When you should increase third-party request timeout

Identify the real bottleneck first

• Network: High latency or packet loss can delay responses.
• Provider: The third-party API may be slow or rate limited.
• Payload: Large files or reports take longer to build and send.
• Auth and routing: Bad tokens or DNS issues can look like “slow.”
• Client limits: Your app, proxy, or CDN may cut the request early.

How to set timeouts on the client

HTTP clients

• fetch (browser/Node): Use AbortController and a timer. Example idea: create an AbortController, set a setTimeout to abort after 30,000 ms, and pass controller.signal to fetch.
• Axios: Set timeout in milliseconds. Example: axios.get(url, { timeout: 30000 }).
• curl: Use –max-time in seconds. Example: curl –max-time 50 “https://api.example.com”.
• Go: Use http.Client{ Timeout: 30 * time.Second }.
• Python requests: requests.get(url, timeout=(connect, read)).

Control timeouts on your server and proxy

Reverse proxies

• Nginx: proxy_read_timeout and proxy_send_timeout control how long to wait for upstream data.
• HAProxy and other LBs: Tune connect, server, and client timeouts to the same budget.
• CDNs and gateways: Many providers cap request time (often 30–120 seconds). Know the cap before you raise values downstream.

App servers

• Node.js/Express: server.headersTimeout and server.requestTimeout affect long responses; consider them along with upstream timeouts.
• Java/Spring: Read/connect timeouts on RestTemplate or WebClient; servlet container timeouts in server config.
• .NET HttpClient: Timeout plus per-socket settings (Expect100Continue, pooled handlers).

Serverless and functions

• Functions have hard max durations. If your third-party call can exceed that, do not just increase third-party request timeout. Offload the work to a queue and return fast.

Smarter than waiting longer

Retries with backoff and jitter

• Retry only idempotent calls (GET, safe POSTs).
• Use exponential backoff with jitter: wait 0.5s, 1s, 2s, 4s (plus randomness).
• Set a total deadline so retries do not exceed your user SLA.

Circuit breaker and fallbacks

• Trip the breaker after a burst of errors or timeouts.
• Serve cache, a stub, or a graceful message while the breaker is open.
• Half-open to test recovery, then close on success.

Async workflows

• For slow reports or exports, enqueue a job.
• Return 202 Accepted with a status URL or send a webhook when ready.
• This avoids holding connections for minutes and saves compute.

Stream or chunk large results

• Use pagination or range requests for big datasets.
• Stream results so users see progress quickly.

Pick the right number with data

Use percentiles

• Measure provider latency (p50, p95, p99) over real traffic.
• Set timeout just above the p99 you are willing to accept, not the worst ever seen.
• Keep a buffer for network spikes (for example, 10–20% headroom).

Budget across layers

• Total user wait = DNS + connect + TLS + upstream queue + processing + transfer.
• Align timeouts: client ≤ proxy ≤ app ≤ upstream.
• Shorter connect timeout, longer read timeout is often safer.

Implement the timeout query parameter

Best practices

• Validate input: accept only integers and a safe range (for example, 1000–60000 ms).
• Clamp to a max: if users send 9999999, set it to your safe cap.
• Set a default (for example, 10000 ms) if the parameter is missing.
• Propagate the value to the actual HTTP client that calls the third-party.
• Log the chosen timeout and the actual duration for future tuning.

Testing and monitoring

• Write tests for timeouts, retries, and circuit-breaker states.
• Simulate slow responses and dropped connections.
• Track timeout rate, retry count, p95/p99 latency, and saturation of worker pools.
• Alert when timeouts exceed a set threshold, not on single blips.

(Source: https://www.bloomberg.com/news/features/2026-04-29/junior-bankers-sick-of-grunt-work-build-2-billion-ai-tool-to-do-the-job)

For more news: Click Here

FAQ