Reliability

Rate limiting across both rings

The public ring is metered at 60 requests per 60 seconds per IP. The partner ring uses a token bucket scoped to your project with sustained and burst capacity that scales by tier, plus tighter per-endpoint sub-limits.

2 min read

60 / 60sPublic ring, per IP
Token bucketPartner ring, per project
RateLimit-*Headers on every response

Public ring: a fixed window per IP

The public ring caps each caller at 60 requests per 60-second window, keyed to the source IP. It is evaluated at the edge, so a throttled request never touches application code. When you exceed the window you get a 429 — wait for the window to roll and continue. For higher sustained throughput you need a partner project.

Partner ring: a token bucket per project

The partner ring meters with a token bucket scoped to your project, not to an individual key or token. Each bucket has a sustained refill rate and a burst capacity; a request costs one token and reads and writes are weighted equally. Because the bucket refills continuously, you can spend your burst in a short spike and settle back to the sustained rate without being locked out for a full minute.

Defaults: build (sandbox) 10 req/s / burst 50; launch 25 req/s / burst 100; scale 100 req/s / burst 400. Sandbox is fixed at build tier regardless of your live tier.

Per-endpoint sub-limits

Some partner endpoints carry their own tighter cap because each call is expensive:

EndpointSub-limitWhy
POST /applications5 req/sEach opens a decisioning case
POST /decisions/{id}/refresh1 req/sRe-runs the model; costly
POST /payments/links10 req/sProvisions a PISP payment
POST /identity/checks5 req/sCalls the KYC/AML provider

Read the RateLimit-Limit, RateLimit-Remaining and RateLimit-Reset headers on every response and slow down before you hit the wall — see handling rate limits.

Frequently asked questions

Are RateLimit-* headers on failures too?

Yes. Every response — success or failure, including the 429 itself — carries the current bucket state in RateLimit-Limit, RateLimit-Remaining and RateLimit-Reset. Read them instead of guessing so you can slow down before being throttled.

If I run several integrations from one project, do they share a limit?

Yes. The bucket is per project, so co-located integrations share it. Provision a separate project per workload when you need isolated headroom.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.