Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

API limitation and definition of a user

Answered
New post

Comments

7 comments

  • dandennhardt

      - You can read more about Rate Limits here: https://developer.box.com/guides/api-calls/permissions-and-errors/rate-limits/

     

    To add some detail... most rate limits apply in the context of a User (although per that page there are some that apply to the enterprise as well, i.e. the sum of all requests by all users in that enterprise). 


    In your case, when you create the JWT application there is a user created by default, so when you generate a token it is for that user. If you generate multiple tokens for the default JWT USER, they all still operate in that user context and therefore you are subject to the same per-user rate limits, even if you have multiple tokens.

     

    Note that it is possible to generate access tokens on behalf of other users. When using these tokens, the user context is that of the user for which the token was generated. That means if you generate two tokens, one for user A and one for user B - the combined rate 8 uploads/second (4 uploads / second * 2 users). Also please note that the rate limits are often referred to on the forums as per-second, but are generally implemented per-minute as described in the documentation. You should think of the rate limit as the maximum steady-state rate at which you can perform an action over time. In any given small unit of time (a few seconds, for example) there may be some variation. As such, it is better to think about the rate in minutes that in seconds most of the time.

    0
    Comment actions Permalink
  • j2geu1

     

     

    Really thank you for the clarification.

    There is a last point about user wich is not clear.

     
     
    You say : "when you create the JWT application there is a user created by default" AND "That means if you generate two tokens, one for user A and one for user B - the combined rate 8 uploads/second"
     
    So I I understand you, If I create 2 application with JWT token, I have 2  DIFFERENT default user. So 8upload per second.
     
    Right ? If it is the case, it will solve my problem.
    0
    Comment actions Permalink
  • j2geu1

     

    Really thank you for the clarification.

    There is a last point about user wich is not clear.


    You say : "when you create the JWT application there is a user created by default" AND "That means if you generate two tokens, one for user A and one for user B - the combined rate 8 uploads/second"

    So I I understand you, If I create 2 application with JWT token, I have 2 DIFFERENT default user. So 8upload per second.

    Right ? If it is the case, it will solve my problem.

    0
    Comment actions Permalink
  • cbetta

     that is correct, but we recommend you don't create 2 JWT accounts. Instead, you can create an App User which will belong to your JWT app.

     

    https://developer.box.com/reference/post-users/#param-is_platform_access_only

    0
    Comment actions Permalink
  • j2geu1

    Thank you .

    "but we recommend you don't create 2 JWT accounts"

    Just to know why ? Is it a security concern or there is another reason ?

    0
    Comment actions Permalink
  • cbetta

    No security concern. It's more about it not being very practical. You would have to get 2 JWT apps approved by your admin, and you would need to get 2 JWT private keys and config files. All of this is more work than using 1 (or many) App User(s).

    0
    Comment actions Permalink
  • j2geu1

    Thank you everybody for clarification. I accept the solution.

    0
    Comment actions Permalink

Please sign in to leave a comment.