Hello Team,

Kindly review the below questions from RDP API client regarding authorization and advise:

Client Query: We have a question about the `Session quota is reached` error. We would like to authorize multiple instances of the application. But your authorization server rejects the request if we try to make a request without the `takeExclusiveSignOnControl` parameter. The API formally allows us to get multiple tokens, but in reality, we can't get more than one. And we would like to get a more extensive explanation (than in documentation) on the semantics of the 'Session quota is reached' error (under what circumstances it occurs and why we get this error when the first request to /auth/token).

Your documentation says that the `takeExclusiveSignOnControl` parameter is not a required parameter:

> The parameter, takeExclusiveSignOnControl, may be set to true ONLY if application sending authorization request needs all other sessions/applications to be logged out. Here are a couple of use cases when takeExclusiveSignOnControl must be set to true: Refresh token has been lost or invalid resulting in errors like: {"error":"access_denied" ,"error_description":"Session quota is reached." }

But your API rejects authorization without this parameter.

This is the list of questions:

1. What is `session quota`?
2. How is it measured?
3. How much quota do we have (per account/application, mb per day)?.
4. Can this value be changed (increased)?
6. Can I disable the quota for certain applications?
7. Why does authorization fail if the request does not include the `takeExclusiveSignOnControl=true` parameter?
8. How does `session quota` affect other applications from our account? Do all applications have the same quota?
9. Does logging into a website also affect the quota?

Thanks and Regards,

Nitesh.

Online Solutions Team