My application to refresh our database with agent routing and presence is failing on a 401 error that's cryptic to me. Using post_analytics_users_details_query. From my logs I can see that it's successfully paginating through a response, but after a few dozen pages it fails on 401.
Why would a 401 Unauthorized be thrown here? Feels like I may be hitting a rate-limit issue because my credentials are correct and being correctly passed. I've attempted generating a new API token for each pagination, but that appears to cause either 401 or 429 issues.
Here's an ININ 3b49c481-1d38-48bd-9d74-8cc264ae3673 where my request failed at the 28th page. And here's one where it failed at 271 pages 6c34edf2-6489-4f73-b4ef-e2d2ff39394c
Being rate limited will yield a 429, never a 401. For more information, see Rate Limits. The examples you provided are legitimate 401 responses; the auth token provided was found to be invalid. A couple common causes for this are:
The auth token expired. The OAuth client is configured for a token duration anywhere between 5 minutes and 48 hours. When authenticating, the auth response will indicate the number of seconds until the newly issued auth token expires (though I'm not sure that's exposed directly in the Python SDK, but will match the configuration on the OAuth client regardless).
Too many auth tokens were created for the OAuth client. There is a maximum number of tokens that can be created per client. If the same user (or client credentials) is spawning multiple instances of your app concurrently or the app is repeatedly requesting new tokens for some reason, old ones may become invalidated.
A bug in your app is causing the access token to become malformed or unset at some point.
If none of these explanations seem to fit, please open a case with PureCloud Care to investigate what's invalidating the auth tokens; that sort of investigation requires access to sensitive information that is not appropriate for a public forum.
I imagine it's different across APIs and endpoints, but would you say the rate limits are higher for token generation or for requests? I'm trying to decide if it makes more sense to generate unique tokens while paginating a response, or utilizing the same token when paginating.
You can read more about PureCloud Rate Limits on the dev center. The method used to obtain the token does not affect rate limits.
A well-formed application will handle 429 responses intelligently and inspect the retry-after header and wait that amount of time before resuming requests. Generating multiple tokens to get around rate limits could constitute abuse; I'd advise against it.
Additionally, consider refining your query to produce less pages of data. Behind the scenes, analytics queries are less efficient the deeper you go into paging. The easiest way to produce less pages of data for a query is to reduce the interval.
Any tips on parsing a PureCloudPlatformClientV2.rest.ApiException object? It appears to inherit from a urlllib3HTTPHeaderDict. So would logging.error(e['retry-after']) return the info I'm looking for?
Also, re auth token duration.. how can I access the "configuration on the OAuth client" to determine auth token duration?
Ok handling 429 errors should be no problem. Thanks for pointing out the headers and status attributes.
I'm still confused on the 401 Errors. Originally, our auth token for the OAuth client we've been using was set to 86400. Is it possible that, due to the long auth duration, that the token-space (for lack of a better word) is being polluted by too many tokens? Perhaps a shorter auth token duration could fix these issues? How many tokens can be generated within a 24hr period? Can I adjust that as an admin?
We run a periodic job to query both the Users Api and the Analytics Api for users and conversation data. Each of those two jobs creates its own oauth token, but it mysteriously fails in the middle of an API call. From my logging I can see that it's effectively authenticating as it pages through the response, but it'll sometimes fail during paging.
Take a look through the common causes listed above; I believe the max active tokens is currently set at 20. If none of those appear to be the issue, please open a case with PureCloud Care to investigate. They will be able to help troubleshoot and look through server-side logs to determine why you're getting the 401 responses seemingly unexpectedly.