mojira.dev
WEB-6830

Unexpected API Rate Limit Behavior

Open
6

So I've noticed that the endpoint: https://sessionserver.mojang.com/session/minecraft/profile/ has weird API rate limiting behavior. If requests are sent on an interval basis (at rates of 6, 30, 60 requests per minute), then between seconds 48 through 60 of every minute, the response is a HTTP 429 error (regardless of the number of requests sent from seconds 0-47 of that minute / the request rate). At other request rates such as 20 per minute, there does not seem to be any issues from my testing. 

This behavior makes no sense (from my testing). I've included screenshots of the requests with 429 errors (The ones without errors aren't logged). The first screenshot is at a rate of 6/min, second at 30/min, last one is at 60/min. 
 
The endpoint supposedly has a rate limit of 200 reqs/min according to https://wiki.vg/Mojang_API 

Linked issues

relates to 1

Attachments

image-2024-01-05-14-44-23-610.png image-2024-01-05-14-46-26-386.png image-2024-01-05-14-46-31-754.png

Comments 4

I can confirm this, the same thing is happening for api.mojang.com:

szymon@szymon-Laptop:~$ curl -v https://api.mojang.com/users/profiles/minecraft/tirex
*   Trying 13.107.213.44:443...
* TCP_NODELAY set
*   Trying 2620:1ec:bdf::44:443...
* TCP_NODELAY set
* Immediate connect fail for 2620:1ec:bdf::44: Network is unreachable
*   Trying 2620:1ec:46::44:443...
* TCP_NODELAY set
* Immediate connect fail for 2620:1ec:46::44: Network is unreachable
* Connected to api.mojang.com (13.107.213.44) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=api.mojang.com
*  start date: Nov  2 00:00:00 2023 GMT
*  expire date: May  2 23:59:59 2024 GMT
*  subjectAltName: host "api.mojang.com" matched cert's "api.mojang.com"
*  issuer: C=US; O=DigiCert, Inc.; CN=GeoTrust Global TLS RSA4096 SHA256 2022 CA1
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55bb0751f320)
> GET /users/profiles/minecraft/tirex HTTP/2
> Host: api.mojang.com
> user-agent: curl/7.68.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 429 
< date: Fri, 12 Jan 2024 11:18:32 GMT
< content-type: text/html
< content-length: 1261
< cache-control: no-store
< x-azure-ref: 20240112T111832Z-r01er4yt1t40r4kg0rxrnnhrfc0000000d400000000037bc
< x-cache: PRIVATE_NOSTORE
< 
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'><head>
    <meta content='text/html; charset=utf-8' http-equiv='content-type' />
    <style type='text/css'>
        body {
            font-family: Arial;
            margin-left: 40px;
        }        img {
            border: 0 none;
        }        #content {
            margin-left: auto;
            margin-right: auto
        }        #message h2 {
            font-size: 20px;
            font-weight: normal;
            color: #000000;
            margin: 34px 0px 0px 0px
        }        #message p {
            font-size: 13px;
            color: #000000;
            margin: 7px 0px 0px0px
        }        #errorref {
            font-size: 11px;
            color: #737373;
            margin-top: 41px
        }
    </style>
    <title>Service unavailable</title>
</head><body>
    <div id='content'>
        <div id='message'>
            <h2>The request is blocked.</h2>
        </div>
        <div id='errorref'>
            <span>20240112T111832Z-qha6wpw8h52wz6sr6nac337spn0000000xs00000000066hb            </span>
        </div>
    </div>
</body>
</html>
* Connection #0 to host api.mojang.com left intact

This is a know problem and we are working on a fix for it.

Is there any progress towards this being resolved? It's been nearly a year and it's really annoying getting rate limited when needing to whitelist a bunch of people at once for big events

I have the same issue in a server when players try to join a few of them get disconnected by this

AlphaElite

web

API

Retrieved