Skip to content

Why do I see unnecessary or unauthorized requests?

The Save / Update Missing by API chart in your project's API metrics can flag two kinds of write requests you usually don't want: unnecessary and unauthorized requests. Both come from your app or tooling calling the saveMissing/add or update endpoints when it shouldn't.

The saveMissing, add and update features are meant for development, not production. The cleanest fix for both counters is to follow the going to production guide: disable these features in production and load your translations from the CDN.

Unnecessary requests

A request is counted as unnecessary when it reaches Locize but has nothing to do, so the API answers with a 412 status:

  • an unnecessary missing request is a saveMissing call for a key that already exists (nothing was missing), and
  • an unnecessary update request is an update whose value equals the value already stored (nothing changed).

This usually means saveMissing or update is left enabled in an environment where the translations are already complete, so every app start re-reports keys that are already there.

A common cause with react-i18next is rendering pages before the translations have finished loading, which makes the app report keys as missing. See the suspense notes for the HOC and the hook.

What to do

  • Enable saveMissing only in development, while you are actually adding new keys. Turn it off everywhere else.
  • Make sure translations are loaded before rendering (use suspense, or wait until i18next is initialized).
  • In production, read your translations from the CDN; the CDN path never writes.

Unauthorized requests

A request is counted as unauthorized when a saveMissing or update call is made with an API key that lacks write permission, or with a missing or invalid key. Locize rejects it with a 401 status, so nothing is written.

This usually means a write call (most often saveMissing) is running in an environment that only has a read key, typically production.

What to do

  • Make sure write requests use an API key with sufficient permissions (see the API documentation).
  • Keep write-capable keys to development only, and disable saveMissing in production so it never tries to write with a production key.

Best practice

Follow the going to production guide: saveMissing, add and update on in development with a write-capable API key, and off in production where you read from the CDN. With that, both counters stay at zero.

See also: Why is there such a high download amount?