Rate Limiting Overview
Rate limiting is implemented across all API endpoints to ensure fair usage and protect the service from excessive requests. This section outlines the global rate limits as well as specific limits for the Authenticate endpoint.
Global Rate Limits
All API endpoints are subject to the following global rate limits:
- Global Throttle Rate:
- A maximum of 10,000 requests per second is allowed across all endpoints.
- If this limit is exceeded, a 429 HTTP Status (Too Many Requests) will be issued for any additional requests within the same second.
- This ensures fair usage across the entire API.
Authenticate Endpoint Rate Limits
The Authenticate endpoint has additional rate limits to prevent abuse and ensure secure access:
Invalid Request Limit:
- Up to 5 identical invalid requests are permitted within a 2-minute period.
- Upon reaching this limit:
- Subsequent identical requests will receive a 429 HTTP Status (Too Many Requests).
- After a 2-minute waiting period, the endpoint can be called again. However, if the credentials remain invalid, 401 HTTP Status (Unauthorized) responses will be issued.
- Response Header: The response header will include a count of how many attempts are remaining before the limit is reached.
Overall Request Threshold:
- A maximum of 10,000 requests to the Authenticate endpoint is allowed within a 5-minute period.
- If this threshold is exceeded:
- A lockout will occur, and no further requests will be accepted for the next 5 minutes.
- Note that 429 HTTP Status responses also count toward this limit.
Best Practices for Managing Rate Limits
Monitor Response Headers:
Use the response headers to track remaining requests and avoid exceeding limits.Implement Retry Logic:
If you receive a 429 HTTP Status, implement a retry mechanism with exponential backoff to avoid overwhelming the API.Optimize API Usage:
Consolidate requests where possible and avoid unnecessary calls to stay within the rate limits.