Errors caused by API limitations

Owned by Jonathan Muse
Last updated: Feb 01, 2024
5 min read

When trying very large CLI commands such as copy boards with thousands of items or performing imports from a CSV file with a large number of rows, it is possible to occasionally run into errors caused by application limits set by monday.com.

This can sometimes be confusing because CLI commands can be deceptive. As the user, you may only enter a single command but the CLI application may require multiple calls to the monday.com API in order to execute the command. As well, a single CLI command can be used to loop through lists of items and performing an action for each items, trigger hundreds or even thousands of commands. Additionally, there may be automation in place that can be triggered by each action that trigger additional actions. This creates a scenario where you can run automation that exceed the limits without realizing it.

Adding limits to cloud hosted applications is a standard practice that is not only beneficial for the application but also provides benefits to the users such as increased security protection. limits enable APIs to handle traffic in a secure, performant manner while providing fair access for all users. The monday.com platform uses a combination of two methods to limit requests:

Complexity limits

GraphQL is a query language used by the monday.com API that allows clients to request exactly the data they need from an API. This provides flexibility compared to REST APIs that have predefined endpoints. However, this flexibility comes at a cost - GraphQL APIs need to account for query complexity.

Every GraphQL query has an associated complexity cost. This is based on factors like the number of fields being requested, nested queries, pagination, etc. More complex queries require more processing and database load on the server. Without controlling query complexity, a few expensive queries could overwhelm the API. That's why GraphQL servers set complexity limits per query.

Rate limits

Rate limiting is an important mechanism for controlling the rate of requests to an API. It puts a cap on how many requests a client can make within a given period of time defined in requests per second or requests per minute.

Reason behind using limits

There are a few key reasons why complexity and rate limiting are important for APIs:

  • Prevents abuse and denial of service attacks: Without rate limiting, malicious actors could send an unlimited number of requests to an API and overload it. Rate limiting prevents this kind of abuse.

  • Ensures fair usage: Rate limiting ensures that no single client can monopolize an API's resources. It guarantees a reasonable level of service to all clients.

  • Avoids overloading: APIs and the infrastructure they run on have inherent limits on traffic they can handle. Too many requests at once can overload servers and cause performance issues or downtime. Rate limiting smooths out traffic to avoid exceeding those limits.

  • Facilitates caching: Many APIs cache requested data to improve performance. A high random request rate defeats caching mechanisms. Rate limiting creates steady and predictable traffic patterns that work better with caches.

  • Allows for capacity planning: Rate limits enable the API provider to plan capacity and scale to accommodate a known maximum request volume. Uncapped volume makes resource planning much more difficult.

API complexity/rate limits

The monday.com API has a rate/complexity limit of:

Usage

Limit (as of Feb 2024)

Single query limit

5,000,000 (5M) complexity point limit for a single query.

Using app tokens to access the API

Read and writes are limited to 5M complexity points per minute each.

Using API playground to access the API

Reads and writes are limited to 5M complexity points per minute each or 1M for trial/free accounts.

Using personal API tokens to access the API

Reads and writes have a combined budget of 10M points per minute or 1M for trial and free accounts.

Duplicate a group mutation

Additional rate limit of 40 mutations per minute. You will receive a response with a 429 status code and a "Call limit exceeded for DuplicateGroup" error message if you exceed the limit.

Create a board mutation

Additional rate limit of 40 mutations per minute. You will receive a response with a 429 status code and a "Call limit exceeded for CreateBoard" error message if you exceed the limit.

Duplicate a board mutation

Additional rate limit of 40 mutations per minute. You will receive a response with a 429 status code and a "Call limit exceeded for DuplicateBoard" error message if you exceed the limit.

Return items from an account query

100-item limit when querying items at the root.

Rate limits sourced from: https://developer.monday.com/api-reference/docs/rate-limits

Please note that rate limits may vary depending on the account/subscription type.

Strategies to avoiding rate limit problems

As discussed above, limits are an important component to any web service API. Limits have been around for a very long time and strategies have been developed to help overcome them.

Balancing act

We tried to structure queries thoughtfully to get you the data you need while respecting the server's limits. We use methods such as pagination to keep complexity low as to not exceed thresholds. However, this often results in multiple queries/calls to be required to accomplish a given task. This actually increases the overall number of calls made per minutes which can negatively impact the overall rate limit. It is a balancing act to find the proper combination of query complexity with the number or calls required to stay below the given limits.

Strategies

While we do our best to achieve the perfect balance the responsibility of keeping application usage under the limits defined by monday.com is not ours alone. It is also important that as the user you understand that limits exist and to try and keep the number of API calls created below those limits.

  1. Be specific as possible in searches (queries) to reduce the number of results. While running actions such as getBoardList, which allows you to search for boards with specific names, make sure you use parameters such as the workspace name/id so that only the results you need are returned. There may be many boards across all the workspaces that have a similar name as the one you are searching for and adding the workspace will help narrow your search and keep complexity down.

  2. Break large commands down into multiple, smaller commands. If at all possible, try to create multiple, small commands instead of single, large commands. For example, if using an action such as runFromBoardList, the regex parameter could be used to only retrieve the boards that start with a letter from the first half of the alphabet. See examples of this below:

    --action getBoardList --workspace @default --regex ^[A-M].* --action getBoardList --workspace @default --regex ^[M-Z].*

  3. Know exactly where the complexity lies. There are CLI commands that allow you to search the monday.com audit logs. You can use these commands to find messages in the logs that explitcity refer to complexity. It may be possible to find specific actions that are exceeding complexity limits and optimize them to say below limits. For example, here is such a call to the logs:

    --action getAuditLogList --regex ".*complexity.*" --user "@self" --limit 10

  4. Ask monday.com to increase your accounts limits. If you are consistently running into problems with exceeding limits. While there is no guarantee they will approve it, it may be possible to get monday.com to increase the limits for your account.

 

 

Log a request with our support team.

Confluence®, Jira®, Atlassian Bamboo®, Bitbucket®, Fisheye®, and Atlassian Crucible® are registered trademarks of Atlassian®
Copyright © 2005 - 2024 Appfire | All rights reserved. Appfire™, the 'Apps for makers™' slogan and Bob Swift Atlassian Apps™ are all trademarks of Appfire Technologies, LLC.