search

zelloptt / zello-channel-api

WebSocket-based API and SDKs to connect to Zello channels (BETA)
MIT License
88 stars 35 forks source link

Hitting 429 Too Many Requests #15

Closed achwedyk closed 6 years ago

achwedyk commented 6 years ago

Hi,

We're hitting Too Many Requests error when using JS SDK and using this simple code:

const session = new ZCC.Session({
    serverUrl,
    channel,
    authToken,
    username,
    password
});

session.connect();

In Chrome:

WebSocket connection to 'wss://zellowork.io/ws/***' failed: Error during WebSocket handshake: Unexpected response code: 429

In Safari:

WebSocket connection to 'wss://zellowork.io/ws/***' failed: Unexpected response code: 429

That happens both using developer tokens and production ones. It's intermittent but more often fails than works. Across multiple machines and for different user credentials.

I've checked docs (AUTH.md) and (API.md) but I couldn't find any info about this error: what are the actual limits and how to fix.

Any ideas?

agatx commented 6 years ago

You are hitting new connection limits, which are currently set at 10 per minute per IP. Since the API is designed to use persistent connections this is sufficient for most applications. If your scenario requires rapid creation of connections from the same IP please contact us with details about what you are trying to accomplish.

tompierce commented 6 years ago

Further investigation seems to indicate we have a authorisation problem.

It looks like the JS SDK retries 10 times? Returning this each time:

101 Switching Protocols
{"error":"not authorized","seq":1}

Then the 429 error is triggered.

Would this indicate an invalid auth token? Although we have occasionally seen 429 errors when using the dev token, since we've switched on our production token generation it always errors in the way described above.

The token we are using is correctly decoded and verified according to https://jwt.io, we set an expiry of 24 hours from the time a new token is requested.

Our token generation server is written in Ruby and uses version 1.5.6 of the jwt gem, but I've reproduced the same error using tokens generated by the code here: https://github.com/zelloptt/zello-channel-api/tree/master/auth/js

Could something else be causing the "not authorized" error? We are testing against this serverUrl:"wss://zellowork.io/ws/aframe"` and have verified that username, password and channel are all correct.

vocoded commented 6 years ago

Hi Tom - yes, it looks like there's a problem with the token. As a test, can you change the expiration for the initial token to 30 minutes? You can use the returned refresh token to authenticate again within 24 hours of the original request if needed.

I'm not certain this is the issue but it will help us narrow down the potential cause.

agatx commented 6 years ago

No follow up so closing this.

tlstpierre commented 2 weeks ago

I'm having a similar issue, at it seems I have gotten myself banned by mistake (possibly due to testing with a bad key for too long). I tried from a different network connection and everything works fine. I have left everything stopped for several minutes, but I still get the "too many requests" error on the first try.

It seems that I am blocked on at least my entire /64, possibly a larger block. Is there any way to find out if this has happened, or if this will eventually clear without intervention? Knowing the 10 times per minute limit is helpful, but now that I have run past it, how long do I need to wait before I try again?