The authentication with UQPAY API is rate limited to prevent abuse that would degrade our ability to maintain consistent API performance for all users.
The API is rate limited per minute and different resources have different limits on a client account basis. Consider a resource that has a rate limit of 10 requests per minute; anything over 10 requests within the same minute (e.g. between 16:20:00 to 16:21:00) will return an error. The rate limiter allows bursting so if no requests are received in the first 50 seconds, for example, but 10 are received over the next 10 seconds, they will all succeed.
You must implement suitable error handling for HTTP 429 response codes in your API client. Using an exponential backoff with a random jitter is the recommended way to handle HTTP 429 response codes.
Different rate limits apply to different resources depending on whether an API client is making an authenticated request or not, as listed below.
Request Type | Request Path | Rate Limit (Sandbox) | Rate Limit (Production) |
---|---|---|---|
Authentication | /api/v1/connect/token | 60 requests per minute | 60 requests per minute |
All other authenticated requests | /api/v1/* | 500 requests per minute | 200 requests per minute |
All other unauthenticated requests | /api/v1/* | 200 requests per minute | 100 requests per minute |
Exceeding the rate limit
When the rate limit is exceeded, the API will return a HTTP status code of 429 -- "Too Many Requests"
with a JSON response body as per the example below:
HTTP/1.1 429 Too Many Requests
Date: Mon, 25 Jan 2021 13:16:59 GMT
Content-Type: application/json; charset=UTF-8
{
"code": "too_many_requests",
"message": "Too many requests have been made to the api. Please refer to the Developer Center for more information",
}