API limitation and definition of a user

SOLVED
Go to solution
Highlighted
Occasional Contributor

API limitation and definition of a user

Hello and thanks for your help,

I have create an application to have a jwt token.

With this jwt token I generate token with 1 hour duration.

I have see there is a limitation with API to 4 uploads per seconde and per user.

 

But when I generate the token with 1 hour duration, I don't specify any username and I can use and generate simultaneously multiple token and renew it without any problem.

 

So I don't understand if the limit of 4 upload per seconde apply on each token generate so 1 token 4up/s, 2 tokens 8up/s, etc.

Or it is apply globally for the application or for pair of public/private key, etc.

 

So thank you very much to help me understand where is the limit. Because I can generate approx 20 token in same time without problem but if I try more than than I encounter the error 429.

 

Sorry for bad english, is not my native language.

 

7 REPLIES 7
Highlighted
Box Employee

Re: API limitation and definition of a user

@j2geu1  - You can read more about Rate Limits here: https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/

 

To add some detail... most rate limits apply in the context of a User (although per that page there are some that apply to the enterprise as well, i.e. the sum of all requests by all users in that enterprise). 


In your case, when you create the JWT application there is a user created by default, so when you generate a token it is for that user. If you generate multiple tokens for the default JWT USER, they all still operate in that user context and therefore you are subject to the same per-user rate limits, even if you have multiple tokens.

 

Note that it is possible to generate access tokens on behalf of other users. When using these tokens, the user context is that of the user for which the token was generated. That means if you generate two tokens, one for user A and one for user B - the combined rate 8 uploads/second (4 uploads / second * 2 users). Also please note that the rate limits are often referred to on the forums as per-second, but are generally implemented per-minute as described in the documentation. You should think of the rate limit as the maximum steady-state rate at which you can perform an action over time. In any given small unit of time (a few seconds, for example) there may be some variation. As such, it is better to think about the rate in minutes that in seconds most of the time.

Highlighted
Occasional Contributor

Re: API limitation and definition of a user

@dandennhardt 

 

Really thank you for the clarification.

There is a last point about user wich is not clear.

 
 
You say : "when you create the JWT application there is a user created by default" AND "That means if you generate two tokens, one for user A and one for user B - the combined rate 8 uploads/second"
 
So I I understand you, If I create 2 application with JWT token, I have 2  DIFFERENT default user. So 8upload per second.
 
Right ? If it is the case, it will solve my problem.
Highlighted
Occasional Contributor

Re: API limitation and definition of a user

@dandennhardt 

Really thank you for the clarification.

There is a last point about user wich is not clear.


You say : "when you create the JWT application there is a user created by default" AND "That means if you generate two tokens, one for user A and one for user B - the combined rate 8 uploads/second"

So I I understand you, If I create 2 application with JWT token, I have 2 DIFFERENT default user. So 8upload per second.

Right ? If it is the case, it will solve my problem.

Highlighted
Box Employee

Re: API limitation and definition of a user

@j2geu1 that is correct, but we recommend you don't create 2 JWT accounts. Instead, you can create an App User which will belong to your JWT app.

 

https://developer.box.com/reference/post-users/#param-is_platform_access_only


---
Developer Advocate @ Box
Highlighted
Occasional Contributor

Re: API limitation and definition of a user

Thank you @cbetta .

"but we recommend you don't create 2 JWT accounts"

Just to know why ? Is it a security concern or there is another reason ?

Highlighted
Box Employee

Re: API limitation and definition of a user

No security concern. It's more about it not being very practical. You would have to get 2 JWT apps approved by your admin, and you would need to get 2 JWT private keys and config files. All of this is more work than using 1 (or many) App User(s).


---
Developer Advocate @ Box
Highlighted
Occasional Contributor

Re: API limitation and definition of a user

Thank you everybody for clarification. I accept the solution.