API Throttling & You

(Martin Cash) #1

Recently I’ve had a lot of questions surrounding how API throttle works. My attempt in this post is to clarify exactly how it woks for both oAuth and the Legacy Authentication Method.

Starting with oAuth
You are limited to a total of 125,000 api calls per day (25 calls per second max) across all Infusionsoft applications you are sending data to.

For the Legacy Authentication Method

Our throttling system is setup like a bank account. You have so many dollars (will be called tokens) in that account you can use. Every Infusionsoft Application has a bank of 10,000 tokens. For every API call that is made, 1 token gets removed from that bank. However, for every 500ms that there is not an API call, you get one token back in the bank, up to the max of 10,000 tokens.

When you run out of tokens, your API call gets delayed 500ms until you get a new token. For instance, you are out of tokens and you have 4 API calls come in at the same time. The first one will be delayed 500ms, the next one 1 second then 1.5 seconds and finally 2 seconds.

Once you hit 4 threads being throttled, you will then start to receive an error stating you have been throttled. The only way to become un-throttled is to cease all API calls. It takes approximately 1.5 hours of no API calls to regenerate all 10,000 tokens. You will receive the following error:

Server returned a fault exception: [500] Server encountered exception:  com.infusionsoft.throttle.ThrottlingException: Maximum number of threads  throttled


When does a notification about being throttled happen?
Legacy Authentication Method Currently, we do not send out a notification when you get throttled for the Legacy Authentication Method.
oAuth The response of each post in the header will have the per second limit as well as the daily limit. An Email is also sent at 65% and 100% of the daily usage. An Email is also sent at 100% of the per second usage. The usage can also be found in the developer center under the developer application and reports (This is updated periodically but can be downloaded as a CSV)

Are bulk extra tokens available for specific and infrequent times?
Legacy & oAuth Bulk extra tokens are not available.

Is it possible to up the 10k token limit?
Legacy No. it cannot be increased.
oAuth The limit is implemented to maintain stability for an Infusionsoft application. If the developer application is being used by multiple Infusionsoft applications then the limit can be increased after an approval process where best practices are shown.

Is there a place to see the current amount available?
Legacy We do not currently have a place for this.
oAuth In the response headers of each API call using oAuth the used and limit can be seen. Subtracting these amount will give you the current amount available.

Is it possible to track how much or test to see how much is being used in each instance? (A report of tokens used over a specific time or log of them available to us?)
Legacy A one-time report of API calls made during a specific time period if requested in a developer ticket can be done. We ask that you move to oAuth if you a second report is needed
oAuth Logging into the developer center will allow you to view a report of different statistics as well as download the report in a csv format.

Helpful Resources
(John Borelli) #2

@martinc, As I understand it (I could be wrong so I’m asking) this throttle model applied to the SDK not the new api or REST as there are different levels for tokens available and a method for getting throttling status’ in the latter? Is this understanding correct?

(Michael Fairchild) #3

@John_Borelli, you are correct that this post currently only applies to the legacy api encryption key. The post will be updated soon to reflect both throttling methods.

(Jon Smith) #4

It has been updated. Thanks for pointing this out.