Skip to main content

Rate Limiting Guide

This document explains how to implement Rate Limiting policies in your API to restrict the number of requests users can make within a specific time frame.

What is Rate Limiting?

Rate Limiting is a security measure that restricts the number of requests a user can make to API within a defined time period. It is used to prevent abuse, maintain service quality, and protect API server from excessive traffic.

How does Rate Limiting work?

Rate Limiting works by tracking the number of requests a user makes to an API within a defined time period. If the user exceeds the limit, the API server will return an error response.

In the API Response, the following headers are returned:

  • X-RateLimit-Limit: The maximum number of requests that the consumer is permitted to make per hour.
  • X-RateLimit-Remaining: The number of requests remaining in the current rate limit window.
  • X-RateLimit-Reset: The time at which the current rate limit window resets in UTC epoch seconds.

Past the limit, the API server will return a 429 Too Many Requests error response.

HTTP/1.1 200 OK
Content-Type: application/json
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 750
X-RateLimit-Reset: 1631257200