Request Throttling (429 Too Many Requests)

To help protect the API from DDoS attacks and accidental request flooding, excessive request volumes [from a single account] will trigger a 429 Too Many Requests response.

A single "request" is counted as a single interaction with the API. This can be a [GET], [POST], [PUT], [PATCH] or [DELETE] HTTP request.

Default request volume limits

The following table details the default API request limits imposed on a single account.

Timespan Max Allowed Requests Requests Per Minute
5 Minutes 3,000 Requests 600
1 Hour 18,000 Requests 300

Special Dispensations

Customer accounts can have the request limits increased if their request volumes are expected to exceed the default limits.
However this may incur additional costs to cover any additional hardware requirements. Please contact for further advice on extending your API request limits.

How to avoid excessive request volumes

To help avoid excessive volumes of individual requests, the API supports batch processing jobs.
Batch processing jobs allow you to perform multiple API actions in a single job instruction.
Ideal for large data entry tasks. Offering improved performance and through put by avoiding unnecessary transportation overheads and repeated authentication processing time.

Excluded Requests

The "HealthCheck" API end point is exclude from the request throttling restrictions.