🔥Let’s Do DevOps: Building an API Token Expired Circuit Breaker

Kyler Middleton
2 min readApr 17, 2023

This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I recently had to create 60k auto-link references in Jira (link to the story), and I immediately ran into an issue — a GitHub PAT (Personal Access Token) is given 5,000 “tokens” per hour. A “token” is a budget of the API calls that can be issued to the server which will be honored. More than that will fail.

API budgets are a concept established to help avoid DoS (Denial of Service) attacks where tens or hundreds of thousands of calls are sent to a service in order to destabilize it.

Well, sending 60k requests to GitHub means I’m spending 60k tokens, 12 times the value I get per hour. My local script runs quite a bit faster than that, uh oh. And many of the other requests I’m sending, like opening PRs and issuing comments on them, also consume tokens — so how can I tell when my API token budget is consumed? How can I tell when token budget has been refilled and I can continue?

That’s where a “circuit breaker” comes in. That concept is borrowed from electrical engineering where it means to detect when more current than is safe passes through the circuit breaker, and when that happens…

--

--

Kyler Middleton

DevNetSecOps, DevRel, cloud security chick. I will teach you, it’s unavoidable. She/Her 🏳️‍🌈🏳️‍🌈, INFJ-A, support the EFF!