1 post / 0 new
markwj
markwj's picture
HTTP API quotas on api.openvehicles.com

Looking through the server logs, it is clear that (probably unintended) abuse of the HTTP/HTTPS API is a primary cause of overloading issues with the api.openvehicles.com server. Some users are issuing the same HTTP API request every 5 or 10 seconds (each time doing a complete expensive SSL negotiation).

To address this, we are now imposing quota limits on HTTP and HTTPS API calls to api.openvehicles.com:

  1. On the first connection, each source IP is given an initial quota allowance of 12 requests.
  2. Every minute, the quota is topped up with another 3 requests (subject to a maximum quota of 24).
  3. Every HTTP/HTTPS API call reduces the quota by 1.
  4. Should the quota hit zero, a 20 second delayed 429 (too many requests) response will be sent.
  5. If no requests are seen for 5 minutes, the quota is cleared.

This allows reasonable use of the API, while fairly sharing the limited resources of this free service. We are only seeing six users currently rate limited by these new quotas, while the CPU utilisation has gone from 100% of one core (pre-quota) to ~50% now (with quota). This implies that just those six users were consuming almost half the server resources.

Anecdotally, things feel much more snappier now for API v2 users, with server connections completing in under a second.

If you are seeing HTTP 429 (too many requests) responses from the api.openvehicles.com server, then we suggest that you reduce the request rate appropriately to at most 3 per minute.