3 Replies Latest reply on Jun 22, 2017 10:59 AM by ryanrutan

    Are there rate limits implemented into JIVE APIs?

    jayjayprod

      Hello,

       

      JIVE APIs are accessible freely to any user (with its identifiers).
      This poses a risk to the stability of our  on-premise platform (an inappropriate use of APIs hampers the performance of the platform - and unfortunately we have experienced this issue in the past).

      Note : This also poses a security risk and our policy for processing company data and personal data : the latter, while free of access, are not intended to be exploited by any person / entity.

       

      • Is a rate limitation implemented into JIVE APIs?
      • If no, what types of limitation have been implemented (payload size limit? number of requests/s?...) ?
      • Are those limitations configurable?
      • Is it possible to "close" API access (via Basic Auth) to the users of the platform?

       

      Thanks you for your help !

        • Re: Are there rate limits implemented into JIVE APIs?

          So there are a few things to note her:

          - Rate limiting is enforced inside a Jive App / Tile to prevent degradation from within an extension.

               - To my knowledge, rate limiting is handled via standard DDoS prevention mechanisms at the network level, but not within Jive and not limited to just the API.

               - I would recommend filing a support ticket to get the official answer on this

          - I'm not sure if the Network settings are configurable in Hosted/Cloud solutions, but obviously you have this control in On-Premise.

          - I do not believe there is a mechanism to close off API access, but it's been a long time .. so need to look into the code to see if I'm imagining things.  My gut says that it will be hard/difficult to reliably do this internally in the app, but if you did a network level block of "/api/**** where Authorization header is Basic.

           

          Either way, I'd recommend filing a support ticket to get official answers, as they would be the ones to facilitate setup in most of these scenarios.

           

          Hope that helps a bit.

          2 people found this helpful