Throttling
To keep our API healthy and protect it from overuse, we set limits on the number of calls you can make per time interval. When developing your app, make sure to respect the API call limits.
Types of Limits
Our API has the following limits in place:
- Application limit is set per one client application — or more accurately described, per
client_id
. - Company limit is determined globally for the entire company. Company here is either a subscriber or a provider, so this limit is per
SubscriberId
orProviderId
.
Default Call Limits
These are our default throttling limit values for the Production environment:
- Application limit: 300 requests/minute
- Company limit: 600 requests/minute
These are our default throttling limit values for the Sandbox2 environment:
- Application limit: 40 requests/minute
- Company limit: 80 requests/minute
Important: The default limits are subject to change at any time, without notice.
Access Token Request Limit
For security reasons, you can send a POST request to https://login.servicechannel.com/oauth/token
only once in 5 seconds. The limit is set per user.
In case you exceed this limit, you will receive 429
status code and the following header:
Error-Message: Rejected by security reason: Login attempts limit exceed.
Remember that access_token
that you receive in the response to this authentication request expires in 600 seconds, so store the token value, and use it until you need to refresh your access token.
Reaching Limits
When the limits are exceeded on the Production environment, our API returns the following response body:
{
"Reason": "Request has been throttled. Your current Application limit is [300] per [1] minute"
}
When the limits are exceeded on the Sandbox2 environment, our API returns the following response body:
{
"Reason": "Request has been throttled. Your current Application limit is [40] per [1] minute"
}
The response body contains information on the number of calls you can make per time interval as well as the type of limit you have reached. The Retry-After
header states the exact time when you can resend your request.