2

I have a puzzle with Podio PHP API authentication. I can't get something done without the following fatal error. I do this: Podio::authenticate_with_password('aaa', 'bbb');

and I get this: PHP Fatal error: Uncaught PodioRateLimitError: "You have hit the rate limit. Please wait 300 seconds before trying again"

My system works with complex relationships divided in a lot of spaces, that's why I created a "master" account which has the role of administrator in each target spaces.

Each time a webhook is called, I authenticate with the "master" account (it would be a lot of work to authenticate with app because of mutiple relationships in same script).

The same webhook is called multiple times, but in different context.

How can I avoid rate limit busting each time my webhook is called? I tried OAuth 2, but the Podio documentation is not helpful in my case. No attempt worked for me.

Do you have any way to keep in memory/database authentication data to be able to use it for each password authentication from multiple webhook call?

Any help will be very appreciated!

SOLUTION

I found something interesting digging into Podio PHP API class:

This is what I did:

// Set user API key
Podio::setup('user-key', 'wejt9wetwerith34rtfhwetu34hwerud);

// Init refresh_token variable (avoid PHP warning if any refresh_token found in database)
$refresh_token = null;

// Get refresh_token from database if exists
$refresh_token = REFRESH_TOKEN_FROM_DATABASE;

// Authenticate
try{
    // Authenticate with refresh token stored in database
    Podio::authenticate( 'refresh_token', array( 'refresh_token' => $refresh_token ) );
}

// Authentication failed, request new refresh_token
catch ( Exception $ex ) {
    Podio::authenticate_with_password( 'aaa', 'bbb' );
    
    // Get Oauth data including refresh token
    $oauth = Podio::$oauth;
    
    // Authenticate with refresh token
    Podio::authenticate( 'refresh_token', array( 'refresh_token' => $oauth->refresh_token ) );

   // Store $oauth->refresh_token in database for next webhook call...
}

Very important use the same user API key in your script to avoid authentication rate-limit busting, because the refresh_token is linked to user API key used to make the request.

Community
  • 1
  • 1
Mathieu Smith
  • 378
  • 1
  • 13
  • 1
    @hassanmaleki - how does your question (the one you linked to) related to this question? Comments should be for clarifying a question, not promoting another question. – David Makogon May 01 '18 at 12:26

2 Answers2

0

Podio documentation:

  1. For authentication (general): https://developers.podio.com/authentication
  2. For php authentication: http://podio.github.io/podio-php/authentication/
  3. For php session management: http://podio.github.io/podio-php/sessions/
Pavlo - Podio
  • 2,003
  • 2
  • 10
  • 19
  • 1
    He wrote that the documentation wasn't helpful. A snippet or logical context would be a better answer I believe. – Vincent Poirier May 01 '18 at 14:12
  • @VincentPoirier is right. I would like to have a snippet in order to see what I did not understood from the Podio documentation. Is the code above is the real way to avoid authentication rate limite busting? Any further explaination will be highly appreciated. – Mathieu Smith May 01 '18 at 14:49
  • 2
    `Do you have any way to keep in memory/database authentication data to be able to use it for each password authentication from multiple webhook call?` - Yes, this is called session management and all details on how to implement it are here http://podio.github.io/podio-php/sessions/ – Pavlo - Podio May 01 '18 at 15:11
0

The answer is described under SOLUTION section in the original post above.

Mathieu Smith
  • 378
  • 1
  • 13
  • Your solution will work but is still not perfect. There is no need to call `Podio::authenticate( 'refresh_token'` each time. You should save both `access_token` and `refresh_token` and use them to create `PodioOAuth` object. Then if you have lots of calls, there will be 0 auth requests and only once in a while `refresh_token` will be used to get new `access_token` – Pavlo - Podio Nov 08 '18 at 18:43
  • Coud you please give an example of `PodioOAuth` usage in my case? – Mathieu Smith Nov 09 '18 at 20:45