3 Replies Latest reply on Jun 22, 2017 10:59 AM by Ryan Rutan

    Are there rate limits implemented into JIVE APIs?

    jayjayprod

      Hello,

       

      JIVE APIs are accessible freely to any user (with its identifiers).
      This poses a risk to the stability of our  on-premise platform (an inappropriate use of APIs hampers the performance of the platform - and unfortunately we have experienced this issue in the past).

      Note : This also poses a security risk and our policy for processing company data and personal data : the latter, while free of access, are not intended to be exploited by any person / entity.

       

      • Is a rate limitation implemented into JIVE APIs?
      • If no, what types of limitation have been implemented (payload size limit? number of requests/s?...) ?
      • Are those limitations configurable?
      • Is it possible to "close" API access (via Basic Auth) to the users of the platform?

       

      Thanks you for your help !

        • Re: Are there rate limits implemented into JIVE APIs?
          Ryan Rutan

          So there are a few things to note her:

          - Rate limiting is enforced inside a Jive App / Tile to prevent degradation from within an extension.

               - To my knowledge, rate limiting is handled via standard DDoS prevention mechanisms at the network level, but not within Jive and not limited to just the API.

               - I would recommend filing a support ticket to get the official answer on this

          - I'm not sure if the Network settings are configurable in Hosted/Cloud solutions, but obviously you have this control in On-Premise.

          - I do not believe there is a mechanism to close off API access, but it's been a long time .. so need to look into the code to see if I'm imagining things.  My gut says that it will be hard/difficult to reliably do this internally in the app, but if you did a network level block of "/api/**** where Authorization header is Basic.

           

          Either way, I'd recommend filing a support ticket to get official answers, as they would be the ones to facilitate setup in most of these scenarios.

           

          Hope that helps a bit.

          2 people found this helpful
            • Re: Are there rate limits implemented into JIVE APIs?
              jayjayprod

              Thank You for your help!!
              We've been looking for a solution about this for a year !

              (We already made a support ticket but with no responses since February ! )

               

              I have a further question:
              are oAuth Client Addons also concerned by rate limiting in JIVE?
              (as far as Jive App/Tile are concerned)

                • Re: Are there rate limits implemented into JIVE APIs?
                  Ryan Rutan

                  So the only internal rate limiting that I've seen in Jive is when you are using the osapi.jive.* functions (possibly even osapi.http.*), since these get proxied on your behalf through the OpenSocial/Shindig sub-system.

                   

                  Other than that, I am not directly aware of any internal Jive throttling (code based) that happens to /api calls using OAuth or Basic beyond the DDoS protections I've discussed.

                  1 person found this helpful