Auth Limit is limiting per account and not per user.

  • 21 April 2016
  • 6 replies

I've been noticing with my app that I've been getting quite a few "Request Rate Exceeded" errors while trying to authenticate. In looking into this, I see that the limit is set to 5 Auth Requests per 60 seconds and then it goes on to say "The above rate limits for your application are set per user (RingCentral extension)."

This limitation is perfectly fine with me if that's how it works...but it doesn't. We have a RingCentral account with 20 users in it. Each user has their own extension and direct number. The app attempts to authenticate as each user to get status updates on faxes. It appears that when the app gets to the 6th user it fails as we've already reached the limit by authenticating with the first 5 users in this account. I really need this fixed so that each user has the ability to authenticate without affecting the limits of other users. I've already e-mailed the developer support team but no one ever seems to respond when I send e-mails there.

6 replies

And you're using different RingCentral user credentials during authentication?
The phone number is the same but the extension is different.
When you say "The app attempts to authenticate as each user to get status updates on faxes.", do you mean your application is trying to auto-login for these people and your app has their RingCentral user credentials stored and is trying to authenticate on their behalf? If not, then could you please provide me information on how these twenty-or-so people are authenticating within 60 seconds please?

If yes, there is a better approach to solve this problem. Here are the steps to obtain fax report data for multiple users from a server-side application:

1. Use RingCentral Admin user credentials to authenticate with our API and obtain an access_token (this allows you to fetch data for all users in the account)

POST /restapi/oauth/token
  • Accept: application/json
  • Authorization: Basic <YOUR_BASE64_ENCODED_API_KEYS>
  • Content-Type: application/x-www-form-urlencoded
  • Host: platform[.devtest]
Body: grant_type=password&username=<ADMIN_USERNAME>&password=<ADMIN_PASSWORD>&extension=<ADMIN_EXTENSION || null>

2. Either cache the list of RingCentral extensions/users you know you want to capture this information, or make an API request to fetch the list of extensions in the account which are fax-enabled and enabled user extensions.

GET /restapi/v1.0/account/~/extension?status=Enabled&type=FaxUser
  • Accept: application/json
  • Authorization: Bearer <YOUR_ACCESS_TOKEN>
  • Content-Type: application/json
  • Host: platform[.devtest]
3. For each of the extensions returned from above (and referencing the property in the following request), make an API request to fetch the messages of type fax, and supply your time range by using the fromDate and toDate parameters.

GET /restapi/v1.0/account/~/extension/EXTENSION_ID/message-store?dateFrom=<ISO_8601_FORMATTED_FROM_DATE>&dateTo=<ISO_8601_FORMATTED_TO_DATE>&messageType=Fax
  • Accept: application/json
  • Authorization: Bearer <YOUR_ACCESS_TOKEN>
  • Content-Type: application/json
  • Host: platform[.devtest]
Using the above approach makes it simple to avoid the Rate Limits for auth, and should make your code easier to maintain. You can then inspect each of the Message records for the criteria you need for reporting or just provide the data to your UI and allow the GUI and user to filter.
I've created an app that logs in as each user account and pulls the faxes and then organizes them into the proper location. I tried modifying my application yesterday to login as the master account and then access each by using the extension. We already have all of the extensions cached in our database so that is easy enough. It returned an error stating that it couldn't pull from the extension. Is the EXTENSION_ID different from the extension? If so then how do I get it? I would prefer my app worked that way as it would speed up how long it takes to run.
You are correct, the EXTENSION_ID is different from the extension. Throughout most of the RingCentral API, you will see extensionId used.

If you are pulling the list of extensions (/restapi/v1.0/account/~/extension) using the request I provided above (which filters for enabled FaxUser extensions in your account), you will have the EXTENSION_ID although the API returns the records with the property named "id" instead of "extension_id", the "extension" is the number (maximum of 5 digits in length) and is visible in the data returned in this same request, but it should be apparent when you look at it how to identify them uniquely.

Does this (and my previous response) help answer your question?
For some additional info on referencing extensions, both integers are described in the documentation and present in the API. One is the "extensionId" and the other is the "extensionNumber". The extensionId is the value that is used in the API URL path while the extensionNumber is the one that is used for login and dialing. You can find both of these properties in the API Developer Guide by searching for "extensionId" and "extensionNumber":