InControl 2 provides an OAuth2-based RESTful API service. It allows our users to access their data on InControl programmatically. The API documentation is available HERE.
A rate limit is applied on API requests. Formerly the limit was 20 requests per sec per access token. Effective from February 21, 2019, the limit has changed to 20 requests per sec per organization. When an organization’s request rate exceeded the limit, a 403 response code will be returned.
It must be HTTP Code 429, but not 403.
We will update the response code to 429 in the next release. Thanks for your correction.
Also one more thing - if I send request with wrong parameters, for example - organizationId equals “null”, then I get 401 Unauthorized, it’s also wrong HTTP code.
Could you provide the exact API url requested for getting 401 unauthorized?
I’m from Tallink company, traditionally, we use https://ic.tallink.ee/rest/o/UavLeT with OAuth2 token for authentication, it works, but if you send - https://ic.tallink.ee/rest/o/null with same token, then you will get 401 Unauthorized, it isn’t right HTTP code, because token is right and I’m authorized, there must be 400 Bad Request or even better 404 Not Found, which means that company wasn’t found. I believe - you need to go through HTTP codes in your service properly. Good Luck.
The response code has been corrected in InControl 2.8.1. A 404 error will be returned. As yours is InControl Appliance where the current GA release is just up to 2.7.3, so the problem exists. ICA 2.8.1 shall be released in a few weeks. We will notify you when it is available.