question

Vincent Cafiero avatar image
Vincent Cafiero asked

Login With Custom ID - Too Many Requests

Im using playfab only to access the matchmaking api and nothing else. I am required to log players in and my choice is login with custom id since i dont want the players to even know whats going on in the backend. When a player joins the lobby where they queue for a match, they are logged into playfab. I was testing with only 6-7 players and i noticed almost everyone was hitting the rate limit it seemed. They had to keep relogging and eventually it would have success after multiple tries.

Is there a lifetime of the returned session ticket/identifier so I can maybe cache it? Also, I'm confused what API this is using since there is no user entity making the call, where is the API rate limit coming from?

limitsAuthentication
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
Neils Shi avatar image
Neils Shi answered

We are not familiar with Roblox, but the API LoginWithCustomID is a client-side API, you should not call it on the server side. In addition, as you mentioned, this API has a very low-rate limits, about 3 times in 10 seconds, this is to prevent DDoS attacks.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Vincent Cafiero avatar image Vincent Cafiero commented ·

Roblox unfortunately doesn’t allow us to use their httpservice to make api calls on the client. I chatted with another Roblox dev who uses playfab and they said they never experienced this with their game. for reference I also use a server script to make api calls to the matchmaking service (using their entity token) Is there any reason you can see why the Roblox server would error on the first and only call to LoginWithCustomID?

0 Likes 0 ·
Neils Shi avatar image Neils Shi Vincent Cafiero commented ·

Since the Client API LoginWithCustomID has IP-based rate limit, so, regardless of whether the first call to this API on your server is successful or not, this client API is not suitable for server-side calls, because there's no guarantee that the rate limit won't be triggered during actual play. We suggest that you may use server API LoginWithServerCustomId instead.

1 Like 1 ·
Neils Shi avatar image
Neils Shi answered

To prevent from being attacked by DDoS and protect all the titles and services, some APIs (such as the LoginWithCustomID API) have IP-based rate limits. Once you send too many API requests (which have the IP-based rate limits) from same IP address and reaches the API rate limit, you will get "limit exceeded" error.

4 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Vincent Cafiero avatar image Vincent Cafiero commented ·

After some more testing solo, I noticed it even errors when it’s the first and only call I make on a fresh server with just me in it.

Something seems wrong here, why would the one and only api call error with rate limit exceeded? I develop on Roblox and I noticed it never really errors in a studio test where it uses my ip address and not a roblox server. It only happens in a roblox live server.

0 Likes 0 ·
Vincent Cafiero avatar image Vincent Cafiero commented ·

I'm developing on Roblox and when i test a fresh server where I am the only one joining, it errors on the first API call LoginWithCustomID saying Client rate limit exceeded. This only seems to happen in a live game where there is an actual server, it does not happen in a studio test where it uses my IP address as far as I can tell.

0 Likes 0 ·
Vincent Cafiero avatar image Vincent Cafiero commented ·

Im developing a game on Roblox and I noticed this happens sometimes on a fresh server with me being the only player. The only API call I made was LoginWithCustomID and it still exceed the rate limit somehow. This doesn't seem to happen in a studio testing environment where it uses my IP address instead of a server.

0 Likes 0 ·
Vincent Cafiero avatar image Vincent Cafiero commented ·

I'm developing on Roblox and calling the api from a server script so I assume it's using the server IP? Are the rate limits that low? because i was able to exceed it by just testing by myself in a fresh server making 1 singular API call which was LoginWithCustomID.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.