Rate Limiting
Traffic is monitored to keep the platform stable and secure. If traffic from an account is too high, the account may be temporarily throttled when rate limits are hit. Rate limits are typically applied per API endpoint and per time window (e.g. per minute). If you exceed your rate limit, you will receive an HTTP 429 response. Partners should handle HTTP 429 by backing off and/or retrying requests appropriately (e.g. respecting theRetry-After header when present).
Response Headers
The following headers may be returned on requests (exact names and semantics may vary; confirm with your solution contact):| Header | Description |
|---|---|
| X-Ratelimit-Limit | Request limit per time window (e.g. per second or per minute) |
| X-Ratelimit-Remaining | Remaining number of requests allowed within the current window |
| X-Ratelimit-Reset | Time or duration until the quota resets (e.g. milliseconds) |
Retry-After header may also be present indicating how long to wait before retrying (in seconds).
Best Practices
- Implement exponential backoff when receiving 429.
- Respect the
Retry-Afterheader when present. - If you need higher limits for your use case, contact your CardPlus solution contact. Note that rate limit increases may be subject to additional terms or fees.