HTTP Code 429: Too Many Requests

[mlsantori]

I'm using monarchmoney in Python in an AWS lambda function. I disabled use of a session file so I didn't have to deal with permanent storage (simple disc-based local storage is ephemeral). I assume this means I'm creating a new session every time I try to log in. The functions were working fine for awhile but then I started getting the error message "HTTP Code 429: Too Many Requests." As I understand, this is Monarch Money managing traffic using their API and I had made too many requests while testing. It's not a transport error, it's a policy decision. That was yesterday and I'm still getting the error today, 24 hours later. I've hit their site many times when using the API on my Mac and never got this error so maybe it's something AWS is doing. Does someone who's familiar with the Monarch API know their policy for this error or possibly have any insights into what's causing this error or how to clear it? I can contact them directly but, because I'm not directly using their API, I thought someone on this group might know.

[hammem]

Thanks for posting, @mlsantori !

For your lambda, if it's feasible, placing the contents of a session file in AWS Secrets Manager may solve the storage issue for you. It may require encoding the file in something like base64 to work properly.

You could also store the session key as a file in your lambda's configuration or zip, but it is less secure than the secrets manager option.

As for the 429 errors, I haven't encountered them directly. The library is constructing Graph QL calls in the same manner as the web application version of Monarch. Reaching out to Monarch support would be the best option, if others here haven't already figured out workarounds or how long Monarch waits before allowing requests through.

[grablair]

I have seen these 429 errors in my testing too (when I made a mistake in session storage, and effectively did what you're doing).

I believe it eventually went away after several days, but my memory of it isn't very fresh.

I would concur with @hammem. Contacting Monarch would be the foolproof play if you're not willing to wait it out.

If you have an open session elsewhere (like a browser), you can extract the session credentials from there as a quick fix to unblock yourself. If you end up using the AWS secrets manager, you could also inject the extracted session creds into the secrets manager, should the API not open back up for you swiftly enough.

Hope this helps!

[mlsantori]

Thanks to @hammem and @grablair for the quick replies. As a test, I uploaded the session file from my Mac and stored it statically in my lambda project. I was able to connect successfully. At some point, I assume the session file will expire and the monarchmoney log-in function will want to save a new session file. Lambda functions have an ephemeral /tmp directory where I can read and write. I'll look at your suggestions for using the AWS Secrets Manager to save the session and my code will copy between the Secrets Manager and the /tmp directory. Thanks again for the help.

[hammem]

The session file should be good for a long time (>1 yr).

Good to know you're up and running again!

[mlsantori]

I have the application working with the session file stored in an AWS secret. I have one last question. If the session expires, does the monarchmoney API automatically create a new session file? If so, how do I know it's done that? Just compare the file contents before and after logging in?

[mlsantori]

I can’t answer that. I grabbed the session file created by a Python app on my Mac.

…

On Jun 24, 2024, at 1:32 PM, trvhk ***@***.***> wrote: I am having the same issue. How do you find the session file from a browser? — Reply to this email directly, view it on GitHub <#110 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AYWZZ2PKD5OMHPYHP42N6ETZJBQ5RAVCNFSM6AAAAABJLETMX2VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TQNRTGY3DC>. You are receiving this because you were mentioned.

[hammem]

The simplest way, if you are already planning on using this library, is the following code in an interactive terminal:

from monarchmoney import MonarchMoney

mm = MonarchMoney()
await mm.interactive_login()
# enter your email and password at the prompt
# if you have MFA enabled, also enter your two-factor code at the prompt
mm.save_session("my_session.file")

Once that's run, you should have a file called my_session.file that you can re-use in the future via:

from monarchmoney import MonarchMoney

mm = MonarchMoney()
mm.load_session("my_session.file")

without the need for any other calls to login() or similar.