Stack Developers

Appearance

Return to top
On this page

Rate Limiting

Overview

As you may or may not be aware, our API's are not intended to be re-sold, and we try to prevent this abuse in any way possible. Additionally, we try to ensure a perfect experience for all of our users by ensuring that our server resources are no being wasted on un-necessary requests.

To this end, we have implemented mechanisms that help us prevent abuse and also ensure a perfect experience for all our users.

Speed throttling

On first sense of an abuse of our API, our systems attempt to balance things our by throttling the request and response speed of the rogue API Key / Server. If the speed of which requests are coming in reduces, our systems will restore the regular request and response speeds. If the speed of which requests are coming in stays the same or increases, our system will enforce a hard stop on all API requests and Responses until the specified rate-limit time passes.

We are very aggressive when it comes to maintaining our system integrity. We will block api keys, ip addresses, servers, computer and even an entire account permanently to maintain this integrity.

API Key Rate Limit

We implement API Key specific rate limits in order to control abuse of our API services and ensure that they are used in accordance with our terms of use. The current standard API Key rate limit is 120 requests every minute in production and sandbox ( or 2 requests per second ). This limit can be raised or lowered by a support team member.

System Rate Limit

In addition to API Key rate limit, we also have a system rate limit that can not be overriden. All accounts, regardless of agreement are subject to this rate limit. Our system rate limit is currently set at 100 requests per minute. This means, every account is subject to a maximum of 200 requests every minute. This rate limit is subject to change. Any changes made will be communicated to whatever email address we have on file.

TIP

A system rate limit is applied to the request originating server.

Once a limit has reached, all subsequent API calls will return a 429 status code until the timeframe passes. After then, requests can continue to be received as normal.