0

Rate limiting and revoking access questions.

A couple of questions.

First, what is the generally accepted rate that I can hit the API with requests. Is 1 second between requests for periods of time approaching an hour acceptable?

Secondly, I removed application access to my fantasy data using "Manage Apps and Website Connections" in my Account Info section on Yahoo! and it looks like I'm still able to query my data. Does this make sense? I revoked access yesterday and waited, in case there was a delay, but I'm still able to access via the API. Is this a known issue?

by
11 Replies
  • 1 second between requests for up to an hour for every user of your application is REALLY high. At the moment, I think we're recommending the standard YQL limits of 10,000 reqs per hour, and you'd be at that if, like, 3 people use your application at that rate. I also can't see any need to be *that* up to date. Usually 1-5 minute refreshes would be more standard, potentially with the option for users to manually refresh.

    That second part does seem interesting. I'll look into it.
    0
  • QUOTE (Sean Montgomery @ Sep 16 2010, 04:04 PM) <{POST_SNAPBACK}>
    1 second between requests for up to an hour for every user of your application is REALLY high. At the moment, I think we're recommending the standard YQL limits of 10,000 reqs per hour, and you'd be at that if, like, 3 people use your application at that rate. I also can't see any need to be *that* up to date. Usually 1-5 minute refreshes would be more standard, potentially with the option for users to manually refresh.

    That second part does seem interesting. I'll look into it.



    Thanks for getting back to me Sean. I actually meant a single request per second (slightly less, really, as I'm just sleeping 1 second between request when I'm iterating over known profiles), so it sounds like I'm set. It also sounds like I could speed it up a bit, if there is a 10K/hour limit.

    Please do let me know if you find anything on the second part.
    0
  • QUOTE (Dusty Matthews @ Sep 16 2010, 10:21 PM) <{POST_SNAPBACK}>
    Thanks for getting back to me Sean. I actually meant a single request per second (slightly less, really, as I'm just sleeping 1 second between request when I'm iterating over known profiles), so it sounds like I'm set. It also sounds like I could speed it up a bit, if there is a 10K/hour limit.

    Please do let me know if you find anything on the second part.


    I'm not sure I understand this.

    So you are going to make a YDN developer key for every user? Or you just only need certain data from 1 league to populate data for all of your other members?
    0
  • QUOTE (Weixi @ Sep 16 2010, 11:05 PM) <{POST_SNAPBACK}>
    I'm not sure I understand this.

    So you are going to make a YDN developer key for every user? Or you just only need certain data from 1 league to populate data for all of your other members?


    No, I have one YDN key.

    I mean, hypothetically, I have 1000 users in any combination of teams and leagues and I don't need real time roster information (I cache it), so I'll basically iterate over those 1000 users at a rate of 1/sec fetching updates for their roster. Just a simple fetching of a user's fantasy teams one at a time. Not in parallel. The players might be in many leagues, but I can fetch all of those at once for each user. One user at a time. 1000 users will take just north of 16 minutes. I have a cron job doing this every hour.

    As I get more users I have to reconsider my design (fetching multiple users per request), but this works for now. Also this does not take into account token refreshing.

    Does that make sense? It's really just basically updating the data I've stored every hour.
    0
  • QUOTE (Dusty Matthews @ Sep 17 2010, 11:36 AM) <{POST_SNAPBACK}>
    No, I have one YDN key.

    I mean, hypothetically, I have 1000 users in any combination of teams and leagues and I don't need real time roster information (I cache it), so I'll basically iterate over those 1000 users at a rate of 1/sec fetching updates for their roster. Just a simple fetching of a user's fantasy teams one at a time. Not in parallel. The players might be in many leagues, but I can fetch all of those at once for each user. One user at a time. 1000 users will take just north of 16 minutes. I have a cron job doing this every hour.

    As I get more users I have to reconsider my design (fetching multiple users per request), but this works for now. Also this does not take into account token refreshing.

    Does that make sense? It's really just basically updating the data I've stored every hour.


    Makes sense, understood now.
    0
  • QUOTE (Sean Montgomery @ Sep 16 2010, 04:04 PM) <{POST_SNAPBACK}>
    1 second between requests for up to an hour for every user of your application is REALLY high. At the moment, I think we're recommending the standard YQL limits of 10,000 reqs per hour, and you'd be at that if, like, 3 people use your application at that rate. I also can't see any need to be *that* up to date. Usually 1-5 minute refreshes would be more standard, potentially with the option for users to manually refresh.

    That second part does seem interesting. I'll look into it.



    Hey Sean, were you able to confirm what I'm seeing here?
    0
  • QUOTE (Dusty Matthews @ Sep 24 2010, 10:57 AM) <{POST_SNAPBACK}>
    Hey Sean, were you able to confirm what I'm seeing here?

    Sorry for the late reply, Dusty. So, I can confirm that access doesn't immediately go away when you revoke access to an application. Playing around with it right now, once I have a request token + verifier from a user, I can get a new access token from it even if I've just revoked access to the application, and once I have an access token for a user, I can still use that to query user data even if I've just revoked access to the application. I'll perform this test again in an hour, which is when I think the tokens are supposed to expire. If that closes things down, then I'd think things are working mostly as expected -- if not, then yeah, I'll need to talk to our OAuth people because I clearly wouldn't be understanding something.

    EDIT: Well, that was silly. I tested reusing an hour-old access token and was correctly told that I have invalid credentials, and tested an hour-old request token + verifier (to try to get a new access token) and was told that my token was rejected. But what I really wanted to check was to see whether or not I could refresh the access token, and I forgot to save the session handle. So, need to wait for a bit longer.

    EDIT #2: Just as a note, even if I've revoked access, I'm still able to use an access token that's younger than an hour to get a new access token and make requests with that. But the oauth_authorization_expires_in field is set to a negative value. We'll see what happens when the hour is up and my original access token is invalidated, if I try to pull down a new access token with it.
    0
  • Okay, yup, I'm seeing the same issue. :) I'll follow up with our internal OAuth guys about it.
    0
  • Alright, Dusty, this is fixed up now. :) Thanks very much for the heads up, and I'm sorry that it took so long for me to actually look into it! Let me know if you're still seeing inconsistent behavior with revoking access.
    0
  • Hi,

    Same issue is happening for me also.

    I tried revoke access in yahoo and then tried the query, I am getting response from Yahoo. But when I tried after an hour, I am getting response like "(401) Unauthorized".

    Will the token expires only after an hour even if we tried revoke access?

    Please help me ASAP.

    Regards Anju

    0
  • Hi,

    Same issue is happening for me also.

    I tried revoke access in yahoo and then tried the query, I am getting response from Yahoo. But when I tried after an hour, I am getting response like "(401) Unauthorized".

    Will the token expires only after an hour even if we tried revoke access?

    Please help me ASAP.

    Regards Anju

    0

Recent Posts

in Fantasy Sports API