So I’m seeing a very odd bug with OAuth token refresh requests hitting 429 Too Many Requests errors during JMeter load tests.
Environment: Genesys Cloud US1. JMeter 5.6.
Scenario: Simulating 200 concurrent agents logging in and making calls. Each thread authenticates via the /v2/auth/token endpoint. The initial login works fine. However, after 15 minutes, when the access tokens expire and JMeter threads attempt to refresh them simultaneously, the API returns 429 status codes.
Error response:
{"status":429,"code":"rate_limit_exceeded","message":"API rate limit exceeded"}
I have reviewed the documentation for API rate limits. The default limit is 300 requests per minute for this endpoint. With 200 threads refreshing at roughly the same second, we are spiking well above this threshold. I tried adding a random delay between 1000ms and 3000ms in the JMeter sampler for the refresh step. This reduced the 429 errors but increased the overall test duration significantly. The goal is to validate system capacity without artificial delays that skew results.
Is there a recommended pattern for handling token refreshes in high-concurrency load tests? Should I be using a custom header or a different authentication flow for performance testing?
Thanks for the help.