Occasional burst of HTTP 403 Errors when querying the GraphQL endpoint w/ app token

I’m working on a GitHub app that makes a fair number of calls to the GraphQL endpoint, and occasionally I’ll see the endpoint return HTTP 403 Forbidden, usually for several seconds at a time, occasionally for 20-30 seconds. There is no more detailed message returned.

Are there any common causes for this that are not documented? I’m not hitting my rate limit, and this is separate from the 5xx errors that one might get if the server takes too long to query GitHub’s own backend and times out.

My assumption is that this is some sort of undocumented restriction when querying the API too frequently in too short of a period of time. Is there any information regarding this anywhere?

:wave: @jamesdh: It sounds like you’re not hitting the primary rate limit, but the secondary rate limit (also known as the anti-abuse rate limit).

The GraphQL API has anti-abuse rate limits just like its older sibling, the REST API (more on the REST API’s abuse rate limits here). Our guide covering best practices for integrators includes a section for how to deal with and avoid these abuse rate limits. While we don’t have a more specific guide for the GraphQL API, our team is tracking an internal issue around adding documentation for these “secondary” limits.

We don’t give an exact number or a specific range for how many requests can (or should) be made to avoid the abuse-rate limits as these limits are subject to change at any time. If you’re making concurrent calls to the GitHub API, I suggest making fewer concurrent calls and either reduce or space them out if you’re still hitting the limit.

I’m wondering if that helps and if you have any more questions?

1 Like

Thank you for the clarification @francisfuzz. That’s what I suspected, but still very helpful to have confirmation!

1 Like