Rate limiting is a critical feature that protects our API infrastructure and ensures fair, high-performance access for all partners. Think of it as an intelligent traffic control system that prevents congestion and keeps the service running smoothly for everyone.300 requests per minute per unique IP address. This is ample for most applications while keeping the service fast and reliable.
Why Rate Limiting Matters#
This isn't just about restrictions – it's about reliability and security.Security: Protects against malicious activities like DDoS attacks and brute-force attempts.
Performance: Maintains fast, consistent response times for all users, even during peak traffic.
Fair Usage: Ensures that no single integration can monopolize API resources.
Stability: Prevents service degradation from aggressive bots or inefficient code.
📊 How It Works: The Request Flow#
Our system tracks requests per IP address in real-time. Here's a simplified view of the process:Every API response includes the following headers to give you real-time visibility into your current rate limit status:| Header | Description | Example |
|---|
X-RateLimit-Limit | The total number of requests allowed in the current time window. | 300 |
X-RateLimit-Remaining | The number of requests you have left in this window. | 241 |
X-RateLimit-Reset | The UTC epoch timestamp (in seconds) when your quota will reset. | 1678886400 |
⚠️ Handling Exceeded Limits: The 429 Response#
When you exceed the limit, the server will reject your request with an HTTP 429 Too Many Requests status. The API response will include a JSON body with error details and a Retry-After header indicating how long you should wait.Example `429` Error Response
Header: Retry-After: 60{
"error": "Rate limit exceeded",
"message": "You have exceeded the maximum number of requests allowed (300 requests/min). Please try again later.",
"retry_after": 60,
"limit": 300,
"window": "1 minute"
}
Best Practices & Smart Integration#
To build a truly resilient application, you must anticipate and gracefully handle rate limits.1. Proactive Monitoring#
Don't wait for a 429 error. Check the X-RateLimit-Remaining header. If it's getting low, slow down your requests.2. Intelligent Retry Logic#
When you receive a 429 error, use an exponential backoff strategy. This prevents your service from hammering the API as soon as the window resets.
🚀 Need Higher Limits?#
As your business grows, your needs may change. We're here to support you.If you anticipate consistently high traffic volumes, please contact our team to discuss custom rate limits for enterprise applications. We can work with you to find the right balance between performance and protection.
