Quickstart

Quickstart: handle rate limits on the public API

The public ring is rate-limited, and a 429 tells you exactly when to try again. Read the RateLimit-Remaining and RateLimit-Reset headers to stay ahead of the limit, and on a 429 back off with jitter until the window resets — the difference between a resilient client and a hammered one.

2 min read

429code: rate_limited
RateLimit-ResetWhen the window resets
jitterAvoid thundering herd

Read the headers

Every response carries the current budget so you can slow down before you are cut off:

  • RateLimit-Limit — requests allowed per window.
  • RateLimit-Remaining — how many you have left.
  • RateLimit-Reset — seconds until the window resets.

Back off on 429

async function withRetry(fn, max = 4) {
  for (let attempt = 0; ; attempt++) {
    const res = await fn();
    if (res.status !== 429) return res;
    if (attempt >= max) return res;
    const reset = Number(res.headers.get('RateLimit-Reset')) || 2 ** attempt;
    const jitter = Math.random() * 250;
    await new Promise(r => setTimeout(r, reset * 1000 + jitter));
  }
}

Honour RateLimit-Reset when present; fall back to exponential back-off (2**attempt seconds) otherwise, always with a little jitter so many clients don't retry in lockstep.

Stay under the limit

Cache reference data (products, pricing, loyalty tiers), batch where you can, and never poll healthz or status in a tight loop. Most integrations never see a 429 once caching is in place.

Frequently asked questions

How do I know the limit?

Read RateLimit-Limit on any response. The default public limit is modest and generous enough for cached, well-behaved clients.

Should I retry every 429 forever?

No. Cap retries (four is plenty), honour RateLimit-Reset, and if you still fail, degrade gracefully rather than looping.

Why add jitter?

So a fleet of clients that all hit the limit at once don't all retry at the same instant and re-trigger it. Randomising the delay spreads the load.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.