Rate Limiting
SeniorSign limits API call usage to maintain a high level of availability and provide superior quality of service. Rate limiting is an essential technique for preventing resource abuse by regulating traffic flow to our APIs, ensuring services remain responsive and protected against DDoS attacks. Rate limiting prevents exhaustion of API resource which may be caused by malicious or unintentional design within client application. All applications must follow this policy. Non-compliance can result in errors. Repeated non-compliance may result in further investigation against your application and disabling until resolved.
Daily Quota Limit
In your sandbox environment, your application is allowed to make up to 10,000 calls in a 24 hour period.
If you exceed 10,000 calls in a 24 hour period, all additional API calls fail. The daily limit resets every 24 hours.
To identify the time of reset, use the API header response X-Quota-Time-To-Reset.
In your production environment, your application is allowed to make up to 50,000 calls in a 24 hour period.
If you exceed 50,000 calls in a 24 hour period, all additional API calls fail. The daily limit resets every 24 hours.
To identify the time of reset, use the API header response X-Quota-Time-To-Reset.
If you exceed your daily limit, a Spike Arrest API error message appears. For example, HTTP Status Code 429 with the title Too Many Requests.
When you receive this message, action MUST be taken to discontinue API calls until your Quota Reset Time.
Minute Quota Limit
Currently Sandbox only.
The minute quota limit is calculated based on your daily quota and the quota limit information will be provided in the header information below.
The per minute rate limit calculation is based on the below formula:
Max (App daily quota * 3 / 4 / 60, 100)
Example:
An app has a daily quota of 10,000 calls/day. The above formula will result in a 125 call/minute quota.
An app has a daily quota of < 8,000. The above formula will result in a 100 call/minute quota.
This formula was derived from observed API traffic patterns showing that traffic peaks 3 times per day, allowing for distribution across 4 quarters of the day, and then division by 60 minute increments, while setting a minimum limit of 100 calls/minute.
If an application exceeds the minute quota limit SeniorSign API server will respond with HTTP 429 response code. The application should use an exponential back-off strategy when making multiple api calls with in a calendar minute window to avoid 429 response. The header information will enable the applications to implement an exponential back-off algorithm. The minute quota will reset at the start of a calendar minute.
Managing Quota
To help you manage your API call quota, the following parameters are returned in each API call response as a header:
| Parameters | Description |
|---|---|
X-Quota-Limit | The daily API quota allocated to your app. For sandbox apps, this number is 10,000 calls/day. For production apps, this is 50,000 calls/day. |
X-Quota-Remaining | The remaining quota available to your app after the latest API call. |
X-Quota-Time-To-Reset | The Epoch time when the Quota is reset. Quota is reset every 24 hours. |
X-Quota-Minute-limit | The total number of allowed calls to your app with in a minute rolling window. |
X-Quota-Minute-Remaining | The number of remaining calls which can be successfully with in a minute rolling window |
X-Quota-Minute-Rest | The Epoch time when the Quota is reset. Quota is reset every 1 minute. |
Spike Arrest
SeniorSign has a Spike Arrest policy to prevent unwanted traffic. Requests originating from the same IP addresses are restricted to 50 calls/second in sandbox and production environments.
To avoid a receiving a Spike Arrest error, you must introduce at least a 20ms delay between successive API calls originating from your application.
Please reach out to your Partnership Manager and we will assess the requests on a case-by-case basis.