DevPortalMessages

Frequently Asked Questions

General Questions
API Keys, Access Tokens and Bearer Codes
Throttling
Consolidated Screening List (CSL)
Errors

General Questions

Do you know when the transition from the old service to the new service will take place? How long do we have until we can no longer use the current service?
- The legacy platform will be shut down on January 30, 2020. The notice describing the transition can be viewed on our legacy platform.
During this change, were any changes made to the APIs themselves?
- The contents and format of the APIs have not been altered. The method for accessing the APIs has changed.
Where can I find the documentation for each of the APIs?
- In the API Console tab, after clicking on the GET /search button, you will find information on the parameters and the model for responses for that API. The Overview tab has a brief summary about the substance and source of the data.
How can I subscribe to emails from Data Services for updates to the platform or APIs?
- You can subscribe by clicking this link: https://public.govdelivery.com/accounts/USITATRADE/subscriber/new?topic_id=USITATRADE_1704

API Keys, Access Tokens and Bearer Codes

With the new system, can I just switch out the api_key parameter with bearer_code?
- No, the new platform requires every HTTP client to send search requests with an access token in the HTTP request header. This is the only supported authentication scheme. It does not support authentication using the URL query string.
  
  If you need to see the results in a web browser, you can use the existing console in our API platform or you will need to use a browser extension, such as the Advanced REST Client. This is not a recommendation for this product, but rather an example of a browser extension that could be used for this function.
  
  For additional help with making HTTP requests using your access token, see How to interact with the APIs using the new authentication type
How can I obtain an access token for production and another one for prototype?
- Currently, only one access token - the most recently generated, non-expired access token - is valid per application. And at this time, each username can generate one application.
What is the difference between API Key and Access Token? Which do I use and how?
- The new API store uses the Bearer authentication scheme (also called token authentication), so instead of API keys, you have an Access Token. Your application will use the Access Token to fetch data from the API. For more information about the Access Token, see the instructions for Invoking an API.
I see in your documentation that the creation of a new key will inactivate any old(er) keys. So, if I create a new key in the new system, will that inactivate my older key from your older system?
- The current system and the new system are completed separate. Any work you do in the new system will not alter anything in the current system. The key you are currently using will continue to work. You will also need to create a new login to access our new system. In the new system we use “access tokens.” If you generate a new access token, your previously generated access token will no longer work. Again, this will not deactivate the API key that you are using from the current system.

Throttling

How does throttling work?
- For each access token, the system will process up to 100 requests per minute for a given API.
- The quota for each access token is reset at the start of every minute.
- Here is a scenario:
  - A user signed up for an account, generated an access token and subscribed to the Consolidated Screening List (CSL).
  - By default, every account is allowed to send up to 100 CSL requests per minute.
  - At 3:10:15 PM, this user starts to send 500 CSL requests per minute.
  - The system will allow the first 100 requests to go through.
    - A successful request will return with HTTP status code 200 along with the JSON response.
  - Since the 100 requests per minute quota was exceeded, subsequent CSL requests from this account before 3:11:00 PM (in this example, request #101-500) will be rejected with HTTP status code 429 along with the following JSON response:
    { "fault": { "code": 900804, "message": "Message throttled out", "description": "You have exceeded your quota", "nextAccessTime": "2020-Jan-08 15:11:00+0000 UTC" } }
  - At 3:11:00 PM, the quota for this account will reset and the system will begin to process CSL requests from that account again.
  - Previously rejected requests may be resubmitted at that time, provided the account is within the throttling threshold.

What is the error code returned when my access token is throttled?

The API returns with HTTP status 429 on requests that have reached the throttle limit. Here is an example of the JSON body in the response:

{
  "fault": {
    "code": 900804,
    "message": "Message throttled out",
    "description": "You have exceeded your quota",
    "nextAccessTime": "2020-Jan-08 16:59:00+0000 UTC"
  }
}

When setting up a new API access token, I noticed it states that 100 requests are allowed per minute per access token. Is that all the information about throttling available?
- Yes. If you have more specific questions, please email DataServices@trade.gov
I have seen the information about the throttling. Are there any other restrictions that I should be aware of?
- See the Terms of Service for more information.
How can we get the ability to run more than 100 requests per minute and what would the prices be?
- We are looking into offering higher limits of throughput. We will send out an email with additional information once we have additional information.

Consolidated Screening List (CSL)

With the new API store, is it possible to download the entire CSL list?
- Yes. For customers wishing to batch process their queries with multiple threads over a shorter period of time, we recommend downloading the full CSL as either a CSV or a TSV and running the queries locally.
I have an API Key for downloading the CSV file. Do I need to get a new API key to continue downloading the CSV file?
- An API key is no longer needed for downloading the CSV or TSV file.

Errors

When subscribing to an API I receive the error “Application is not accessible to the user.”
- This occurs when you have already subscribed to the API and are trying to subscribe again. To verify that you have already subscribed:
  - Go to your Applications page: https://api.trade.gov/apps/store/site/pages/applications.jag
  - Click on “DefaultApplication”
  - Click on the “Subscriptions” tab and you should see your current API subscriptions.