So I’m representing IDT. We are looking to move to a professional plan shortly as our application is getting ready to start scaling.
However we hit the Quota limit on ‘Authenticated Calls’ according to our plan details. It’s a bit unclear what is considered and Authenticated call.
The reason we ask this is because if our developer is hitting this page 1000 times a month simply during development - we will burn through our quota very quickly. I am not writing this code, but I am advising the developer.
Can we say cache tokens at the server level and reduce the count a bit? Or is a call any time a m2m communication occurs? The answer to this question will inform how we develop, so it’s important we can get a clear answer on when something uses a token or when something does not.
Any time a client secret is included in a call it is considered Authenticated.
Some sort of caching mechanism on the developers end could help mitigate this. The idea would be for the OAuth2 client to check for a M2M token before calling the /token endpoint to obtain a new one.
Authentication API Endpoint Rate Limits for reference:
Hopefully this helps to clear things up a bit, but let us know if you have any follow up questions!
Thanks and yes, my boss also found this a few hours after I asked the question, so I think that clears up it up a bit. I think we got a path going forward.
