API limits

Limitations of how the Acoustic Campaign APIs can be used

Acoustic Campaign has a robust API that handles the automation of most actions available through the Acoustic Campaign UI, such as adding new contacts or sending email campaigns. However, we place limits on the way our customers use our APIs to ensure that we provide the highest level of service and performance to all of our customers.

Concurrent requests and active sessions: what to expect

By default, up to 10 concurrent requests are allowed to our API servers at any given time when using the OAuth method for authentication. OAuth access tokens allow calls to re-use existing tokens if they are still valid (within the 4-hour expiration window) so that a new token does not have to be generated with every call if an existing one is still valid.

If necessary, we recommend that you obtain a new access token every 3 hours to avoid the likelihood of losing access to the API.

Concurrent requests are not equal to access tokens. An example of concurrent requests would be hitting Acoustic’s servers with 99 RawRecipient calls at the same time, and we won’t allow it. Once you get a response back from our servers, that single concurrent request is over, and you’re back to being allowed 10. We will reject any request that needs to make use of an >= 11th request thread; we do not ‘hold’ the request and retry when a thread becomes available. This concurrency limit is per organization, not user, list, API request type, etc.

For mobile app use cases involving our APIs, please note that you should never attempt to deploy API support in a mobile app that will be distributed to uncontrolled end-user devices. If you do this, you will be potentially exposing your API credentials to hackers, you will have no control over concurrency, you will lose access to API logs for troubleshooting purposes, and API access will potentially fail often in your app due to concurrency limits. The appropriate pattern to employ in this type of instance is to have your app communicate with your service and your service to handle any Acoustic API access in a controlled manner.

Note: The maximum API Concurrent Authenticated Requests feature setting is set to 10 for Organizations and there is a per organization limit.

API users of the legacy authentication (see more in the section on “Legacy Authentication Method”) must maintain no more than 20 active login sessions per Org at any time. To optimize the use of active sessions, make sure that your application uses the Logout API to release an active session when you are finished interacting with the API. This prevents lingering sessions that are no longer in use from blocking the creation of new active sessions. Inactive sessions that are not terminated properly with the Logout API can remain active for several minutes. All users of the Acoustic Campaign XML API are strongly encouraged to use OAuth 2.0 authentication. This token-based authentication model is much more flexible by allowing for the reuse of access tokens and eliminating the need to generate a high number of unique and active sessions.