API Limitations

This page describes the limitations of the Report Flow Content Service API.

tip

These limitations apply to the production environment (api.re-port-flow.com).

📦 Request Size Limit

Maximum Request Size: 50MB

The maximum request body size is 50MB (after Base64 encoding).

Effective file size estimate:
- Before Base64 encoding: ~37MB
- Encoding overhead: ~1.33x

tip

As a document output SaaS, we provide sufficient capacity to handle reports with large amounts of high-resolution images.

Behavior on Exceeding Limit

When request size exceeds 50MB:

{
  "statusCode": 413,
  "message": "Payload Too Large",
  "error": "Request Entity Too Large"
}

Handling Large Files

For large images or data, consider the following approaches:

Optimize Images
- Reduce resolution (72-150dpi for web, 300dpi for print)
- Adjust compression (JPEG quality 80-85% recommended)
- Remove unnecessary metadata
Use Async Endpoints
- For generating many PDFs, use async endpoints
- Process large data without timeout concerns
Split Data
- Divide requests when generating multiple PDFs in a single request

⏱️ Timeout Limits

Sync Endpoints: 120 seconds

Affected Endpoints:

POST /v1/file/sync/single
POST /v1/file/sync/multiple

A 120-second timeout is configured to handle complex document processing.

Timeout Response:

{
  "statusCode": 504,
  "message": "Gateway Timeout",
  "error": "Request timeout"
}

For processing exceeding 120 seconds:

Use async endpoints (/async/single, /async/multiple)
Reduce design complexity (fewer images, table rows)
Split requests

Async Endpoints: No Limit

Affected Endpoints:

POST /v1/file/async/single
POST /v1/file/async/multiple

Async endpoints have no timeout limit. They're suitable for bulk PDF generation and complex design processing.

🚦 Rate Limit

Rate limiting has been implemented as of February 2024.

Workspace-based Limits

Rate limits are applied per workspace. Requests from the same workspace are counted together, without affecting other workspaces.

Endpoint Type	Limit	Target Endpoints
Sync Endpoints	30 requests/min	`/sync/single`, `/sync/multiple`
Async Endpoints	100 requests/min	`/async/single`, `/async/multiple`
Download & Retrieval	100 requests/min	`/download/`, `/design/parameter/`

Rate Limit Exceeded Response

When the rate limit is exceeded, the following response is returned:

HTTP/1.1 429 Too Many Requests
Retry-After: 60
Content-Type: application/json

{
  "statusCode": 429,
  "message": "Rate limit exceeded for this workspace. Please try again in 60 seconds.",
  "error": "Too Many Requests"
}

The response includes a Retry-After header indicating the integer number of seconds to wait before retrying (per RFC 9110 §10.2.3). Clients should read this header and wait the specified duration rather than applying their own exponential backoff. The number embedded in the message body is the same value in human-readable form.

Design Rationale

Sync Endpoints (30 req/min): Considering the 120-second timeout, this allows up to 60 parallel processes, aligned with ECS task capacity.
Async Endpoints (100 req/min): Supports batch processing and bulk generation. Protects server resources while maintaining high throughput.
Download (100 req/min): Higher limit for lightweight operations.

tip

For normal UI operations (approximately 1 request every 2 seconds), you won't reach the limit. For batch processing, please use async endpoints.

📝 Filename Restrictions

Disallowed Characters

The following characters cannot be used in filenames:

Character	Name
`/`	Slash
`\`	Backslash
`:`	Colon
`*`	Asterisk
`?`	Question mark
`"`	Double quote
`<` `>`	Angle brackets
`\|`	Pipe
Control chars	`0x00`–`0x1F`

All other characters (alphanumeric, Japanese, spaces, various symbols, etc.) are allowed.

Examples

✅ Valid:
{
  "fileName": "invoice_2024-01.pdf",
  "fileName": "report-2024-01.pdf",
  "fileName": "レポート (January).pdf",
  "fileName": "report #001.pdf"
}

❌ Invalid:
{
  "fileName": "invoice/2024.pdf",  // Slash not allowed
  "fileName": "data:2024.pdf",     // Colon not allowed
  "fileName": "report*.pdf"        // Asterisk not allowed
}

🔐 Security Requirements

HTTPS Required

The production environment only accepts HTTPS connections. HTTP requests are automatically redirected to HTTPS.

# ✅ Correct
curl -X POST https://api.re-port-flow.com/v1/file/sync/single \
  -H "appkey: your-app-key"

# ❌ Incorrect (HTTP not allowed)
curl -X POST http://api.re-port-flow.com/v1/file/sync/single

TLS Version

Minimum version: TLS 1.2
Recommended version: TLS 1.3
TLS 1.0/1.1 are not supported

API Endpoint

Production:

URL: https://api.re-port-flow.com/v1/*

Staging:

URL: https://api.stg.re-port-flow.com/v1/*

Authentication Failure:

{
  "statusCode": 401,
  "message": "認証情報が不正です",
  "error": "Unauthorized"
}

(The server returns the message in Japanese; it translates to "Invalid credentials".)

API Key Rotation

For improved security, we recommend regenerating your application key every 3 months.

See API Key Management for details.

📊 Plan Limits

Workspace plans have the following restrictions:

Design File Limit

Each plan has a maximum number of design files that can be created in a workspace.

File Generation Limit

Each plan has a monthly limit on PDF generation count.

info

Specific limits vary by plan. Check your current usage and limits in the admin dashboard.

Exceeding Plan Limits

When plan limits are reached:

{
  "statusCode": 403,
  "message": "プラン情報が見つからないため、この操作は許可されていません",
  "error": "Forbidden"
}

When the monthly file generation limit is reached, the server returns:

{
  "statusCode": 403,
  "message": "今月のファイル作成回数上限（X）に達しました。プランをアップグレードするか、翌月までお待ちください。",
  "error": "Forbidden"
}

(The server returns the messages in Japanese.)

🌐 Network Restrictions

CloudFront Requests

External requests are processed via CloudFront:

Client → CloudFront → ALB → ECS (content-service)

📋 Additional Restrictions

Health Check Endpoint

The /v1/health/check endpoint is accessible without authentication. This endpoint is not logged in access logs.

CORS Configuration

The following headers are allowed:

Origin
X-Requested-With
Content-Type
Accept
Authorization
appkey

Requests from all origins (*) are accepted.

🆘 Handling Limit Exceeded Errors

Request Size Exceeded

Optimize images
Split data
Use async endpoints

Timeout

Use async endpoints (/async/single, /async/multiple)
Simplify design
Split requests

Plan Limit Exceeded

Upgrade plan in admin dashboard
Delete unnecessary design files
Adjust usage frequency

📞 Support

For questions or support regarding limitations:

Email: [email protected]
Admin Dashboard: https://re-port-flow.com/support

Changelog

Date	Changes
2026-02-15	Initial version

📦 Request Size Limit​

Maximum Request Size: 50MB​

Behavior on Exceeding Limit​

Handling Large Files​

⏱️ Timeout Limits​

Sync Endpoints: 120 seconds​

Async Endpoints: No Limit​

🚦 Rate Limit​

Workspace-based Limits​

Rate Limit Exceeded Response​

Design Rationale​

📝 Filename Restrictions​

Disallowed Characters​

Examples​

🔐 Security Requirements​

HTTPS Required​

TLS Version​

API Endpoint​

API Key Rotation​

📊 Plan Limits​

Design File Limit​

File Generation Limit​

Exceeding Plan Limits​

🌐 Network Restrictions​

CloudFront Requests​

📋 Additional Restrictions​

Health Check Endpoint​

CORS Configuration​

🆘 Handling Limit Exceeded Errors​

Request Size Exceeded​

Timeout​

Plan Limit Exceeded​

📞 Support​

Changelog​