Displaying all 4 messages
Ethan David Whitted
1/20/2024 at 14:52
Anytime I use the Client Side Flow (https://www.geni.com/platform/developer/help/oauth_client_side?version=1) to authorize my Geni app with OAuth2, I can successfully get it to authenticate me but I receive the error

`{"error":{"type":"ApiException","message":"Rate limit exceeded."}}`

According to the [documentation](https://www.geni.com/platform/developer/help/rate_limits?version=1), the rate limits can be checked within the HTTP headers. However, when I check the Response Headers within Google Chrome's Network tab, all I see is:

==Response Headers==
Access-Control-Allow-Credentials: true

Access-Control-Allow-Headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-Requested-With, X-Prototype-Version, X-API-Rate-Limit, X-API-Rate-Remaining, X-API-Rate-Window

Access-Control-Allow-Methods: POST, GET, OPTIONS

-----

So things like X-API-Rate-Window are THERE, but they're they *values* instead of the *keys*, as I would expect them to be. Therefore, I can't figure out a way to extract any useful information from them.

Can someone advise me on how to read what my remaining Rate Limit is, and how I can access metadata information without tripping it? (I'm making a call to https://www.geni.com/api/user/metadata)

Thanks!
Shmuli Sternbach
2/4/2024 at 2:19
Are you authenticated when you make the call? I think unauthenticated calls have a much lower rate limit.
Ethan David Whitted
2/4/2024 at 10:07
I'm authenticated via OAuth2 when I make the call. It's only after authentication that the call responds with the error.

The endpoint I am trying to access is: https://www.geni.com/api/user/metadata?ids="[my_user_id]"
Ethan David Whitted
2/24/2024 at 14:31
I finally resolved this. I learned about preflight requests (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) and how that was the request whose Response Headers I was looking at before.

It turns out Geni *was* passing its custom headers to my main request, I just had a line of code in my own proxy PHP file that was omitting most headers.

```php
foreach ( $header_text as $header ) {
if ( preg_match( '/^(?:Content-Type|Content-Language|Set-Cookie):/i', $header ) ) {
header( $header );
}
}
```
(For reference, I was using this proxy: https://github.com/cowboy/php-simple-proxy/)

When I removed that regex check from the proxy, all of the headers began appearing!
rails-1a-011