To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Max API request rate to https://api.connect.withsecure.com/ before throttling?

Options
Mike_F
Mike_F W/ Member Posts: 6 Security Scout
edited February 12 in WithSecure Elements Security Center

Hi all

My companies application is needing to fire off many concurrent requests to the Elements API endpoint: https://api.connect.withsecure.com/, but we are currently experiencing denies due to throttling.

The API response is "Too many requests were sent from your IP".

Could you please provide the exact (numeric) rate ceiling, so that we do exceed it?

I'm trying to avoid my application failing unpredictably, and making all requests synchronous is taking far too long (>5 min).

Thank you!

Tagged:

Best Answer

  • SergeH
    SergeH W/ Partner, W/ Staff, W/ Product Leadership, W/ Article Coordinator Posts: 45 W/ Product Leadership
    Solved
    Options

    Hello,
    Currently the throttling is configured as 200 queries/5 min/IP address.
    We are thinking if we could improve the current solution, so I am quite interested to hear how it fits your needs.

    You can also contact me directly through PM if you prefer.

    Serge

Answers

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 509 Moderator
    Options

    Hi @Mike_F Thank you for reaching out to WithSecure support.

    We are checking with our product team and will update you as soon as I hear back.

  • Mike_F
    Mike_F W/ Member Posts: 6 Security Scout
    Options

    Great, thank you Serge!

    Is this limit you quote for all WithSecure endpoints?

    Eg:

    api.radar.f-secure.com/api/
    /api.connect.withsecure.com/


    Thank you for the detailed feedback so far!
    Best
    Michael

  • SergeH
    SergeH W/ Partner, W/ Staff, W/ Product Leadership, W/ Article Coordinator Posts: 45 W/ Product Leadership
    Options

    This throttling limit is only for the incidents endpoints ( /incidents/v1) of Elements API.

  • SergeH
    SergeH W/ Partner, W/ Staff, W/ Product Leadership, W/ Article Coordinator Posts: 45 W/ Product Leadership
    edited August 2023
    Options

    We have just introduced an Elements API Cookbook explaining how to implement polling detections without hitting the throttling problem: https://connect.withsecure.com/getting-started/elements-cookbook

    The trick is simply to first get a list of the incidents that had been modified and then querying new detections only for these.

    PS: This cookbook is a must read for anyone integrating with Elements API. It provide guidance how to implement typical use cases with Python code examples.

  • Mike_F
    Mike_F W/ Member Posts: 6 Security Scout
    Options

    This is immensely helpful, thank you so much for the update! From first skim I can already see that it answers at least two of our use cases immediately.

    Many thanks for your help with all my API questions, Serge!

    P.S

    My organization has recently bought and begun using the Elements Vulnerability Management. Any similar cookbook would also prove helpful for the VM API endpoint - should you have the time to produce one at a later date :)

This discussion has been closed.

Categories