Posted on: 04 12 2024.
Hidden SaaS REST API limits
Integrating APIs from various Software as a Service (SaaS) providers can pose diverse challenges for web developers.
Here are some common API limits and pitfalls:
- Strict rate limitations
- Throttling
- Lack of endpoints for crucial resources
- Unavailable APIs due to insufficient subscription plan
- Timeouts
- Lack of adequate support channels or responsive technical support
- Short-lived API keys
- Non-restorable data due to audit reasons
- Attachment/file size limitation
- Lack of file streaming option
Besides the limitations listed above, there are some less obvious limitations that often surprise developers:
- Masked values returned in response
- Server downtime/errors
- Connection reset
- API returns
201
code but object is not ready, it needs propagation time - Inconsistent naming conventions
- Inability to act on behalf of a user
- Insufficient error handling
- Poor API performance
- Undocumented APIs change
Let’s review some of these challenges.
Rate Limiting
SaaS services are protected with rate limiting measures to ensure the stability of the system, and to provide a fair level of service to all users.
Primarily, these measures are against sudden large bursts of traffic or against sustained high volumes of requests.
Developers often implement different backoff methods, introducing delays before retrying requests to sync with rate limits.
Alternatively, using batch requests is another strategy, allowing for the retrieval of as much information as possible in one call.
Lack of file streaming
Certain SaaS APIs lack built-in support for file streaming, presenting a challenge for developers operating within constraints like limited server memory or when dealing with exceptionally large files.
In the case of Python programming language, a viable solution is to implement custom streaming using the requests_toolbelt
library. It supports streaming for uploads and downloads.
Here are some benefits of streaming files:
- Reduced memory usage.
- Faster start time since client can start processing the response as soon as first chunk is received.
- If transfer is interrupted, the client can resume the download from where it left off, rather than starting from the beginning.
Masked values
An API call is designed to provide valuable information, yet there are cases where certain attribute values are presented in a masked/obfuscated format. This is done for various reasons, including:
- Sensitive information protection
- Compliance requirements
- Reducing information overload
If you need the original, unmasked values, there is a slight possibility of finding a workaround through additional API calls. In such scenarios, it’s recommended to contact the support team for assistance.
Inconsistent naming conventions
Inconsistent naming convention during the creation of API endpoints can lead to numerous development, maintenance, and usage problems.
It is crucial to follow best practices when naming API resources, endpoints, and attributes (e.g., using CamelCase
or snake_case
notation for attributes, using plural nouns for resource names).
Developers may face challenges while integrating SaaS APIs if there are inconsistencies in naming conventions. This can lead to errors in the code, as they might expect a consistent structure.
Common naming problems are:
- Inconsistent casing styles for attribute names (e.g., mixing CamelCase and snake case).
- Special characters in property names (e.g.,
@
). - Dynamic property names (e.g., id of related object as property name).
- Positive and negative verbs in same SaaS (e.g., visible and hidden).
Steps to resolve API limits
Regardless of the API limitations encountered, here are some valuable tips to navigate challenges:
- Gather detailed information about the request being sent and response received, then debug and pinpoint the issue.
- Start troubleshooting by consulting the official API documentation. Certainly, not all endpoints are documented, additional information can sometimes be found on forums, or related websites.
- Ensure that your subscription plan provides sufficient access for the intended API calls.
- If issues persist, reach out to customer support, or engage with the community through forums.
- Regularly check for the latest supported API version. If certain endpoints are missing or malfunctioning, check if the previous API version is still supported.
- Browser inspecting tools can be great for discovering SaaS endpoints that are utilized for different requests. This can unveil undocumented API endpoints, including some that may be private but still operational.
- Take advantage of feature voting systems provided by SaaS platforms. By voting, you can enhance the likelihood of desired API being developed soon or made public if it already exists.