Migrated from Redmine #1220 | Author: Ngoc Phung Status: New | Priority: Immediate, there is BUG! | Created: 2024-04-19
hi, we have several accounts right now, on both Cluster and Enterprise, some of them using json rpc api, some using REST api.
However, sometimes we receive error message saying ‘Access denied’ on our peak hours, I guess it’s because we send too many requests at a same time and be blocked by SBM so we are trying to investigate the token generation function of SBM to optimize our code.
My questions are:
Is the token life time same for both admin and non admin tokens?
Is there a difference in the life time between tokens generated with jsonRpc or rest?
From looking at our log, the token seems to last only 10 mins. Is that the case or we are wrong?
Since this affect our sales right now, pls help to support urgently. Thanks a lot in advance
We dont change pw, but the volumn during our peak is quite big so I assume we do send lots of requests.
Can you specific what is the expect token life time?
And can you advise how many requests we could reach before being blocked by your ddos protection?
Does the limit on contract visible on account > Subscription? If it does, how should it say? I am trying to find it on SBM but not sure what is the right place
I only see this example ‘4.2. You hereby understand and agree that a high volume of bookings can cause Your Client(s) to be unable to make a booking in which case they may receive a message to try to book again. This can happen for example when 50 people try to process a booking with a user account in less than 30 seconds or send more than 5.000 API requests per day, accepting that the number of parallel requests is limited by maximum 2 at same time and not exceed 5 requests per second on common servers. In the case a user system causes the server to have extraordinary load, or comes under a DDOS attack, SimplyBook.me may at its own discretion take your system temporarily off-line until the load has passed away.’
Can you show me exactly the numbers for enterpsie and non-enterprise?
2.4. You hereby agree and understand that where you purchase the enterprise solution of the Software (find our more here), subject to additional legal provisions and agreements to be concluded, there are different limits such as: 25.000 API requests per day limit when using the common enterprise server or unlimited requests limited by server specifications, when using the dedicated servers.
4.2. You hereby understand and agree that a high volume of bookings can cause Your Client(s) to be unable to make a booking in which case they may receive a message to try to book again. This can happen for example when 50 people try to process a booking with a user account in less than 30 seconds or send more than 5.000 API requests per day, accepting that the number of parallel requests is limited by maximum 2 at same time and not exceed 5 requests per second on common servers. In the case a user system causes the server to have extraordinary load, or comes under a DDOS attack, SimplyBook.me may at its own discretion take your system temporarily off-line until the load has passed away.
4.2. You hereby understand and agree that a high volume of bookings can cause Your Client(s) to be unable to make a booking in which case they may receive a message to try to book again. This can happen for example when 50 people try to process a booking with a user account in less than 30 seconds or send more than 5.000 API requests per day, accepting that the number of parallel requests is limited by maximum 2 at same time and not exceed 5 requests per second on common servers. In the case a user system causes the server to have extraordinary load, or comes under a DDOS attack, SimplyBook.me may at its own discretion take your system temporarily off-line until the load has passed away.
This says ‘for example’, so it’s an example or it’s real that 50 people within 30 seconds will trigger the ddos protection?
and you mentioned about ‘25.000 API requests per day limit when using the common enterprise server’, also the Term and Condition says ‘more than 5.000 API requests per day’. So what is correct?
I am also not asking about any legal questions, but just asking you mentioned 25000 limit per day, but your Term and Conditions said 5000 limits. So which one we should consider? I am not making up these numbers but you and your websites are mentioning about different one which is confusing to users like me.