Question

API rate limiting questions

  • 22 March 2023
  • 5 replies
  • 81 views

Userlevel 3
Badge +2

Hi Karbon community & API users - 

The Karbon API is growing in popularity and use - we’re still a way away from that popularity impacting the speed and availability of the API, but we’re conscious that at some point we will need to address this and don’t want it to come as a shock to anyone.

We’d love your thoughts on API rate limiting and performance - but for now the sorts of limits we’re proposing would be something like:

  • 10,000 requests per day per Karbon account/API application key
  • a maximum of 60 requests per minute

Where the limit is exceeded, we’ll respond with a different HTTP status code (429) and a header telling you when you can try again.

Specific questions:

  • Have you ever had to deal with API rate limiting before?
  • Would these limits cause you issues?
  • Are there behaviours in the API today that cause you to send more requests?
  • Are there any performance (e.g. response speed) issues that impact your API use today?

Many thanks,
Stuart


5 replies

Userlevel 7
Badge +19

We’d love your thoughts on API rate limiting and performance - but for now the sorts of limits we’re proposing would be something like:

  • 10,000 requests per day per Karbon account/API application key
  • a maximum of 60 requests per minute

Does this mean if we have 10 users, we get 100,000 requests/day, etc.?

  • Have you ever had to deal with API rate limiting before?

I have never had to deal with it. Sounds like a pain, lol.

 

  • Would these limits cause you issues?

It would complicate the code, obviously. Some things are real-time dependent while others are not. I would much prefer a limit based on hours instead of days. Otherwise, an overnight poll might knock out other API functionality for the following day.

  • Are there behaviours in the API today that cause you to send more requests?

Webhooks only send bare minimum data, so every webhook requires at least one additional API call to get the actual data.

Also, the way time entries work, I must poll timesheets each night, then loop through and make an API call for each timesheet to get the time cards… I’m not sure how many total calls that makes, but I could see hitting 10,000 pretty quickly since I have to poll a rolling 90 days-worth of data to capture any possible changes (no webhooks for time entries/timesheets).

  • Are there any performance (e.g. response speed) issues that impact your API use today?

Not yet, but I have some ideas that may benefit from quick API responses.

I can see a possible future where our firm develops a third-party app that does something in Karbon or with the Karbon API. In that case, our app may far exceed these limits. Our firm may also grow to the point that our home-grown internal API usage surpasses these limits.

Would it be possible to purchase additional API resources?

Userlevel 2
Badge +1

@StuartK I have dealt with rate-limiting but only on a per-second basis

 

I believe it’s no more than 25 requests per second for a CRM one of my clients uses

 

just as we are imagining foreseeable growth on your end that will absolutely require rate-limiting, I can imagine any of my clients growing to the extent that a daily total limit might be very frustrating

 

do you have the ability to track the number of daily requests our API Access Keys are making?

Userlevel 3
Badge +2

do you have the ability to track the number of daily requests our API Access Keys are making?

Thanks Mike - that’s useful info!

We do have this - but it’s a historic report. Based on the data over 99% of Karbon users are a long way under the proposed limits - with the other fraction of a % sitting at about 50% of the threshold.

 

Userlevel 3
Badge +2

 Sorry for the slow response @max!

Does this mean if we have 10 users, we get 100,000 requests/day, etc.?

At the moment the limit would be per API auth access token, rather than per Karbon account. So the limit for an integration with a third party vs your own integration would be different totals.

Webhooks only send bare minimum data, so every webhook requires at least one additional API call to get the actual data.

Also, the way time entries work, I must poll timesheets each night, then loop through and make an API call for each timesheet to get the time cards

Fair point on the hourly vs daily limit and long running jobs and the timesheets - I’ll have a look at the data we have to see how this plays out for an account like yours.

Would it be possible to purchase additional API resources?

Great question - I would say yes, there will be some way to extend your limits, it might be paid, or based on using off-peak hours to sync data. But it also makes a case for improving our APIs so you can can make fewer requests.

 

Userlevel 7
Badge +19

We’re transitioning to KPI for the firm, so I have much less API anxiety now. 😁

Reply