SAP Knowledge Base Article - Public

2749091 - Protection Mechanism of Snapshot-based Pagination for OData API servers [B1902 / Q1 2019]

Symptom

  • To protect API servers against  unintended bad requests, we have introduced a protection mechanism to regulate the usage of snapshot-based pagination
  • This is applicable when snapshot pagination is enabled in OData API (paging=snapshot)
  • This feature will be a part of Q1 2019 /B1902 release

Environment

SuccessFactors API Server

Reproducing the Issue

Following are the sample error messages:

Entity level:

{

    "error": {

        "code": "COE_SNAPSHOT_BAD_REQUEST",

        "message": {

            "lang": "en-US",

            "value": "We have temporarily blocked the snapshot pagination request from companyUser <Company ID>|<API_USER> for entity <Entity_Name> until <Time Stamp for block time period> because too many consecutive requests have been attempted without accessing subsequent data. Please retry after you're unblocked and use $skiptoken to fetch the data of subsequent pages, otherwise you will continue getting the first page and be blocked again."

        }

    }

}

 

Company User level:

{

    "error": {

        "code": "COE_SNAPSHOT_BAD_REQUEST",

        "message": {

            "lang": "en-US",

            "value": "We have temporarily blocked the snapshot pagination request from companyUser <Company ID>|<API_USER> for all entities until <Time Stamp for block time period> because too many consecutive requests have been attempted without accessing subsequent data. Please retry after you're unblocked and use $skiptoken to fetch the data of subsequent pages, otherwise you will continue getting the first page and be blocked again."

        }

    }

}

Resolution

This feature is being introduced as part of B1902 SuccessFactors release to ensure efficient resource usage of API servers

To protect servers against intended or unintended bad requests, we have introduced a protection mechanism to regulate the usage of snapshot-based pagination.
A "quota" is imposed on the company user level and the entity level to restrict the number of bad requests that can be made within a given period of time.
Should the limit be reached, the request will be rejected by the server and an error message will be returned in response.
The user will be blocked for 30 minutes before another request can be made.

The following table summarizes how this quota works:

QuotaNumber of consecutive bad requests allowed within 30 minutesBlock time if the limit is reached
Company user level 10 30 minutes
Entity level 5 30 minutes

Feature Explanation:

 This is based on two levels

  • Company User Level (Typically the API user making the calls)
  • Entity Level (Which API is responsible for the bad request)

How the counts are calculated?

  • Multiple bad requests on a single entity also count as one bad request on the company user level.

  • Before the limit is reached, using $skiptoken in the "__next" parameter to request the subsequent pages will reset the count.

  • If a user is blocked on the entity level, they can still access other entities.

  • If a user is blocked on the company user level, they will not be able to access any entities in this company.

Example:

A user has made three bad requests on three different entities a, b, and c, and another two bad requests on entity d, the counts of consecutive bad requests are:

  • Company user level: 4

  • Entity level:
    • Entity a: 1

    • Entity b: 1

    • Entity c: 1

    • Entity d: 2

If the user requests for the second page of entity d at this point, the counts will change to:

  • Company user level: 0

  • Entity level:
    • Entity a: 1

    • Entity b: 1

    • Entity c: 1

    • Entity d: 0

See Also

Snapshot-based Pagination Guide

Keywords

company id blocked , COE_SNAPSHOT_BAD_REQUEST , paging=snapshot , responseCode=400 , KBA , q12019 , coe_snapshot_bad_request , protection mechanism of snapshot , paging=snapshot , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT , Integrations , How To

Product

SAP SuccessFactors HXM Suite all versions