Focus
Focus
Table of Contents

API Throttling

Learn how to set a daily limit on how many API requests Data Security can initiate and how your cloud app vendor’s rate limit impacts asset scanning.
Data Security initiates API calls when it connects to your cloud apps and in the course of scanning your assets. Cloud app vendors (for example, Box) allow for a set number of event updates (API calls) based on the number of API calls per minute or per second within a 24-hr period. This quota is called rate limit (also known as API throttling). The SaaS Security team does not set the rate limit, nor can it adjust this limit. Your cloud app vendors control the rate limit.
API throttling ensures maximum uptime of SaaS apps, but can result in latency. To resolve scan latency, we recommend that you ask your cloud app vendor to increase your rate limit. Data Security promptly requests event updates from cloud app vendors, but API throttling delays event delivery, depending on the amount of data being requested. This latency is most noticeable when updates occur immediately after onboarding and usually accompanies a large volume of assets.
To mitigate the impacts of API throttling, Data Security uses a backlog: assets continue to be scanned and are saved to a backlog. All known assets eventually display in SaaS Security web interface after the Scan service processes your backlog. Timestamps for all events remain accurate—as of the actual event.
Irrespective of API throttling, wait 24 hours after onboarding before you remediate in bulk or, alternatively, configure automatic remediation. Waiting provides more insight into your data, potentially improving your strategic policy decisions.