Can someone please help me find the official confirmation regarding what the refresh token generation limit for single project is regardless of how many users authorize access to it? Or if there is any limit at all?
I have gone through the google documentation and also read through answers provided here for similar questions asked earlier but cannot find any answer that pinpoints to the exact documentation that confirms this.
Google Api documentation:
https://developers.google.com/identity/protocols/OAuth2#expiration
Paragraph in context from google documentation:
"There is currently a limit of 25 refresh tokens per user account per client. If the limit is reached, creating a new token automatically invalidates the oldest token without warning. This limit does not apply to service accounts.
There is also a larger limit on the total number of tokens a user account or service account can have across all clients. Most normal users won't exceed this limit but a developer's test account might."
It is clear from the documentation that 25 is the limit for client-user combination. However it is still not clear what the limit for a single project is. (or if there is a limit at all?)
p.s. The project I'm working would ask user to authorize then prompt him to allow offline access.
There is no per project limit.
Related
We got the request from google to submit YouTube API Audit form and we have submitted with all information but it seems our Console project with YouTube Data API still not activated properly because of status display "Active" but the daily quota is blank.
When I am going to update daily quota with any number but it seems set with blank on page refresh and we are not able to make any single request successful.
We are working with this console project and YouTube API for the last 5 years without any issue but in the last few months we are getting so many issues like first, we have verified OAuth screen with requested scopes and it has taken 20-25 days in the verification process and published. Now, facing another issue about limit quota and audit form.
Right now we are getting below error as attached in screenshot while going to authenticate my google account with the permission of Manage YouTube data API.
There is no contact support provided and I have submitted form 3 times but no back reply from support so waiting since 1 month to get work as normal.
Let me know if anyone has idea!
Error:
Error calling GET https://www.googleapis.com/youtube/v3/channels?part=contentDetails&mine=true:
(403) Access Not Configured. YouTube Data API has not been used in project xxxxxxx before or it is disabled. Enable it by visiting
https://console.developers.google.com/apis/api/youtube.googleapis.com/overview?project=xxxxxxx then retry.
If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
Access Not Configured. Quota limit issue
This means that you do not have any quota to use the API. You need to apply for an additional quota within the Google developer console. It took me about three months to get a quota on my project.
This is not the same as going through the verification process all though it is similar. Unfortunately, you must have missed an email you were probably notified a while ago that Google was locking down the quotas and you should apply before losing the quota on your existing project.
There is no support other than going though the form and simply waiting until google choices to grant you some quota or they tell you they wont. This is the price of developing with a free api google gets chose how they want to allow us to access things.
I have implemented search.list kind of like docs points https://developers.google.com/youtube/v3/docs/search/list
But I found out about the quota unit.
So I made an OAuth 2.0 flow, so the user can log in with it's own account and then not dry my own quota, because I mistakenly thought videos.list was a sort of authorized way to get search by keyword https://developers.google.com/youtube/v3/docs/videos/list
So, even tho the user is authorized, all search.list request will be excuted using apiKey and not OAuth credentials??
There is one quota limit for your whole app. So all your users have to share it.
That said, it’s a good idea to have the OAuth2 flow and with it using the users own api key with the search requests because there is also a quota limit that applies to X amount of request in 100 seconds by a given user. This limit is very high but it eases the situation when many users work with your tool in parallel.
We are using webhook to get AD user changes within our system through subscription. For this we have a App registered within Azure AD which has read access to user changes through Graph API .
As webhook subscription expires in 2.5 days we require to renew the subscription through our application. Can anyone help to let me know what will be the minimum privilege App requires on Graph to renew the webhook as we cannot give lot of access to this app .
App having the consent to ‘User.Read.All’ should be sufficient for creating & updating subscriptions on ‘users’ resource type.
https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/subscription_update
Is that not working ?
According to the Microsoft Graph Doc here (Permissions Section): Creating a subscription requires read permission to the resource for which the app will receive notifications - so, if creating requires it, you can bet that renewing it will too. For instance, if the subscription you want to renew monitors a mailbox, the service needs to have Mail.Read permission IN ADDITION TO the Users.Read.All permission which is required to read the user accounts (for which subscription is an attribute).
Also, some other helpful hints from hours of banging my head against the wall:
1) You also need to be aware that there are two types of permission: Delegated and Application. When I first started using the MS Graph, I always got tripped up on this - so you can read up here to make sure you understand it and have applied the appropriate permissions.
2) In addition, make sure that your admin has consented AND if you change any permissions at anytime, your admin has to re-consent in order to have the new permissions take effect - i.e. when you update them to have the Mail.Read or whatever else. Also remember that when you do this, you are going to want to make sure to flush your previous auth token caches to force a refresh so your new token will have the appropriate permissions there as well.
Buffer claims to have millions of users, all scheduling posts. The free plan allows for 10 posts per day.
How does Buffer overcome Twitter API limits?
They're not bypassing the limit, they're doing the queries on your behalf. I don't have an account with them, but most sites where you can login to them using Twitter utilize your credentials to submit the queries allowing them to do many at once.
A good way to test this is going to your profile settings, then click on either Apps or Your Twitter Data you should see their name popup there. For their paid version, they could purchase an increase in limit from Twitter but you'll end up paying for that through their pricing cost.
I'm using the twitter api to get data on many twitter accounts, because of the rate limit and since i can't ask the owners of all those twitter accounts to authenticate, i've to create several applications on my developer account
(note that i'm already queuing and combining requests, i've used all best practices).
My question, what's the maximum number of applications allowed per developer account? i didn't manage to get this answer anywhere on the web nor on the twitter documentation
Mentioned in 24 July 2018 twitter announcement, The limit is 10 apps per dev account.
We’re also limiting the default number of apps you may have registered
by a single developer account to 10. Developers who need to register
more than 10 apps — for instance, to enable client-specific products
which require distinct apps — can request permission using the API
Policy support form. If you already have more than 10 apps registered,
you can continue to use them as long as they comply with our rules but
you won’t be able to register new apps until you either request
permission for additional apps or delete unused ones.
https://blog.twitter.com/developer/en_us/topics/tools/2018/new-developer-requirements-to-protect-our-platform.html
Also, note that you can only create 3 new apps in a 24 hour period.
First of all, you should NOT make more than one Application for one application.
You need to handle data logically. Cache the data you are requesting so you can limit the number of requests to twitter's API.
How to limit requests: https://dev.twitter.com/docs/faq#5823
Here are some docs:
https://dev.twitter.com/docs/rate-limiting/1.1
and https://dev.twitter.com/discussions/8126