Forum Discussion
CreatetiIndicator Rate Limting HTTP 400 Status instead of 429
We're getting back HTTP 400 instead of 429 from the Security API. This is causing the Logic Apps connector to not retry as it's looking for 429. I do see the 429 code contained in the body, but this should be returned at the HTTP status code also.
It wouldn't matter much, except that it seems the bulk submission only works for Azure Sentinel and not Defender. We're trying to add indicators to Defender.
{
"statusCode": 400,
"headers": {
"Transfer-Encoding": "chunked",
"Vary": "Accept-Encoding",
"Strict-Transport-Security": "max-age=31536000",
"request-id": "XXXXXXXXXXX,
"client-request-id": "XXXXXXXXXXXX",
"x-ms-ags-diagnostic": "{\"ServerInfo\":{\"DataCenter\":\"West US 2\",\"Slice\":\"E\",\"Ring\":\"1\",\"ScaleUnit\":\"001\",\"RoleInstance\":\"MW2PEPF0000836D\"}}",
"Timing-Allow-Origin": "*",
"x-ms-apihub-cached-response": "true",
"x-ms-apihub-obo": "false",
"Cache-Control": "no-cache",
"Date": "Thu, 17 Nov 2022 16:23:39 GMT",
"Content-Type": "application/json",
"Content-Length": "560"
},
"body": {
"error": {
"code": "",
"message": "Http request failed with statusCode=429 : {\"error\":{\"code\":\"TooManyRequests\",\"message\":\"API calls quota exceeded! Maximum allowed 50 per 00:01:00 for the key Destination+TenantID+AppID. You can send requests again in 14 seconds.\",\"target\":\"|XXXXXXXXXXXXXXXXXXXX\"}}; ",
"innerError": {
"date": "2022-11-17T16:23:40",
"request-id": "XXXXXXXXXXX",
"client-request-id": "XXXXXXXXX"
}
}
}
}
No RepliesBe the first to reply
