Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Endpoints >

Is it possible to up the rate limit? - the current setting is too low for automated test tools.

Started by Alain Moran -   in API Endpoints

When running tests through our build server we are seeing the following error ocurring halfway through our tests"

Unable to respond to any of these challenges: {oauth=OAuth Realm="xxx.xxx.xxx.xxx}
21-Feb-2011 14:24:32 net.oauth.OAuthProblemException: rate limit exceeded
21-Feb-2011 14:24:32 oauth_problem_advice: please wait before retrying the xero api
21-Feb-2011 14:24:32 URL: https://api.xero.com/api.xro/2.0/Items

This problem means that our builds never pass the suite of tests, however when they are run individually they run fine.

Is it possible to disable the rate limit, or increase the value for specific organisations?
Best Reply
About Xero's handling of the situation:

To restate: our existing integration scrips - unchanged since 2010 - break now. A change to Xero broke it. In the Forum and via E-Mail Xero-Staff seems to come with a "proof that you need it" attitude and then - always suggests ways we should change our existing codebase to accommodate the reduced service level provided by Xero. Since in my past experience the Xero API seemed not to work very well with large batches I have my doubts that this changes will be robust enough to be used on a large scale.

Basically I coul'd change our current codebase but with a high probability would bump against the API again.

As a paying customer I would have expected that you would have discussed the API Iimits with your developer community before imposing them. This is not the twitter API or Amazon products API where the API provider has little contractual relationship to the user. We are all paying for using your service and - at least in my case - you broke existing API usage. So "The rate limit is designed at a level above that which we saw usage from live applications" really didn't work out.

I understand that you have protect against "DDOS" but a limit of 60 calls per minute would be sufficient for that. I also understand that you have to pay for resource usage and if your current business model does not cater for heavy API users you might want to find ways to make them pay for their usage.

But I have no sympathy for advertising the API and then - afterwards, without proper prior notice - once people use it, change it in a way existing applications break. I'm quite upset by this.

Peter Hacker