Questions regarding User Defined (Oauth) credentials

mjabur · November 15, 2023, 11:50pm

Hello everyone, how are you?

Hope you can get me some help for a few questions that we have.

1) Firstly, when using the Used Defined (OAuth) credentials for an Integration, the platform will create a Data Action for Authentication automatically. This Data action runs before the actual Data Actions that we create for this integration to generate the Access Token. Correct?

How does the creation/lifetime of said token actually works?

Does it generate a single token for the Integration that will be used for all data actions created in this integration until the token expires?
Or does it generate multiple tokens that are used randomly between all interactions? If it's more than one, how many? Is there a fixed number or is it based on something else?

I already searched for a few old threads regarding similar questions and I believe I mostly understand how it works, but would still like some clarification with more details if possible.

Taking into consideration the information provided in these threads:

I can understand that a few tokens are created and cached, and they are used for every inbound call, until it fails for a request (after expiring) and then a new token is created and cached.
I just want to confirm all of that and if possible would like the details mentioned above regarding how many token are actually created.

Aside from that, I actually have a second question:

2) There is a limit of 2500 API requests per minute.
Does the Authentication Data Action (created automatically by the integration to generate the access token) also count for the limit per minute?

Let's say, a customer calls and goes through a Flow. At some point a Data Action needs to be executed.
It will execute the Authentication Data Action first to get the Token, and then use the token to execute the actual Data Action that we need.

Does that count as 1 or 2 executions per minute?

The answer might not be all that important depending on how exactly the lifetime of the token works (Question 1), but I would like to know for sure.

Thanks in advance for any help provided and have a great day everyone!!

jacobshaw · November 17, 2023, 4:22pm

Hi @mjabur

As mentioned in the thread you linked, the data action service will internally cache a few access tokens per integration for all the users of the integration. Therefore a data action won't have to make a request to generate a new access token as long as the current one hasn't expired. As far as the exact number, I'm not sure about that.

About the rate limits, our documentation suggests that 2500 data action executions per minute is the limit. The /oauth/token endpoint is not documented as part of the public API, so that should not impinge upon the 2500 requests per minute, though it does have its own rate limit of 10 tokens per minute per user: Auth token creation rate limiting

mjabur · November 17, 2023, 4:52pm

Hi there,

Thank you very much for the details and confirmation on the first question.

But regarding the second one, I'm not sure we are talking about the same thing.

I will try to clarify:

I'm not talking about the endpoint to Authenticating a token for Genesys Cloud (for the OAuth Credentials that we can create on Genesys Cloud).
I'm talking about the Authentication Data Action that is generated automatically when we create a User Defined (OAuth) integration. This is the data action that is automatically executed for each Custom Data Action that we create, in order to create the token when needed (if not expired).
Does your answer apply here? I'm not sure, but I think we are talking about different things.

Thank you for your help!!!

Jerome.Saint-Marc · November 17, 2023, 4:58pm

Hello,

Does the Authentication Data Action (created automatically by the integration to generate the access token) also count for the limit per minute?
No this DA Auth does not count.
Only the API request to request the Data Action to run is taken into account (there is a Platform API endpoint to request to run a Data Action - Script uses it).
So that would count 1 in your description.

What is also important on Data Actions limits is:
"actions.concurrent.executions.max" - "The maximum number of concurrent action executions" - 50
It means that up to 50 Data Actions can be executed/running simultaneously.

Regards,

mjabur · November 17, 2023, 5:57pm

Thank you for the confirmation!

I think it's clear now, and I will be informing that to the customer.

Thanks to both of you for helping, and have a great day!!

Jason_Mathison · December 4, 2023, 8:00pm

Hey mjabur,

Just a couple of follow-up items.

Data Actions have two run time limits to be aware of:
requests.volume.max - The maximum number of requests per minute. This defaults to 2500.
actions.concurrent.executions.max - The maximum number of concurrent action executions. This defaults to 50.
These limits can both be raised via support. All of the limits are here: https://developer.genesys.cloud/organization/organization/limits#data-actions

The exact details for how many Oauth tokens are generated isn't something we officially document or want to be locked into, so we tend to be a bit vague on the details. They are cached for a while, and so for a busy integration the percentage of executions that include generating an OAuth token is very small.

--Jason

mjabur · December 4, 2023, 8:30pm

Hi Jason.

Thank you for the follow-up!

I believe everything is clear now, both for me and for the customer.

Have a great day!!

system · January 4, 2024, 8:31pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.