and_handling_errors


If the limit in place for your keys is too small for your user-initiated scenarios, you might consider caching response data, coalescing requests from multiple users into one, or implementing a queue to fulfill user requests with throttling.


Hope this helps!

Posted by
App Store Connect Engineer
Up vote reply of App Store Connect Engineer Down vote reply of App Store Connect Engineer
Post marked as solved
Add a Comment

Replies

Hi Calypso!


I can't address your question about specific limits, which may vary. But I can provide some technical details that may help in your planning.


Every response from the API includes a 

X-Rate-Limit
HTTP header. Its value has this form:


user-hour-lim:10;user-hour-rem:8;


user-hour-lim
indicates the number of requests you can make per hour with the key being used. 
user-hour-rem
shows how many requests remain. So in this example, you are limited to 10 requests per hour, and you have 8 remaing. (Note that actual limits will be higher than this example.) This is a "rolling hour" so in practice, at any moment, the 
user-hour-rem
value is your per-hour limit minus the total requests you've made in the previous 60 minutes. The 
user-hour-lim
may change over time, so if you're trying to throttle a long-running process to work continuously you should consult this header on your first request and set your delays accordingly.


If you exceed your per-hour limit, the API will begin rejecting requests with an HTTP 429 response with the error code 

RATE_LIMIT_EXCEEDED
. You can find out more about how to interpret API errors here:


https://developer.apple.com/documentation/appstoreconnectapi/interpreting_and_handling_errors


If the limit in place for your keys is too small for your user-initiated scenarios, you might consider caching response data, coalescing requests from multiple users into one, or implementing a queue to fulfill user requests with throttling.


Hope this helps!

Posted by
App Store Connect Engineer
Up vote reply of App Store Connect Engineer Down vote reply of App Store Connect Engineer
Post marked as solved
Add a Comment