Is the content of the “authorizations” payload considered to be a fully created Authorization that counts towards this ratelimit?
Or
Is the content essentially a promise which will create a pending Authorization when first visited (unless it is an existing Authorization)?
I expect the first scenario to be what is happening, but I wanted to ask about the second case - because 3 certs with 100 domains each would fully consume the ratelimit if there were no cleanup routine in the client. My client is set to revoke all 100, but I wanted to be sure.
Note that they would only consume that limit if the authorizations were not attempted (i.e. did not become "valid" or "invalid"). When an authorization is attempted, it stops counting against the Pending Authorizations limit. In a way, this is not really a "rate" limit so much as an "extant objects" limit.
Understood. One of our client unit tests fails on Authorization 1 of 100; the client currently short-circuits out when that happens and the authorizations get cleaned up by another process. The other auths are not validated because we're not sure when we'll process them in a new order.
.