We published an API through the WSO2 API Manager (currently v2.1 but will soon switch to v2.6) Publisher and throttled it to 100 req/s max (advanced throttling rule).
What will be the HTTP return code in case of too many requests reaching the maximum allowed per second?
This WSO2 documentation page:
https://docs.wso2.com/display/AM260/Error+Handling
gives many APIM error codes (including those for throttling limits) but the binding with HTTP code is incomplete and we need to give it to our client.
Is the 900802 APIM error code bound to the HTTP 429 error code as is the 900801?
What about codes between 900803 and 900807?
Thank you for your help.
The following are the HTTP status codes.
900801 - 503
900802 - 429
900803 - 429
900804 - 429
900805 - 429
900806 - 429
900807 - 429
You can identify those codes using [1], [2] and [3].
[1] - https://github.com/wso2/carbon-apimgt/blob/53123b847047564cc342cbbed76c9ccf8a097516/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/throttling/APIThrottleConstants.java#L23
[2] - https://github.com/wso2/carbon-apimgt/blob/c95361146f7ee15f80f61611a97066545c35664d/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/throttling/ThrottleHandler.java#L620
[3] - https://github.com/wso2/carbon-apimgt/blob/53123b847047564cc342cbbed76c9ccf8a097516/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/throttling/APIThrottleHandler.java#L267
Related
Linkedin Creative API endpoint request limit per day seems to be dropped from 1 million requests to 5000 requests.
The API returns the response after the 5000 request limit is raised - HTTP-error-code: 429, Error: Resource level throttle APPLICATION DAY limit for calls to this resource is reached.
Earlier Base URL API endpoint with 1 million requests - https://api.linkedin.com/v2/adCreativesV2. Reference
Latest Base URL API endpoint with 5000 requests - https://api.linkedin.com/rest/creatives. Reference
In my API Gateway, I use 422 status code for errors that are not related to the standard HTTP status codes (400, 403, 404 ...)
I linked my API Gateway stage to a CloudFront distribution.
When I invoke my API with the default URL (https://#####.execute-api.us-east-1.amazonaws.com/stage) I always get the 422 error as "422 Unprocessable Entity (WebDAV) (RFC 4918)"
But when I invoke it throw the CloudFront distribution, sometimes I get "422 Unprocessable Entity (WebDAV) (RFC 4918)" for POST requests, and sometimes I get "422 Unknown" for GET requests. This broke some tests that check for the HTTP status name.
What is the expected behavior for this HTTP status code?
I've setup a denyByRequestRate restriction on my IIS website. When the caller exceeds the defined request rate it gets 403 Forbidden.
Is there a way to change the HTTP response code to 429 Too many requests in order to implement a proper retry policy on the caller side?
Returning 403 is by design if you read any Microsoft article on this topic, https://learn.microsoft.com/en-us/iis/manage/configuring-security/using-dynamic-ip-restrictions
If your caller side requires 429 instead of 403 and you have no way to modify the caller code, then your only option is to develop your own IIS extension to hijack those 403 responses and translate them to 429.
RFC 2616 says 502 means: "The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request."
What exactly counts as an invalid response? Does this include something like a 500 from the upstream server?
Imagine that you have implemented and API that aggregates responses from a couple of third party servers. E.g. you have an application that if asked for info about lol#lol.com user will return all the public data about this user from FB, TW and G+.
More or less your API acts as a proxy server. Now if one of these requests fails you have a choice what will be returned to the client. If you want to be explicit about how your application works you can return 502 Bad Gateway along with message: Sorry, request to FB failed for whatever reason and that's all. But you can also hide the implementation details and return a e.g. 409 Conflict response along with details: Have no info about the user's FB activity.
In this particular example 207 Multi Status would be also very useful.
The Xively API is rate-limited but I'm trying to understand what the limits are so that I can adjust my client accordingly. In fact there seems to be more than one limit: in some cases I see a 406 (Not acceptable) HTTP response, and other times I see a 403 (Rate too fast) HTTP response.
I think the 406 occurs when the number of API calls exceeds a certain rate - in my test the limit seems to be around 25 API calls per minute. The HTTP response includes a "Retry-After: 5" header.
If my test queries more than one device the limit still seems to be 25 API calls per minute - I don't think this limit is per device. The 406 error code is not mentioned in the Xively API documentation.
The 403 error code is described in the Xively documentation: https://xively.com/dev/docs/api/communicating/usage_limits/
The page talks about per-device limits and suggests the limit is different for reading and writing but doesn't really give any more detail than that.
Can anyone shed any more light on what the limits actually are? I am currently using a development-mode account - it's possible the 406 error only occurs in development mode. However the link mentioned above suggests you can get the 403 error in production mode too.