Another API throttling question

For the OAuth daily throttling limit on API requests of 125,000 API calls per day, is the request count measured across all of the account’s activity, or is it measured across just the connection that’s running a series of requests (identified, say, by the originating IP address)?

I’m thinking that the admin site probably uses the same API behind the curtain, and anyone else belonging to the account and using the admin site would be generating API calls and contributing to the daily request count.

Anyone know?

Good afternoon Tom!

It depends on the authentication method:

For OAuth2 (three-leg authorized Access Token calls) our quotas are set at the App level, which allows providers to have for instance an integration application record and a production one without consuming calls from the same pool.

For PATs/SAKs our quotas are set at the Tenant level, with per-second spike throttles are set at the individual key level. These forms of keys are not intended for high-scale usage, and if implementing competing scripts that execute simultaneously you may experience per-minute quota issues.

I hope this helps!

  • Tom Scott
    Keap API Engineer.

Tom, thanks for getting back to me. I’m on OAuth and my work is pure integration, in which I’m soon (in a week or two) going to be importing customer order history information from our own system into Keap, hundreds of thousands of API calls. Enough that I was actually worried about interfering with the team’s production work. So what do I have to do to set up that integration application record?

And thanks again, so much,

Tom Dacon

Application records are managed through the Developer Portal at . Whomever set up your initial client id and client secret should be able to generate a second App record for you.

Thanks, Tom. I’m on it, and I really appreciate your help - the kind of authoritative assistance I was hoping to see.


Hi Tom Scott - I need some clarification around generating a second App record according to what our Developer needs.

My name is Thom and I initially set up Keap Max Classic. At the time, this didn’t require a Developer Key to do, so that URL you mention is new ground for me.

This morning I did generate a Personal Access Token in our Application (qcc712). Will this suffice for Tom’s code to find a Customer’s Email in Keap Ultimate?

Thanks for your help!

Thom Tessandori

I’ve confirmed that we need a separate transaction pool and that our queries/updates will be against the contacts in Keap. Will this be possible with the Personal Access Token in our Application (qcc712)? Or would it make sense to generate a “Sever Access” API Key?

Personal Access Tokens and Service Account Keys are essentially the same, but PATs are authorized as that specific user, while SAKs are authorized as a system-level account. If you are writing an integration that is supposed to limit a user to what they can personally see and have roles to change in the UI then you should use a PAT; if you want to permit full access to all resources of the system then use a SAK.

If, as Tom indicated above, most of your traffic is via OAuth, then that will not conflict with the traffic limits from a PAT/SAK.

Thanks, Tom -

I’m getting good information from you folks. I’ve pretty much figured out how to handle the throttling, and I’ll be doing that large-scale bulk import starting in a day or so.