I have been reading through the Facebook Doc's about limits of requests to their graph api (https://developers.facebook.com/docs/graph-api/advanced/rate-limiting). It states there are 200 calls allowed per user per hour ( e.g If app has 10 users Facebook allows 10x200 = 2000 calls to the api per hour).
Facebook states:
Rate limiting is done on your Facebook AppId. If your app reaches a
rate limit, all calls made for that app will be limited not just on a
per-user basis.
So I have a concern that one malicious user can use up all 2000 calls in an hour and my app would be down since users can't make calls anymore. Is there a way to stop a user from making so many calls?
How would one user who can only do 200 API calls in an hour concern you? Because as you can read in the docs, it is 200 API calls per user. That does not mean that one user can use 2000 calls just because there are 10 users in the App. And i am sure that Facebook will not punish any App just because one single user gets to the limit all the time. That would allow a competitor to just stop your App from working instantly, all the time.
Related
I have a website that makes a call to Facebook to see how many times certain links have been shared but i'm wondering about the Rate Limit. I'm trying to estimate the rate limit my site has, according to the official documentation the rate limit is calculated like this:
The number of users for your app is calculated as the average number
of daily active users plus today's new logins as an estimated value.
Apps with a larger number of users may have more accurate rate
limiting than apps with a smaller number of users. Apps with a very
small number of users may have rate limit issues.
But what counts as an active user? everyone that makes a call to the API through my site/app? everyone that visits the site/app and is logged in to Facebook?
Active Users are users who are interacting with your APP (what means that they are making some kind of API calls) It doesn't matter if they are logged into FB when they are using an active access token.
I'm working on a project where an app displays events in the near surrounding based on the personal preferences of the user. We plan on getting the events from the Facebook Graph API using this approach. Due to Facebook's API changes it is much more complicated to search for events in a particular city. Therefore it requires much more API calls than before and i'm worried about FB rate limit.
We want to get the information about events by calling the Graph API with our app access token from our server and then store the data temporarily in our own database. So every time a user searches for events in our app, the client gets the information from our database. Moreover the user can (but don't has to) log-in with his Facebook account in order to provide us more information about him. We want to use the user's access token to call the API in order to get the user's likes.
I've read the FB documentation about the rate limits and some posts here on the site. Apparently FB calculates the number of calls based on the active users (200 calls per user every hour). It says that
"These limits apply to calls made using any access token other than a
page access token"
ergo they also apply to the app access token. Additionally in the FB policy it says something about 100M calls per day.
So my questions are:
How does the rate limit work on a per user basis if I am using my App Access Token?
To what token does the "100M" number belong? Is it an overall number for all tokens used by the app?
A similiar question has been posted here some time ago but didn't receive any answers. I hope maybe someone got new information since then. An answer to these questions is crucial to our project, so bear with me if you've read that question before.
Thanks in advance!
Please check this
Facebook Rate Limits
I am trying to develop a software with my friend that can scrape Facebook IDs from certain profiles and then check them using the Facebook graph to classify them according to gender. I would like to know what is the limit for checking because I am getting a message that I have reached the limit. Would it be helpful to use proxies that can rotate and move to another when they reach the limit? Also what do you reckon the proxy timeout should be for good and fast results?
Facebook indeed has a rate limiting on the Graph API. In general, it comes does to about 600 calls per 600 seconds, per Access Token. You should try to make as many calls as possible with User Access tokens, and others with your App Access token.
Is there an official limit (or at least a guaranteed rate) for Graph API calls?
I am getting valid access_tokens for users and use them both on web server and client side scripts. Both calls use FQL queries, which are like below:
SELECT+page_id+FROM+page_fan+WHERE+uid=me()+and+page_id=...&access_token=...
SELECT+post_id+FROM+stream+WHERE+(privacy.value='EVERYONE'+OR+privacy.value='ALL_FRIENDS')+AND+attachment.description='...'+AND+attachment.name='...'+AND+actor_id=me()+AND+source_id=me()+AND+is_hidden=0&access_token=...
I plan to query once every minute for each access_token and some will be made from client IPs, some from web server IP. So what exactly must I care?
And one additional question :) about the "me()" in those queries, if I make the calls from client or server does it differ? e.g. if the client user changes his/her FB login out of my web page, does it refer to new login or the login that the access_token had been generated?
When Facebook had app boxes and profile pages, My Countdown app updated the profile once per hour. At one point it had 400K users, thus was making 9.6 million (400K x 24) calls to Facebook per day.
I'm not sure if there is a limit, but the subscribe feature is suppose eliminate the need to hit their API so often. It sounds like you are trying to check if anything changed. The subscribe API call essentially tells Facebook to let YOU know when something changes.
Really, your issue is going to be network bandwidth and CPU, not Facebook limits.
The me() refers to the user/page ID encoded in the access token. Lint the token at https://developers.facebook.com/tools/debug and see what id it is for.
This question already has answers here:
What's the Facebook's Graph API call limit?
(5 answers)
Closed 4 years ago.
I have researched and I am on the conclusion that Facebook Graph API limits are 600 requests per 600 sec per access token.
And since I am using the new Graph API only, I have never encounter the need of passing an access token manually. I believe one needs to pass on with the old REST API. It should mean that with every different user of my app, I have a different access token and my API limit for the next 600 secs is reset. Can anyone confirm?
What if I am using offline_access permission? I read somewhere that with offline_access permission the access token never changes and hence you can access data any time. True? Then in this case I just have the rate of 600 requests / 600 sec for this access token. Correct?
I am building an app that I believe will go viral, so I am trying not to be blocked out of my API usage. On a visit (it totally works on AJAX), I use 10-15 queries per user, so considering the rate, I am much below the rate at which I can use FB API?
So as a whole, I may have a million users for my app, letting me to do 600 requests / 600 sec for each user's access token, all simultaneously.
Can anyone please comment?
API rate limits are primarily based on the number of users using the application. So as your app's popularity increases the total number of API calls you can make also increases. Under normal usage rate limits should not be an issue. Focus on being efficient on a per-user basis.
Note: offline_access is being deprecated - but it is easy to refresh user tokens:
https://developers.facebook.com/roadmap/offline-access-removal/
Each app is given an allotment of 200 API calls per user in any given 60 minute window.
Quoted from : https://www.stackoverflow.com/a/33103876
Documentation : https://developers.facebook.com/docs/graph-api/advanced/rate-limiting