I have a custom software that use CMS API to schedule content. My initial implementation used an on-premise deployed version of Xibo. We switched to Xibo in the Cloud over a year ago and recently started to notice API requests were being rate limited.
The CMS API will return the follow message:
429 Too Many Requests
Your request was rate limited. Please slow your requests down!
What is the rate limit I should slow down to? Please point me to some documentation
How does rate limit work once trigger? Is there a waiting period?
Is there a way to reproduce rate limit behavior with regular version of Xibo CMS? I run my sandbox locally and it would help to be able to reproduce.
We don’t publish a specific rate limit as the rule set is actually fairly complex and does change periodically in response to the requests we see in the wild. It’s in the ballpark of 40 requests in a sliding 10 second window for most routes, which is a fair number of requests to be making in that kind of timeframe - especially if you consider how quickly a user would be able to make those same requests.
By far the most common thing to be rate limited is getting an authorisation token. Those are intended to be issued and then reused for the period of time specified in the response (I believe it’s an hour by default), however often people just get a new token for every request.
So first I would suggest seeing what routes it is that you’re hitting rate limits on.
If it’s not authorisation, then all your code needs to do is wait a short time and retry. Assuming you aren’t trying to make thousands of requests per second, then normally just a few seconds pause is sufficient, and then continue on from the request that was declined.
The CMS itself doesn’t have any rate limiting capability. You would need to implement that yourself in a reverse proxy or similar to have that functionality locally.
As you’re hosting in the Cloud, if you want to discuss further then please open a service desk ticket and we’ll be happy to assist.