Ubidots Community

I didn't ask for an API token and now its been used 40,000 times in a day!

I presume the token was included by default on mt STEM account set up, just in case I needed it to extract data rather than using the dashboard? I couldn’t demonstrate the dashboard to a client today (big own goal for Ubidots) as it says I had exceeded the dots limit. As I only ever use the dashboard in the browser and I look at it once or twice per day at most, this seems odd. My usage record shows 40,000 requests yesterday and the banner says I have exceeded 500,000 dots. How can this be? Has someone hacked my account to download my data?

I have now deleted the API token. Maybe that stops the upload as well, I don’t know. Will have to wait until tomorrow now so the error resets.

Hi @beerfoundry,

I hope all is well,

Thank you for sharing your concerns, we certainly don’t want to be a bump in the road for your IoT initiatives and we are deeply sorry that you couldn’t show the Dashboard to the client. Let me explain and clarify how the dots out and in consumption works:

Dots in : All the dots received and saved from any channel, Dashboards, and API (the ones sent by your devices).

Dots Out : The sum of the dots extracted through two (2) outbound channels.

  • API: Data requested by external applications or devices from our API. Meaning each value extracted using any of our supported protocols (MQTT, HTTP, TCP/UDP).

  • Front-end: Data requested by the web interface (Dashboard and devices). This includes all the queries required to render dashboards, CSV reports, variables, etc. So yes, refreshing a Dashboard, or exporting data will consume dots out.

The consumption is visible in the profile usage by the end of the day. The count reset at UTC 00:00, meaning the values of today are the ones consumed the day before, we have an internal ticket to modify this behavior and reflect the values of the respective day. I will keep you posted on the updates of this ticket.

Additionally, below you can find some of the measures you can take to avoid reaching out to the daily limit.

  • Refresh the Dashboards only when necessary.
  • Set a short time in the Default time range of the Dashboard, so the first time you open the Dashboard, this one only requests the last data.
  • Reduce the frequency of data extraction through API.

Based on the information below, your consumption should be for any of the above reasons rather than someone hacked on your Ubidots account. Also, in case you shared a dashboard or a widget through a public link, every time that someone opens or refreshes the dashboard or widget, dots out are consumed.

I went ahead and increased your dots out capacity to 700,000 per day, to avoid you hit any limits during your IoT application’s development. Finally, as you have commercial IoT initiatives, I invite you to create a trial account for 30 days and try all the tools available in Ubidots paid licenses.

I hope my note clarifies your concerns and let me know if you have additional comments.

All the best,


That has all been very helpful thank you. I am still trying to work out how one device uploading 6 values per hour can accumulate over 40,000 Dots out in a day with only using the Ubidots dashboard (infrequently refreshed), and how that translates in to over the 500,000 limit. It was set to 7 day history which is still only just over 1,000 dots for a 7 day dashboard refresh with all 6 measures (6x24x7).

It is true that during testing the data upload was every 30 sec. Let’s say than ran for 2 days at the start, that could mean a download during dashboard refresh of an extra 6 x 24 x 120 x 2 = 34k so that may explain how the count increased from the testing early on if that was included in the range being displayed, but I shouldn’t get that any more now until we add a lot more sensors.

Hi @beerfoundry,

Thank you for your answer. As the count only resets at 00:00 UTC it is probably that depending on your timezone, you need to wait a couple of hours of the day to be able to access your account data when you reach the dots out limit. Now, at this moment you should be able to access your account data without any problem and I will be attentive if this odd behavior happens again with the consumption to further investigate.

All the best,