Understanding API Timeout and Throttling When Concurrent Requests Share a Single Session

Summary

When multiple API requests are executed concurrently using a single session cookie or authentication token, the API may start throttling requests or cause timeout errors. This typically occurs when integrations (e.g., middleware, custom applications, or third-party connectors) send concurrent calls to API endpoints.

Why This Occurs

• The integration reuses the same login session or access token across multiple threads or

  users

• MYOB Acumatica sessions are not designed to handle parallel requests using the same session ID.

Recommended Integration Approach

1. Use Separate Sessions for Each Concurrent Request

Each thread or process should perform its own login and maintain an independent session cookie or token. This ensures that each request is processed independently and avoids per-session throttling.

2. Use OAuth2 With api:concurrent_access (Recommended)

Use OAuth2 authentication with the api:concurrent_access scope. This allows multiple concurrent requests using the same client credentials while maintaining proper isolation and compliance with MYOB Acumatica’s concurrency policies.

3. If Using Session Cookies, Maintain One Cookie Per Process

When authenticating via /Login and /Logout:

• Each thread or process must log in separately

• Each must maintain its own session cookie

• /Logout must be called after the process completes

This prevents stale sessions and reduces concurrency conflicts.

4. Avoid Sharing the Same Token Across Parallel API Requests

Do not reuse or share a single token or cookie across multiple threads or users. Doing so causes throttling and inconsistent behavior under load.

5. Implement a Retry Mechanism

Add retry logic with exponential backoff to handle:

• Intermittent failures

• Throttling

• Timeout response