[SOLVED] Can't Get API Session Token?

Hi! I’ve been experimenting with the API using node.js and automatically getting the session token through the code. I completely forgot that “Logins are rate-limited for security purposes.” I didn’t cache my tokens and instead used a new token every time I changed something in the code and had to restart node.js.

Now every time I ask for a new session token I get a 400 Bad Request as a response which I assume is telling me that my request is temporarily blocked for security?

How long does the time-limit for security last? Because I’d like to continue experimenting with the API but I can’t because of what I accidentally did.

Thanks in advance!

Hi @gliwidilt
It’s an incremental step-counter, so depending on how many hits you’ve made, it’s a different amount of time:
https://github.com/metabase/throttle
Try setting the following environment variable MB_DISABLE_SESSION_THROTTLE=true
Do NOT set that on a public/production system!

1 Like

Hi, thanks for the reply!

I’m sorry, but I’m pretty new to Metabase besides using it to make Dashboards and Questions. How do you set environment variables?

@gliwidilt It has nothing to do with Metabase. Environment variables exists on all OS - how you set them are different depending on your OS, so do a little search there. How are you running Metabase?

Ah, I see. I’m not the one running the Metabase instance. It’s running on my workplace’s server which I have no access to. Guess I’ll just have to wait until the time runs out.

I’ve made exactly 3 hits that resulted in a 400 Bad Request response. Is there any way to know roughly how much time this takes? Is there like a default time?

@gliwidilt
Okay, you should probably be working on your own local instance instead of the company production system.

Since you’re not posting the actual error response and the headers, then the error is likely coming from another security system and not Metabase.

If I remember correctly, you shouldn’t see throttling until 50 connections.

Noted, will work on a local instance for experimenting now.

Thanks a lot!

Is there some way for me to check how much time is left before I can get a session token again? I’ve printed out the error message but I can’t seem to find the information there.

@gliwidilt You need to contact whoever is running the server to ask them to check the logs.

1 Like