Ability to use multiple API keys

[shravan2x]

The user information endpoint seems to have been rate limited recently, but it returns a 403 Forbidden, not 429 Too Many Requests. Could the option to cycle multiple API keys be added?

I can submit a PR if it'll fast track the process.

[kevinchalet]

I presume your remark is about the Steam provider, right?

Here's what their ToS say:

You are limited to one hundred thousand (100,000) calls to the Steam Web API per day. Valve may approve higher daily call limits if you adhere to these API Terms of Use.

100,000 is a lot, and you can contact them to raise this limit. Not sure adding support for multiple API keys would help, as your server IP may get eventually banned for sending so many requests.

[shravan2x]

Yeah, I'm talking about the Steam provider.

In my case, I was well below the 100,000 calls limit. I was considering the possibility that there was some other unknown rate limit for the user endpoint alone.

[shravan2x]

I can confirm that there are other unadvertised rate limits well below the 100,000 limit. Please consider including this feature in the library.

[shravan2x]

@PinpointTownes Do you have an update on this? This library currently throws exceptions when I'm far below the rate limit and it's causing havoc on my program.

[2018/08/21 01:16:28.488 AspNet.Security.OpenId.Steam.SteamAuthenticationHandler] WARN: The userinfo request failed because an invalid response was received: the identity provider returned returned a TooManyRequests response with the following payload: Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-eresult, X-error_message
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 21 Aug 2018 01:16:28 GMT
Connection: keep-alive
 <html>
<head>
<title>429 Too Many Requests</title>
</head>
<body>
<h1>Too Many Requests</h1>
</body>
</html>.

[kevinchalet]

Did you hear back from Steam? If you hit this error without reaching the limits, that's a bug on their end.

Also, do you know if other Steam libraries (e.g for Node or Python) have a similar feature?

[shravan2x]

Did you hear back from Steam? If you hit this error without reaching the limits, that's a bug on their end.

I didn't write to Steam. This isn't an issue on their end (or at least, this is very normal behavior for all Steam endpoints). I've been working with Steam since 2011 and secret rate limits are an everyday occurence across all endpoints mobile/public/developer. They also change these fairly often.

I don't use openID libs from other languages much, but most of the others have at least some kind of error handling + retry mechanism for when fetching user info fails.

[martincostello]

Closing due to inactivity.