Overview

Throttling mechanisms are commonly used by cloud service providers to prevent API overloads. In the context of data protection, throttling can lead to task interruptions or significantly extended execution times. Xopero ONE minimizes this risk through an advanced system of credential rotation and dynamic exchange.

Throttling prevention mechanism

Xopero ONE implements a credential management system that optimizes API limit usage by distributing requests across multiple accounts or access tokens. This process occurs automatically on two levels.

Credential rotation

Every task (backup or restore) launched in the system is assigned credentials from an available pool. The system applies a rotation principle, meaning that subsequent tasks use different authentication data (e.g., task A uses credential a, task B uses credential b, and so on). This ensures that API limits are used evenly, significantly reducing the likelihood of being blocked.

Dynamic credential exchange

If throttling occurs during an active task, the Xopero ONE Management Service (XMS) takes the following steps:

• Available additional credentials — if other credentials are available in the pool, XMS sends new credentials to the agent. The task continues without interrupting the operation.

• No additional credentials available — if the credential pool is exhausted, XMS informs the agent that no more credentials are available. The task is then suspended and marked as Throttled, waiting for the limits to reset.

Important recovery requirements

For the credential exchange mechanism to function correctly during operations, specific permission requirements must be met:

• Location access — additional credentials must have write permissions for the target recovery location.

• Restoring to an organization — for platforms such as GitHub, GitLab, or Bitbucket, additional credentials function only when data is being restored to an organization that those accounts have access to.

• Restoring to a user account — if you are restoring data directly to a specific user's account (rather than an organization), additional credentials will be ignored. This is due to security policies — other users typically cannot create resources under another user’s personal profile.