We have a Nuxt website for a client that, according to the Dato dashboard, used over 600K CDA API calls last month which is over the limit for plan weāre on.
However, looking at the the traffic for the site in Analytics, itās nowhere near that level given (total of 12K page views for the month).
I have checked the code and dev tools and for all pages I can find, we only make one API callā¦ and definitely not the 50 per page view we would need to get up to that number.
Is there some way find out what is going on here as weāre talking a couple of orders of magnitude more than I would expect for this site?
Which project is this for? Is this a recent development, or has it been this way for the whole lifespan of this particular website, and you just happened to notice it?
If you could please send me some details about this (at least the project URL in Dato and the website URL that it gets built to, for starters) I would be glad to investigate further for you. If we canāt figure it out immediately, sharing the website repo with us (or at least some page snippets) would help too.
If this is for the project starting with āAā, in its own Project Usages dashboard inside the project, you can see some details. Something that jumps out at me is that you have very few API calls with referrers (which hopefully your real frontend is sending us), but many coming from some AWS IP ranges. That means itās likely not a real person making those calls, but maybe some internal build or test or backup script of yoursā¦? Or else is it possible your API key was used somewhere without your knowledge or permission? All the calls are coming from the one same API key.
If you can make several API keys and try to segregate them by usage (i.e. give the frontend serverside stuff one key, the client-side stuff another key, any other scripts their own individual keys, and invalidate the old keysā¦) you can better track down where theyāre coming from.
It might also help to send us more specific referrers with your fetch requests if you can (ie down to the page level) so you can better see which parts of your site are causing the requests, if any.
Sorry for the hassles thereā¦ we donāt really have a way to track API call origins beyond what you see in your Project Usages section, namely:
Referrers that you send us
IP addresses theyāre coming from
Which API key was used
Does that help narrow it down at allā¦? If thatās the right project, Iād be happy to take a deeper look with you into the website code and/or maybe analytics, if that would help? But it might also be some other process making those calls? Hard to say without more fine-grained API keys
