We have a (verified) application integration with Google Calendar API.
For most of our users, it works perfectly fine. However, we have one particular user account that attempts to synchronize our application's calendar with their Google Calendar. The sync fails with the following message sent back to us via our Google libraries:
Could not sync events to Google Calendar:\nError calling POST https://www.googleapis.com/calendar/v3/calendars/REMOVED/events: (403) Rate Limit Exceeded
This corresponds to the documentation on usage limits.
We have already raised the per-user quota in the development console twice, and neither time did Google's developer console indicate our users were approaching anywhere near to the number of requests that would have led to an issue; we have bumped it significantly anyway.
The other suggestion on this page is the following:
If one user is making a lot of requests on behalf of many users of a G Suite domain, consider a Service Account with authority delegation (setting the quotaUser parameter).
Most of users likely do not have a GSuite domain, so this option is off the table.
Are there any other suggestions for how to handle this situation? Is there anything we can look at to resolve this issue for this user? Would using backoff necessarily resolve this situation? We are uncertain if this user's limit is only for their Google Calendar integration with our software, or if it's possible it relates to other Google services the user might utilizing (in which case backoff on our end would not make a difference). How can we determine the best course of action on this issue?
Related
I need an extension to my YouTube API quota allotment to conduct research for my dissertation. I have been trying to get an estimate of the available resources and costs for extensions for an NSF grant but have not been able to get in contact with a human for several weeks despite filing the quota extension form.
Currently, I've been trapped in a loop with the youtube API compliance team where they continuously ask me for the following info.
In order to proceed further, please provide us the following information:
Provide API Client link and demo credentials
Screenshots and/or video recording(s) that clearly demonstrates how your API Client and its users access and use the YouTube API Services.
Documents relating to your implementation, access and use of YouTube API Services.
I have attached the required responses mulitple times and still receive the same message. For the first I have attached my python code for accessing the API (the only usage of the service), the second I have attached the pictures of the terminal window and the data output, for the third I have attached the project summary, description, and data collection plan for the project plus the first paper I published using the limited quota on YouTube.
I've repeatedly asked to be connected with a human to go through their needs but have had no response. The project has received a great deal of interest in the Economics community and I am under a great deal of pressure to continue the work, it is very stressful for a graduate student to bear especially when barred by an automated response. Please help D:
The service tag is 1-0726000027117
Google APIs can have usage limits, both on a per-user and a per-application basis. For example, the GMail API free tier is limited to a billion daily quota units across all users of your application.
This works for well-designed server-side applications, which can centrally ensure they obey these usage limits. However, I’m not sure how this is supposed to work for client-side apps. As Google’s documentation says,
Installed apps are distributed to individual devices, and it is assumed that these apps cannot keep secrets.
These apps are still supposed to use a client_secret and credentials, but these are assumed to not be confidential despite the name. However, just saying they aren’t secret doesn’t prevent abuse; a user of the app can take the credentials file and use it for a different purpose, perhaps one that uses the APIs more. What can an application developer do to prevent people doing this from burning through all the available quota?
Edit for clarification:
The use case that prompted this is a purely desktop app that doesn’t connect to any service except GMail (see https://github.com/mbrt/gmailctl/issues/48). If it weren’t for a global quota for all users of the app, there would be no reason to worry about individual users at all; they don’t connect to any service except GMail itself.
You could write a server app (a Cloud Function would work) which holds the secrets. Clients call your endpoint with some form of identifier and you return an Access Token. If your users have a browser, they can auth each time; if not you would need to request a Refresh Token which you store and use that to generate an AT.
I need to create a scheduler for my own SaaS, and I'm trying to understand whether Google Calendar API is a fit for that. Basically I could have hundreds of thousands of calendars. Each calendar may be a user of my service, but not a Google user. It seems that perhaps I could use resource calendars under my Google Cloud service account. My biggest concern is whether my usage will fall within the Calendar API's service quotas, either automatically or by requesting a quota increase?
Yes service accounts will fall within quota usage limits. There is also a limit about creating more then 25 calendars in a day causing the user to end up in read mode for the rest of the day.
pricing
Google Calendar API Usage Limits
The Google Calendar API has a courtesy limit of 1,000,000 queries per day.
To view or change usage limits for your project, or to request an increase to your quota, do the following:
If you don't already have a billing account for your project, then create one.
Visit the Enabled APIs page of the API library in the API Console, and select an API from the list.
To view and change quota-related settings, select Quotas. To view usage statistics, select Usage.
On the one hand, you could work around the quota issues by sharding your users across multiple Service Accounts. You would probably also want to shard them across multiple App IDs.
On the other hand, don't do it. In my experience, using Google APIs outside their intended use case doesn't end well.
Google started the OAuth developer verification process a few months back which forces the developers having OAuth applications to apply for verifications if they don't want their users to see a warning screen and to have an unlimited number of users using the OAuth flow.
I'm facing a problem due to this verification process when I have to use the projects in a local environment. There is no way I can verify the apps for local environments since the policies and T&Cs cannot be hosted.
Q1. Is there any way to skip the verification process and sandbox the OAuth application?
Q2. What is the exact limit for the accounts? (Since I use 5-10 Gmail accounts, but do multiple signups per day from those accounts and I still hit the limit quite often)
Q1. Is there any way to skip the verification process and sandbox the OAuth application?
If you check the side of the consent screen it answers some of your questions.
you can learn more here
Q2. What is the exact limit for the accounts? (Since I use 5-10 Gmail accounts, but do multiple signups per day from those accounts and I still hit the limit quite often)
If you add these accounts as users on the project in the developer console they should be able to use it while you are testing.
I've been using the Google Cloud Console to manage API keys and settings. Some of the keys will be for commercially released products, so obviously we need to keep track of our API call quota.
Is it possible to set up alerts (email or otherwise) for nearing or exceeding the quota? We would prefer not to wait until a support request comes in, or try to remember to check the console every day.