The session management system monitors users sessions to ensure that quotas and limits are not exceeded and only authorised resources can be accessed.
Currently it manages the following:
- A user can only have a limited number of simultaneous persistent connections (normally only 1). The WebSocket API uses persistent connections when logging into servers.
- For non-persistent connections, the number of active Access Tokens a user is using is limited. This allows browsers or other applications can establish multiple non-persistent connections (up to the limit) as long as they share an access token.
- Request throttling limits the number of requests from a user over a period of time. Request types can be categorised and throttled independently. This protects servers from API users consuming unreasonable amounts of server and computing resources.
- Zenith Resource limits restricts the number of sessions from a user, that can access a specific Zenith resources. An example of a Zenith resource is “ASX Market Data”. This can be used in circumstances where a user can establish more than one session however, at any time, only (say) one of these sessions can access (say) ASX data.
In the future, session management will be enhanced to record usage and generate reports. These reports can then be used to calculate royalties owed by users.