Question

Does DO have a misconfiguration on Cloudflare?

Posted October 30, 2021 124 views
APIDigitalOcean Droplets

Hi, I am receiving a 429 HTTP error code (TooManyRequests) using DO API, it was strange to me, I don’t use the API up to the point of draining 5000 requests in one hour, but it does not matter, I regenerated an Api Key and ran:
curl https://api.digitalocean.com/v2/account -H ‘Authorization: Bearer <API_TOKEN>’ -D -

On my local PC, It shows the counter has reset as this is a new Token:

ratelimit-limit: 5000
ratelimit-remaining: 4999

Now on my server, it still returns 429, the response comes from Cloudflare…

Is not this a flaw? If you handle rate limit by yourself why are you letting Cloudflare put their flawed anti-abuse system on top of you?
They have caused a DoS on my application now… Your system is not behaving as documented thanks to Cloudflare.

Please give some elaboration on this, and if possible fix this, at this time Cloudflare is taken over your Rate Limit feature and imposing his own which is arbitrary and not following your documentation.

1 comment
  • Taking a look carefully I see Cloudflare returns a header:

    retry-after: 780
    

    Is this intended? This is a major flaw for me, I really need this to work as documented because otherwise, I end up with a broken app … as I am right now, what should I do?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hey @fush,

In our public community, we aim to answer open questions about anything SysAdmin, DigitalOcean and beyond. However, we make every attempt to keep personal information safe and so don’t ever access personal account information here. This means we can’t provide help with any account issues.

Please reach out to our amazing support team who will be more than happy to assist you with your account issue! :)

https://www.digitalocean.com/support/

Make sure to include the response headers, specifically cf-ray and x-request-id if it exists.

Regards,
- Bobby.