0

I'm starting to use Microsoft Graph threat assessment API to report Phishing Website URL.
(Ref: https://learn.microsoft.com/en-us/graph/api/informationprotection-post-threatassessmentrequests?view=graph-rest-1.0&tabs=http)

My use-case is automatic reporting and manual reporting via Slack Command. But throttling is very strict, so I get "429" response immediately.

    "code": "ActivityLimitReached",
    "message": "The client application has been throttled for reaching an activity limit. The request may be repeated after a delay, the length of which may be specified in a 'Retry-After' header.",

Does anyone know a workaround for the throttling? As far as I confirmed, throttling is 1 request per 15 minutes (Limit per resource) by default.
(150 requests per 15 minutes (Limit per tenant) though)

Ref: https://learn.microsoft.com/en-us/graph/throttling#information-protection

rung
  • 1

2 Answers2

0

I would try the following best practice to avoid/handle the throttling.

When you implement error handling, use the HTTP error code 429 to detect throttling. The failed response includes the Retry-After response header. Backing off requests using the Retry-After delay is the fastest way to recover from throttling because Microsoft Graph continues to log resource usage while a client is being throttled.

  1. Wait the number of seconds specified in the Retry-After header.
  2. Retry the request.
  3. If the request fails again with a 429 error code, you are still being throttled. Continue to use the recommended Retry-After delay and retry the request until it succeeds.

The guidelines for throttling is already provided by Microsoft Graph team and it's straightforward. Please go through this doc, look out for best practices to avoid throttling, to handle throttling etc and think about throttling/batching to see if it suits your scenario (so you can optimize the calls).

If retry-after header doesnt exists then it would be tough - thats the way to handle throttling, unless if any alternate way exists provided. If you still believe Microsoft to implement this feature, consider creating a new user voice.

Update: @rung created a new uservoice on this.

Dev
  • 2,428
  • 2
  • 14
  • 15
  • Thanks, unfortunately, you can't get Retry-After header from threat assessment API's 429 error, and the throttling itself is too strict about reporting phishing immediately. So I would like to know a workaround. (if there is no workaround in the api, I might make enough user in the same tenant to report phishing only.) – rung Nov 15 '20 at 05:37
  • If retry-after header doesnt exists then it would be tough - thats the way to handle throttling, unless if any alternate way exists provided. If you still believe Microsoft to implement this feature, consider creating a new user voice at - https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests?category_id=359617 – Dev Nov 17 '20 at 08:56
  • Thank you so much. make sense, I'll ask it for now. – rung Nov 17 '20 at 13:02
  • Cool. I updated the above answer as well. Once you can create user voice, feel free to share it here. So it can be useful to others as well. – Dev Nov 18 '20 at 15:42
  • Thank you for your navigation. I added user voice https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/41991061-increase-throttling-of-threat-assessment-api – rung Nov 19 '20 at 01:20
  • Cool. Thanks for sharing..!! – Dev Nov 19 '20 at 06:43
0

I am working on the similar use case. I am planning to submit the Msg Id/URL/file to Microsoft for phishing assessment using API . I am stuck with an error that shows " "code": "Unauthorized",

"message": "Required authentication information is either missing or not valid for the resource.",

"

I would highly appreciate your help!

vivar
  • 1