API Limitations
This page describes the limitations of the Report Flow Content Service API.
These limitations apply to the production environment (api.re-port-flow.com).
π¦ Request Size Limitβ
Maximum Request Size: 50MBβ
The maximum request body size is 50MB (after Base64 encoding).
Effective file size estimate:
- Before Base64 encoding: ~37MB
- Encoding overhead: ~1.33x
As a document output SaaS, we provide sufficient capacity to handle reports with large amounts of high-resolution images.
Behavior on Exceeding Limitβ
When request size exceeds 50MB:
{
"statusCode": 413,
"message": "Payload Too Large",
"error": "Request Entity Too Large"
}
Handling Large Filesβ
For large images or data, consider the following approaches:
-
Optimize Images
- Reduce resolution (72-150dpi for web, 300dpi for print)
- Adjust compression (JPEG quality 80-85% recommended)
- Remove unnecessary metadata
-
Use Async Endpoints
- For generating many PDFs, use async endpoints
- Process large data without timeout concerns
-
Split Data
- Divide requests when generating multiple PDFs in a single request
β±οΈ Timeout Limitsβ
Sync Endpoints: 120 secondsβ
Affected Endpoints:
POST /v1/file/sync/singlePOST /v1/file/sync/multiple
A 120-second timeout is configured to handle complex document processing.
Timeout Response:
{
"statusCode": 504,
"message": "Gateway Timeout",
"error": "Request timeout"
}
For processing exceeding 120 seconds:
- Use async endpoints (
/async/single,/async/multiple) - Reduce design complexity (fewer images, table rows)
- Split requests
Async Endpoints: No Limitβ
Affected Endpoints:
POST /v1/file/async/singlePOST /v1/file/async/multiple
Async endpoints have no timeout limit. They're suitable for bulk PDF generation and complex design processing.
π¦ Rate Limitβ
Rate limiting has been implemented as of February 2024.
Workspace-based Limitsβ
Rate limits are applied per workspace. Requests from the same workspace are counted together, without affecting other workspaces.
| Endpoint Type | Limit | Target Endpoints |
|---|---|---|
| Sync Endpoints | 30 requests/min | /sync/single, /sync/multiple |
| Async Endpoints | 100 requests/min | /async/single, /async/multiple |
| Download & Retrieval | 100 requests/min | /download/*, /design/parameter/* |
Rate Limit Exceeded Responseβ
When the rate limit is exceeded, the following response is returned:
{
"statusCode": 429,
"message": "Rate limit exceeded for this workspace. Please try again in XX seconds.",
"error": "Too Many Requests"
}
Design Rationaleβ
- Sync Endpoints (30 req/min): Considering the 120-second timeout, this allows up to 60 parallel processes, aligned with ECS task capacity.
- Async Endpoints (100 req/min): Supports batch processing and bulk generation. Protects server resources while maintaining high throughput.
- Download (100 req/min): Higher limit for lightweight operations.
For normal UI operations (approximately 1 request every 2 seconds), you won't reach the limit. For batch processing, please use async endpoints.
π Filename Restrictionsβ
Disallowed Charactersβ
The following characters cannot be used in filenames:
| Character | Name |
|---|---|
/ | Slash |
\ | Backslash |
: | Colon |
* | Asterisk |
? | Question mark |
" | Double quote |
< > | Angle brackets |
| | Pipe |
| Control chars | 0x00β0x1F |
All other characters (alphanumeric, Japanese, spaces, various symbols, etc.) are allowed.
Examplesβ
β
Valid:
{
"fileName": "invoice_2024-01.pdf",
"fileName": "report-2024-01.pdf",
"fileName": "γ¬γγΌγ (January).pdf",
"fileName": "report #001.pdf"
}
β Invalid:
{
"fileName": "invoice/2024.pdf", // Slash not allowed
"fileName": "data:2024.pdf", // Colon not allowed
"fileName": "report*.pdf" // Asterisk not allowed
}
π Security Requirementsβ
HTTPS Requiredβ
The production environment only accepts HTTPS connections. HTTP requests are automatically redirected to HTTPS.
# β
Correct
curl -X POST https://api.re-port-flow.com/v1/file/sync/single \
-H "appkey: your-app-key"
# β Incorrect (HTTP not allowed)
curl -X POST http://api.re-port-flow.com/v1/file/sync/single
TLS Versionβ
- Minimum version: TLS 1.2
- Recommended version: TLS 1.3
- TLS 1.0/1.1 are not supported
API Endpointβ
Production:
URL: https://api.re-port-flow.com/v1/*
Staging:
URL: https://api.stg.re-port-flow.com/v1/*
Authentication Failure:
{
"statusCode": 401,
"message": "Unauthorized",
"error": "Invalid credentials"
}
API Key Rotationβ
For improved security, we recommend regenerating your application key every 3 months.
See API Key Management for details.
π Plan Limitsβ
Workspace plans have the following restrictions:
Design File Limitβ
Each plan has a maximum number of design files that can be created in a workspace.
File Generation Limitβ
Each plan has a monthly limit on PDF generation count.
Specific limits vary by plan. Check your current usage and limits in the admin dashboard.
Exceeding Plan Limitsβ
When plan limits are reached:
{
"statusCode": 403,
"message": "Plan limit exceeded",
"error": "Forbidden"
}
π Network Restrictionsβ
CloudFront Requestsβ
External requests are processed via CloudFront:
Client β CloudFront β ALB β ECS (content-service)
π Additional Restrictionsβ
Health Check Endpointβ
The /v1/health/check endpoint is accessible without authentication. This endpoint is not logged in access logs.
CORS Configurationβ
The following headers are allowed:
OriginX-Requested-WithContent-TypeAcceptAuthorizationappkey
Requests from all origins (*) are accepted.
π Handling Limit Exceeded Errorsβ
Request Size Exceededβ
- Optimize images
- Split data
- Use async endpoints
Timeoutβ
- Use async endpoints (
/async/single,/async/multiple) - Simplify design
- Split requests
Plan Limit Exceededβ
- Upgrade plan in admin dashboard
- Delete unnecessary design files
- Adjust usage frequency
π Supportβ
For questions or support regarding limitations:
- Email:
[email protected] - Admin Dashboard:
https://re-port-flow.com/support
Changelogβ
| Date | Changes |
|---|---|
| 2026-02-15 | Initial version |