request too frequency - response code: 9002

[C0sm0cats]

I’m now encountering a persistent "request too frequency - response code: 9002" error when using RoborockApiClient.pass_login() with the python-roborock library. This error persists even after waiting over 16 hours, despite being able to log in successfully with the same credentials via the official Roborock app. Previously, I had no issues with this api.

Observed Behavior

• The error "request too frequency - response code: 9002" is consistently returned by pass_login.
• This has been occurring since 22:00 on April 4, 2025, and persists as of 14:09 on April 5, 2025 (16+ hours later).

Expected Behavior

• After a reasonable delay, the login should succeed and return user_data, as it did before.

Environment

• System: Manjaro Linux
• Python: 3.13
• python-roborock Version: latest
• Last Attempt: April 5, 2025, 14:09:48

Additional Information

• Login no longer works with the same credentials in the official Roborock app, which was functional until recently.
• This issue started recently; I had no problems with the library or login prior to April 4, 2025.

Question

• Can an IP or mail be banned due to frequent calls to the pass_login method of this API? If so, when does this restriction reset, and what is Roborock’s policy regarding rate limits or IP bans for this specific API?

Thanks for your assistance!

[Lash-L]

Hi! You need to be careful in how you use the api. Too many login requests or too many home_data_v2 requests can result in a ip ban. Sometimes it goes away with time, others you need to reach out to Roborock support to get them to unban you. Likely whatever you were doing hit those endpoints too much in a short amount of time and you were automatically banned.

[C0sm0cats]

Indeed, I ran into this error: roborock.exceptions.RoborockException: email send exceed daily limits - response code: 3011. It seems I’ve hit a daily limit for email code requests, so I’ll likely need to wait a few hours—or even days—before I can log in again with my email and password in the app. I might also have to reset my password at this point. In the meantime, I’ve disabled my API requests to avoid making things worse. What a hassle! :)

[C0sm0cats]

Update

It would be really helpful to know the specific call limits for the API (e.g., pass_login and request_code) and Roborock’s policy on rate limiting, IP/email bans, and their reset periods...

[Lash-L]

I have reached out to roborock in the past, but I have never been able to get information about their specific rate limits.

It's recommended that when you login in, you cache the result if you can to avoid logging in every single time

[C0sm0cats]

yes i already enhance my script to cache the session ;) but i got banned before i could try that :)

[C0sm0cats]

I found an alternative by requesting the roborock sensors on HA. I'm not sure if the values refresh as fast as I need, but it works. In any case, it might not be as accurate as the API call, but it lets me wait to be unban in the meantime.

• sensor.roborock_s7_battery
• ssensor.roborock_s7_status

[C0sm0cats]

I just wanted to give you a heads-up about the issue I’m facing. I’ve been battling with Roborock’s support team because I can’t reset my account password, even after waiting more than 24 hours. I’ve followed all the steps—requested the verification code, entered it correctly, gone through the password reset process, and accepted the terms—but it still doesn’t work. The system either does nothing when I click "Access" or tells me "too many requests" when I try again. I suspect my IP might have been banned, which could explain the issue, and I’m really hoping they can do something about it. It’s been a real struggle, and I’m still waiting for a fix from their end.

Seeing the v2.18.0 update (2025-04-06) with "Rate limits for login and home data," I wish it had been added earlier—so I wouldn’t have gotten stupidly blocked like this! :) Nice feat by the way :) I hope I’ll get the chance to test it out properly later on.

[daniela-hase]

Does anyone know what the rate limit for the /user/devices/<duid> endpoint is by chance?