Upgrade Storageweb library blocked
After upgrading storage, my web library is blocked, displaying a black screen with a red "Z". This has persisted for over 48 hours, so an API block should have reset. What could be causing this and how can I resolve it? Any support much appreciated.
The screen you’re seeing is displayed while the web library is fetching data, such as your citations and collections. If you see it for a prolonged time, it might be a networking problem. However, if the problem persists, please check your browser console for errors and, if you see any, paste them here. Also, as a test, I’d try accessing the web library with another browser.
many thanks!
Could you please load the web library with the browser console opened, the Network tab selected, so that 429 errors (and the URLs it tries to load) are visible, and post a screenshot here?
Again, storage is irrelevant here.
https://s3.amazonaws.com/zotero.org/images/forums/u17506375/rnb9dqmruhj10peq2erj.png
I shut down every service and revoked every API key to isolate what's calling on the API and causing the 429s (I noticed a bunch of calls from Phoenix, AZ IPs, is that Zotero services ?. They look like cloud-hosted servers or automated clients hitting the Zotero API ). I shut down the desktop app so it wouldn't interfere either and I disabled the synchronization just in case to force a clean break and get web access back. The weird thing is that I'm still getting 429s.
I only have one group library.
Any ideas?
You'll need to email support@zotero.org and explain the nature of these requests, and we'll likely ask you (or the developer of whatever code you're running) to rearchitect these tools, as they're making request patterns that shouldn't be necessary and are placing too heavy a load on our servers. You'll also need to confirm that you're properly obeying 429s and Retry-After/Backoff instructions.
We can discuss the rest via email.
---
#### What I see
* Any attempt to open the Web Library triggers calls like:
```
GET https://api.zotero.org/users/17506375/groups?direction=desc&format=json&limit=100&sort=dateModified
Status: 429 Too Many Requests
```
* Request headers still include a key:
```
zotero-api-key: kDwqOGsI8RPCjKrTRHldvdU4
```
* This happens **in clean browsers**, private/incognito windows, and even from different devices/networks.
* After I deleted all API keys in my account, this key should not exist. Yet it continues to appear in outgoing requests.
---
#### What I’ve tried
* Deleted all API keys (manual and automatic) under **Settings → Keys**.
* Logged out of all sessions via **Settings → Security**.
* Changed my Zotero password.
* Cleared **cookies, local/session storage, IndexedDB** for both `zotero.org` and `api.zotero.org`.
* Tested in Chrome, Firefox, Safari (desktop and mobile), incognito/private modes.
* Disabled Zotero Connector, quit Zotero Desktop completely.
* Even tested from a separate network (mobile hotspot).
The requests *still* carry that same `zotero-api-key`.
---
#### Why I believe this is server-side
* The Web Library normally doesn’t need a key header — it should rely on cookies.
* If I’ve deleted all keys and cleared all local storage, but the key is still injected into every request across devices, it suggests:
* A server-side cache or process tied to my account is still marking this key as active.
* That phantom key is being appended to all API calls, creating a **loop of 429 errors**.
---
#### Impact
* I cannot access my Web Library at all.
* Even after 2+ days of inactivity, the rate-limit penalty window does not clear.
* The 429s appear immediately on every request, not gradually — indicating a persistent lock.
---
#### Ask
* Can a developer **manually clear/reset the rate-limit state** for my user ID (17506375)?
* Can you verify why API requests for my account are still being stamped with a deleted key?
* Is there any internal caching layer or zombie process that could be injecting stale keys?
---
At this point, creating a new account would be a workaround, but I’d prefer to resolve this properly. The behavior looks like a **server-side cache leak or stuck key association**, not a client issue.
Thanks for investigating!
They tell you exactly what's happening, why, and what to do to get your account back working.
None of your analysis of the browser console is relevant. You also misunderstand the technical set up of the web library (it does use API keys in GET calls, e.g.), which is of course perfectly fine, but you'll need to trust dstillman, the lead developer for Zotero, to correctly diagnose the issue.
You'll need to email them, explain what happened, explain what steps you have taken to prevent this from happening again, and then have your IP unblocked and your web library will work again. If it doesn't, you can follow up.
I'd also add that, if all you're doing is saving to the desktop app and wanting to transfer data to some other platform, you could likely use the local web API available in Zotero 7, which closely resembles the web API, but without any rate limits:
https://groups.google.com/g/zotero-dev/c/ElvHhIFAXrY/m/fA7SKKwsAgAJ
But you can also just use the mechanisms the web API provides to efficiently fetch new data.
Once you've assured us that you've adjusted the way you're making requests, we'll remove the block.