Skip to main content

Understanding API Rate Limits

To ensure fair usage and system stability, the Entrupy API (and by extension, operations initiated by the SDK that call the API) enforces rate limits. Understanding these limits is important for building a resilient integration.

General Rate Limits

  • Default Limit: For most API routes that the SDK interacts with, the default rate limit is 100 requests per second per user.
  • Exceeding Limits: If your application exceeds this limit for a user, subsequent requests from that user might be temporarily blocked, and the SDK will typically receive an error (e.g., ErrorCodeTooManyRequests or an HTTP 429 status code).
  • Retry Mechanism: If you encounter a rate limit error, your application should implement a retry mechanism. A common practice is to wait for a short period (e.g., 1 second, or as indicated by a Retry-After header if provided) before retrying the request.

Specific Route Limits

Certain API routes have more stringent rate limits for security or operational reasons. One notable example is the user login process:

  • /login Endpoint (or equivalent SDK user authorization flow component):
    • This route typically allows a user to successfully log in (i.e., obtain a new authorization token) 5 times per minute, or 100 times per day.
    • These lower limits help prevent abuse of the authentication system.
    • Test Users: If you have automated scripts or unit tests that require frequent logins, Entrupy can configure specific test user accounts with higher login rate limits. When you sign up for the Entrupy SDK, you will typically be provided with a test user that has such higher limits.

Best Practices

  • Efficient API Usage: Design your integration to use API calls efficiently. Avoid unnecessary or repetitive requests.
  • Caching: Cache data that doesn't change frequently to reduce the number of API calls.
  • Webhooks: Use Webhooks for receiving real-time updates on authentication statuses instead of polling the API.
  • Graceful Error Handling: Implement robust error handling in your application to manage rate limit errors gracefully. This includes informing the user if an action cannot be completed immediately and retrying operations with appropriate backoff strategies.
  • Monitor Usage: Be mindful of your application's API usage patterns, especially under load.
note

Rate limits are subject to change. Always refer to the latest Entrupy API documentation for the most current information on rate limits and usage policies.

If you anticipate needing higher rate limits for your production application due to high legitimate user volume, please contact Entrupy support to discuss your requirements.