Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

403 Request rate higher than configured

Tags:

google-admin-sdk

google-groups-api

When I'm adding members to Google Groups I'm receiving a 403 Request rate higher than configured error. This is happening for all applications, including the API Explorer on the Google developer website.

Even if I make only a single request in 12+ hours I still receive the error. I've confirmed the Admin API has plenty of quota remaining on the project.

It is happening only for a single Apps for Education domain.

Request:

POST https://www.googleapis.com/admin/directory/v1/groups/[redacted]%40ryan.catholic.edu.au/members?key={YOUR_API_KEY}
{
 "email": "<redacted>",
 "role": "MEMBER"
}

Response:

{
 "error": {
  "errors": [
   {
    "domain": "usageLimits",
    "reason": "quotaExceeded",
    "message": "Request rate higher than configured."
   }
  ],
  "code": 403,
  "message": "Request rate higher than configured."
 }
}
like image 946
Peter Godwin Avatar asked Jul 23 '15 00:07

Peter Godwin

1 Answers

We have a partial resolution to this.

Issue Summary:

  • API returns '403 Request rate higher than configured' on certain requests, even after no requests are made for a long period of time (12+hrs) to a single domain.
  • Attempting to use a different Client ID or and user return the same error code. It also impacts the API Explorer.

Cause:

  • Certain operations can trigger a "black-listing" of a domain (not an application) for abuse. There may be undocumented limits on specific operations within a time period.

Resolution:

  • Support receive a notification of this blacklisting and can remove the flag.

In our case we were likely adding too many members to too many groups in a 24 hour period and triggered an undocumented limit (support couldn't tell me what the limit was). We're still waiting for the black-listing to be removed from our domain.

This problem does raise additional questions however:

  • The API limit documentation https://developers.google.com/admin-sdk/directory/v1/limits does not appear to be complete. There appears to be additional limits that can trigger a "domain" black-list. What are these limits?
  • Why does a Google Apps Domain become black-listed rather than the application making the requests?
  • Why aren't the Domain Administrator's notified of a black-listing of their domain?
like image 141
Peter Godwin Avatar answered Oct 16 '22 05:10

Peter Godwin
Sign in to Comment

Related questions

Google Admin SDK 403 Not Authorized to Access this Resource/API
This document does not exist, it will not appear in queries or snapshots? Cloud Firestore
How to create a user with the Admin Directory api using the google-api-ruby-client?
How can an Admin access the Google Drive contents of all the users in a particular domain?
Google Admin SDK: You are not authorized to access this API
Insufficient Permission: Request had insufficient authentication scopes in google directory API when logging through admin
How do I check if a user has 2-factor authentication enabled via Google Admin SDK APIs

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!