Facebook graph limit

0
votes

I have been reading through the Facebook Doc's about limits of requests to their graph api (https://developers.facebook.com/docs/graph-api/advanced/rate-limiting). It states there are 200 calls allowed per user per hour ( e.g If app has 10 users Facebook allows 10x200 = 2000 calls to the api per hour).

Facebook states:

Rate limiting is done on your Facebook AppId. If your app reaches a rate limit, all calls made for that app will be limited not just on a per-user basis.

So I have a concern that one malicious user can use up all 2000 calls in an hour and my app would be down since users can't make calls anymore. Is there a way to stop a user from making so many calls?

1
facebookfacebook-graph-api
For server-side API calls, you can define a whitelist of IPs requests are allowed from. Plus, you can require that the appsecret_proof is mandatory for such calls, see also developers.facebook.com/docs/graph-api/securing-requests - CBroe

1 Answers

1
votes

How would one user who can only do 200 API calls in an hour concern you? Because as you can read in the docs, it is 200 API calls per user. That does not mean that one user can use 2000 calls just because there are 10 users in the App. And i am sure that Facebook will not punish any App just because one single user gets to the limit all the time. That would allow a competitor to just stop your App from working instantly, all the time.