[V4.5.2] - API Limit per hour - Reset

Posted by IramK on 03-Aug-2017 05:40


There is a limit of 1000 API calls per hour and we can go and change it from the shared.properties file on the server, however, if we logout and login, this limit gets reset as well. Is there any other way of knowing how many API calls have been made and how we can reset it without having to logout and log back in again?



All Replies

Posted by Srinivas Panyala on 03-Aug-2017 06:48

Hi Iram,

We can modify the Max API limits from Customer edit page. Follow the below steps to modify the limit for a customer.

1) Login as Master Admin

2) Navigate to Customer Edit page

3) Modify the "Max API Hits per Hour" field value. If the field not present in that page, please click on design this page -> drag and drop the field.

4) Click on Save

Follow the below steps to see the API hits count

1) Login as Tenant admin

2) Navigate to Setup Home -> API

3) You can see the following data

Max Hourly 200



Since 06:35 AM

Only server restart will reset the limit, not the logout action.



Posted by IramK on 03-Aug-2017 06:52

Hello [mention:14e2fe3492284304bfe1c3788c5e98bb:e9ed411860ed4f2ba0265705b8793d05] ,

I don't want to modify the limit. I'm aware of the fact that it can be done from the master tenant and needs a server restart, however, if you logout from the tenant and log back in, then the hourly API limit gets reset.


Posted by Srinivas Panyala on 03-Aug-2017 07:04

Sorry, I misunderstood your question. I thought you are asking about REST and SOAP APIs.

For AJAX APIs (MaxAjaxPerSession), there is no way to see the API hits count and no way to reset the value without logout action.



Posted by IramK on 03-Aug-2017 07:13

I did mention the Client-side API rbf_deleteRecord(). Yes, exactly so we can reset the value when we logout? Correct? It works the same way on portals, Correct?


Posted by Mohammed Siraj on 03-Aug-2017 08:22

Yes Iram, this Ajax API call limit applies to a user session and will reset automatically on logout & re-login. Also the same semantics apply for portal pages as well.

However, there is NO way to determine the current number of Ajax API calls made, we do not expose the counter publicly via any API or client-side SDK.

As a wrapper implementation, you can consider maintaining counter at your end, incrementing each time you make an Ajax API invocation. You may want to write this to HTML5 Session Storage to keep track of this counter across page navigations in a user session.

Posted by IramK on 03-Aug-2017 08:29

Hello [mention:78c86023544844079dc6455a4a7a4d57:e9ed411860ed4f2ba0265705b8793d05] ,

Thanks for your answer.

Portals: Yes, I have been trying to do this myself by logging the user out and logging them back in. Now, in order to perform the logout, I'm opening a new browser window from the existing browser window, entering the username,password and logging the user in. The user gets sucessfully logged in. However, when I continue making API calls (from the existing browser window), it seems like the API calls haven't been reset when the logout and login was performed as the existing browser window throws the "API call limit exceeded" error. Do I need to perform a refresh on the existing browser window as well? Kindly let me know how this scenario works.



Posted by IramK on 03-Aug-2017 08:35

Also [mention:78c86023544844079dc6455a4a7a4d57:e9ed411860ed4f2ba0265705b8793d05] , if you have some time today, I can do a quick screenshare session to demonstrate the behaviour. I am unable to create any support cases at the moment and I've reported to [mention:c6ad25f95bb84e839bc6845bc8789e44:e9ed411860ed4f2ba0265705b8793d05]. Also it would be good to get a grasp of how we can achieve this efficiently.


Posted by Thierry Ciot on 03-Aug-2017 11:59


I have transmitted the issue with you not been able to create support cases to Ganesh, the manager for RB support.


Posted by IramK on 04-Aug-2017 04:40

Thanks [mention:c6ad25f95bb84e839bc6845bc8789e44:e9ed411860ed4f2ba0265705b8793d05] . I shall wait for Ganesh to get back to me on that.

[mention:78c86023544844079dc6455a4a7a4d57:e9ed411860ed4f2ba0265705b8793d05] : Any updates?



Posted by IramK on 12-Aug-2017 06:33

Also, just as a side-note, do we have to make sure we close all browser sessions when we try to perform a logout and the existing browser sessions wouldn't know that the logout has been performed if we don't perform a refresh on them?

Posted by IramK on 29-Aug-2017 03:27

[mention:78c86023544844079dc6455a4a7a4d57:e9ed411860ed4f2ba0265705b8793d05] : Any suggestions on how I can achieve this?



Posted by Mohammed Siraj on 29-Aug-2017 04:03

Iram would advice against performing an implicit re-login from client-side.

If mandatory, an ideal approach would be to explicitly logout the user on identifying Ajax API limit exhaustion and ask him to re-login himself. Many e-commerce portals have this behavior with session inactive times configured very low and users being enforced to re-login.

For explicit logout, this should be initiated from the Rollbase server and not merely a re-login from client-side. You may want to analyse the portal logout behavior to analyse how this is acheived currently.

Posted by IramK on 29-Aug-2017 04:11

Hello [mention:78c86023544844079dc6455a4a7a4d57:e9ed411860ed4f2ba0265705b8793d05] ,

Would you/your team be able to help me out with this explicit logout scenario the way it is currently being achieved for portals? I am happy to get on a call in order to achieve this efficiently.



This thread is closed