Rate Limit for Partner

About the policy

The Remote API limits the number of authenticated requests to 250 requests per minute for each CLIENT ID. Requests exceeding this limit are not processed and return an error as described in the sections below.

How it works?

In a one-minute time window, the Remote API can processes up to 250 requests regardless of the token. This means the control is based on the CLIENT ID not the token. Therefore, the count of the requests authenticated with tokens belonging to a same CLIENT ID cannot exceed 250.

The one-minute time window starts counting from the first request. After one minute (60 seconds), the counter is reset and a new time window will start when a new request reaches the Remote API server. Requests to issue an access token are counted as regular requests.

HTTP Headers

The following three headers are always present in authenticated requests, regardless of whether it's successful.

  • x-ratelimit-count: the number of requests performed within the rate limit period. This counter resets every time x-ratelimit-reset reaches 0.
  • x-ratelimit-remaining: the number of requests you can make before you have to wait for rate limit period to reset. This counter decrements to 0, and resets after x-ratelimit-reset reaches 0.
  • x-ratelimit-reset: the number of milliseconds before your remaining number of requests (x-ratelimit-remaining) resets to the maximum limit and the number of requests you've made within the current rate limit period (x-ratelimit-count) resets back to 0.

Example of a successful response, containing the rate limit headers

curl -I --location --request GET \
     --header "Authorization: Bearer eyJraWQiOiJqdjR1QzJtW..." \
     --header "Content-Type: application/json" \
     https://gateway.remote.com/v1/countries

HTTP/2 200
Content-Type: application/json; charset=utf-8
x-ratelimit-count: 5
x-ratelimit-remaining: 245
x-ratelimit-reset: 12043
...

Example of a response when rate limit is exceeded

curl -I --location --request GET \
     --header "Authorization: Bearer eyJraWQiOiJqdjR1QzJtW..." \
     --header "Content-Type: application/json" \
     https://gateway.remote.com/v1/countries

HTTP/2 429
Content-Type: application/json; charset=utf-8
x-ratelimit-count: 256
x-ratelimit-remaining: 0
x-ratelimit-reset: 12043
...

Response for exceeded requests

The Remote API responds when a request exceeds the limit with a 429 HTTP Status (Too Many Requests) and an informative message, such as:

curl -I --location --request GET \
     --header "Authorization: Bearer eyJraWQiOiJqdjR1QzJtW..." \
     --header "Content-Type: application/json" \
     https://gateway.remote.com/v1/countries

HTTP/2 429
Content-Type: application/json; charset=utf-8
...

{"message": "Customer rate-limit exceeded"}

If you want to provide feedback on the rate limit, please send a message to [email protected].