Am I DDOSing AGO For Tokens To WAB?

HasheenDeBerry · ‎07-19-2021

I embed Web AppBuilder applications into another application and I'm having an intermittent issue authenticating. Some of the underlying data needs to be protected so I generate a token for authentication. I had an issue where the credentials could be viewed with browser dev tools (a no-no), so I have a proxy page that, given an ID will fetch the credentials out of a secure data store and send the token request to AGO. This works well, except for an intermittent issue where I get the following JSON from my token request:

{"error":{"code":400,"message":"Unable to generate token.","details":["Too many generate token requests. Please try again later."]}}

When this happens, my apps will not load on the first try, but may load just fine on subsequent tries. We have a lot of these apps, so finding the cause of this issue is paramount. Is there anyone that can comment on how many token requests an AGO/portal organization can receive before sending this error? My google searches have turned up nothing.

Dvirus · ‎07-19-2021

Hi,
Can you please show the full request?
Assume that you refer this endpoint:
arcgis/sharing/rest/generateToken

I don't how many request you did but in portal 10.8 I can confirm that I
can make 300/minute requests without any problem

var data = new FormData();
data.append("username", "X");
data.append("password", "X");
data.append("client", "referer");
data.append("referer", "portalurl");
data.append("expiration", "");
data.append("f", "json");

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});

xhr.open("POST", "https://portal/arcgis/sharing/rest/generateToken");

xhr.send(data);

assume that arcgis is your webadaptor.