API error: too many requests

RocketChat version: 0.65.1
Number of instances: 1

I have made a connection between our website and RocketChat. We do have a few hundred members and I often get the following message:

{“success”:false,“error”:“Error, too many requests. Please slow down. You must wait X seconds before trying again. [error-too-many-requests]”,“errorType”:“error-too-many-requests”}

How can I work around this issue? There doesn’t seem to be a setting to remove or see what the limit is set to for the API. Since I’m the only one using it im happy to just have no limit set at all.

When do you get this? Are you actually rapidly performing an action via the api?

I’m not doing any rapidly actions. It seems like this error occurs the most when setting the avatar for user by calling “users.setAvatar”. I’m logging all the calls im doing to the RocketChat API now but I don’t see anything strange going on. Most calls are update user calls or set avatar calls.

The only “rapid calls” I’m making is every 5 minutes I’m doing 3 calls:
users.list?query={“status”:“online”}&count=1: []
users.list?query={“status”:“busy”}&count=1: []
users.list?query={“status”:“away”}&count=1: []

Without any delay in between because I want to calculate the total of users present with any of those 3 statuses.

A bit late on this. But artificial delay to confirm. But i think a permission exists to bypass the rate limit on the api

I don’t think there is actually any such persmission? It would be better if the support team provided a clearer answer here, but my take on this is that all rate limiting appears to be done on underlying methods and functions, with the same limiting applied regardless of whether the call comes from the RC UI or REST.

We have suffered with the exact same issue as the OP, and worked through the code to establish that the API endpoint ‘users.update’ calls


which in turn calls:


each of these maps to the real function via RocketChat.RateLimiter.limitFunction, which have hard-coded limits of 1 (number of requests) and 60000 (per 60 seconds). On this basis I surmise that unless we modify these hard-coded limits, we are stuck with them ?

Inviting @marcos.defendi to thread. Might have an idea

Hey @langezwieper and @andylorenz as @aaron.ogle said, we have permission and settings to disable to at least configure the Rate Limiter, both in the Rest API and the DDP methods. These possibilities were introduced not too long ago (I think after you opened this topic). Anyway, here we have the docs about the Rest API Rate Limiter or you can find it under Administration Panel => Rate Limiter => API Rate Limiter(The docs are with the path outdated :slightly_frowning_face:) and unfortunately we don’t have docs about DDP Rate Limiter(websocket), but you can find it under Administration Panel => Rate Limiter => DDP Rate Limiter.

1 Like