03. API Rate Limit

03. API Rate Limit

Update 12th February 2025

To enhance the security of our platform, we are introducing changes to the API rate-limiting mechanism. These adjustments aim to safeguard against excessive resource usage caused by external attacks or customer misconfigurations.

Key Updates:

1. Rate Limiting Per Account:

   1. Rate limits will now be applied at the account level rather than per IP.

   2. All users within the same account will share the same rate limit.

   3. Enterprises under resellers will have their own separate rate limits.

   4. IP addresses will no longer factor into rate limiting.

2. Rate Limiting Per Second:

   1. The rate limit will be enforced on a per-second basis.

3. Updated HTTP Header:

   1. A new header, **X-Rate-Limit-TPS,**will replace the previous headers, clearly indicating the applied rate limit.

   2. The following headers will not be available

      1. X-Rate-Limit-Limit

      2. X-Rate-Limit-Remaining

      3. X-Rate-Limit-Reset

Rate Limit Policy:

• Number of total request: The actual amount that has been set for your account will be visible in the http header X-Rate-Limit-TPS. Default will be set to 2.

• Period of rate limiting: 1 sec

HTTP Header:

• X-Rate-Limit-TPS: Specifies the configured rate limit for the account.

When the quota is exceeded, an HTTP 429 ("Too Many Requests") response will be returned.

These changes are designed to ensure fair resource allocation and platform reliability.

Additional usage notes

• Rate limiting is enforced at account level, not IP level.

• All users within the same account share the same rate limit.

• Enterprises under resellers have separate rate limits.

• Rate limiting is enforced per second.

• X-Rate-Limit-TPS indicates the configured account rate limit.

• Default is 2 TPS unless configured differently.

• When quota is exceeded, the API returns HTTP 429 Too Many Requests.