Notification Count Check Causing Too Many Requests

[bhavjitChauhan]

Since yesterday there have been reports from users of the extension that they are having trouble using the site. Users are seeing this modal pop up when trying to view their profile, the hotlist or open any program:

Khan Academy must've changed their backend to rate-limit getFullUserProfile queries because the reason the modal shows up is a 429 response code for the request. After submitting a support request with KA they identified the extension to be the culprit. I believe they are correct and the underlying reason is the notification count check the extension performs every 750 milliseconds.

Possible solutions may include:

• Disabling the notification count altogether
• Increasing the delay between requests
• Removing identifiable information in the headers of the request

[Willard21]

Do you happen to know what the new ratelimit is? I have a Discord bot checking my notifications once per minute, and it hasn't experienced any errors that I know of. But the endpoint I use is https://www.khanacademy.org/api/internal/user/notifications/readable

[MatthiasPortzel]

Thanks for looking into that.

Unauthenticated requests don't show the newNotificationCount, so that's not a viable option. And the notification checking is one of the more useful features of the extension so I'm not inclined to remove it entirely.

If we knew what the new rate-limit was, it would be very easy to slow down the requests accordingly. I'm unable to replicate this issue. Does KA set a "Retry-After" header on the 429 response? Moving to the internal API endpoint for it is definitely an interesting idea, if it works better, but of course that API will probably be removed at some point so it's not a long term solution.

Right now I'm leaning towards increasing the notification check to 5 minutes to ensure there aren't issues.

[MatthiasPortzel]

Our best guess is that KA rate-limits after 1,000 requests from the same user in one hour. (The current code makes 4,800 requests per hour.) To stay well under this, I'm proposing moving to 1 request per minute. I'm testing this locally to make sure everything works and then I'll push and release and everything.