Rate Limit Policy


About the policy

The Remote API limits the number of authenticated requests to 20 requests per minute. Requests exceeding this limit are not processed and return an error as described in the sections below.

How it works?

In a one-minute time window, the Remote API can processes up to 20 requests per company. This means the control is based on the company not the token. Therefore, the count of the requests authenticated with tokens belonging to a same company cannot exceed 20.

The one-minute time window starts counting from the first request. After one minute (60 seconds), the counter is reset and a new time window will start when a new request reaches the Remote API server.

HTTP Headers

The following three headers are always present in authenticated requests, regardless of whether it's successful.

  • x-ratelimit-count: the number of requests performed within the rate limit period. This counter resets every time x-ratelimit-reset reaches 0.
  • x-ratelimit-remaining: the number of requests you can make before you have to wait for rate limit period to reset. This counter decrements to 0, and resets after x-ratelimit-reset reaches 0.
  • x-ratelimit-reset: the number of milliseconds before your remaining number of requests (x-ratelimit-remaining) resets to the maximum limit and the number of requests you've made within the current rate limit period (x-ratelimit-count) resets back to 0.

Example of a successful response, containing the rate limit headers

curl -I --location --request GET \
     --header "Authorization: Bearer ra_live_e32d..." \
     --header "Content-Type: application/json" \
     https://gateway.remote.com/v1/countries

HTTP/2 200
Content-Type: application/json; charset=utf-8
x-ratelimit-count: 5
x-ratelimit-remaining: 15
x-ratelimit-reset: 12043
...

Example of a response when rate limit is exceeded

curl -I --location --request GET \
     --header "Authorization: Bearer ra_live_e32d..." \
     --header "Content-Type: application/json" \
     https://gateway.remote.com/v1/countries

HTTP/2 429
Content-Type: application/json; charset=utf-8
x-ratelimit-count: 21
x-ratelimit-remaining: 0
x-ratelimit-reset: 12043
...

Response for exceeded requests

The Remote API responds when a request exceeds the limit with a 429 HTTP Status (Too Many Requests) and an informative message, such as:

curl -I --location --request GET \
     --header "Authorization: Bearer ra_live_e32d..." \
     --header "Content-Type: application/json" \
     https://gateway.remote.com/v1/countries

HTTP/2 429
Content-Type: application/json; charset=utf-8
...

{"message": "Customer rate-limit exceeded"}

If you want to provide feedback on the rate limit, please send a message to [email protected].