1 minute read

To keep our API healthy and protect it from overuse, we set limits on the number of calls you can make per time interval. When developing your app, make sure to respect the API call limits.

Types of Limits

Our API has the following limits in place:

  • Application limit is set per one client application — or more accurately described, per client_id.
  • Company limit is determined globally for the entire company. Company here is either a subscriber or provider, so this limit is per SubscriberId or ProviderId.

Default Call Limits

These are our default throttling limit values:

  • Application limit: 300 requests/minute
  • Company limit: 600 requests/minute

SC call limits

Important: The default limits are subject to change at any time, without notice. All environments and endpoints have the same default limits.

Access Token Request Limit

For security reasons, you can send a POST request to only once in 5 seconds. The limit is set per user.

In case you exceed this limit, you will receive 503 status code and the following header:
Error-Message: Rejected by security reason: Login attempts limit exceed.

Remember that access_token that you receive in the response to this authentication request expires only in 600 seconds, so store the token value and use it until you need to refresh the access token.

Reaching Limits

When the limits are exceeded, our API returns 503 HTTP status code as well as the following response body:

  "Reason": "Request has been throttled. Your current Application limit is [300] per [1] minute"

The response body contains information on the number of calls you can make per time interval as well as the type of limit you have reached. The Retry-After header states the exact time when you can resend your request.