The rate limiting in our API Gateway is designed to ensure reliable and fair access to API resources. This article provides an overview of how the system works and steps for how you can effectively manage your requests to avoid rate limiting.
This article covers the new API gateway. For rate limiting in the legacy API portal, refer to our Q&A article.
API Access by Application Type
- For Certified Partner Integrations, request limits are set based on your unique Client Application ID.
- For standard customer applications, limits are determined by your Tenant ID.
Request Buckets and Endpoint Groups
- Each API Tier has distinct “request buckets” that manage access to different groups of endpoints.
- For example, one bucket might cover /reports/* and /vitals/* endpoints, while another bucket covers all other general endpoints.
- Each bucket has two primary characteristics, which are visible in the API Usage Advanced tool:
- Steady Request Rate: The number of requests allowed per second at a steady rate.
-
Burst Capacity: Allows for short bursts above the steady rate, up to a set maximum.
How Rate Limiting Works
- When a request is made, the system checks the bucket request quota.
- If the quota is greater than zero, the request is processed immediately. If not, it is rate-limited, meaning further requests are temporarily paused until capacity is restored.
- Quotas refill automatically, enabling you to resume requests after a short wait if you reach the limit.
Understanding Rate Limit Headers in API Responses
In each API response, two headers provide information about your current rate limit status:
-
RateLimit-Limit: Shows the maximum requests allowed for your bucket, with the following details:
Example: 10;r=180;w=60;c=Example API Tier- 10: Maximum allowed requests (burst capacity)
- r=180: Refill rate per minute
- w=60: Time window (always 60 seconds)
- c=Example API Tier: Name of the API Tier
-
RateLimit-Remaining: Indicates how many requests remain in your quota for the current time window.
Example: 9;r=180;w=60;c=Example API Tier- 9: Remaining allowed requests
- r=180: Refill rate per minute
- w=60: Time window (60 seconds)
- c=Example API Tier: Name of the API Tier
Best Practices for Managing Your Requests
- Space Out Requests: To prevent bursts that exceed the maximum capacity, pace calls evenly throughout the minute.
- Monitor Usage: Check the headers explained above to keep track of how many requests you have left.
- Prioritize Critical Requests: Use your request quota strategically to ensure essential calls are processed without delay.
Comments
0 comments
Article is closed for comments.