Measurabl’s Core API includes rate limiting, a mechanism that limits the number of API calls that can come from a consumer of the API within a specific timeframe. When a rate limit is exceeded (ie. too many requests in too short a timeframe), the user can expect to see an error in response denoting that the user has met the rate limit and must wait before making additional requests.
Measurabl has implemented rate limiting for all of its API Endpoints in accordance with the following table, observing a “5 minute” timeframe for requests. Different methods and endpoints may have differing rate limits applied.
|Request Type||Description||# of Requests||Timeframe|
|Unauthenticated||Unauthenticated requests are those that are not accompanied by a valid auth token||50||/5 mins|
|Authenticated POST/PATCH/DELETE Requests||For any endpoint not listed as HIGH FREQUENCY||25||/5 mins|
|Authenticated HIGH FREQUENCY POST/PATCH/DELETE Requests||For the following endpoints:
|Authenticated GET Requests||For any endpoint||500||/5 mins|
|Regenerating an Authentication Token||An auth token remains valid for 24 hours. In most cases, only one request will be needed per day||25||/5 mins|
How can a consumer see their rate limit status?
The rate limit details are returned in the response HTTP headers. A “429: Too Many Requests” will be received when the rate limit has been hit. Details pertaining to the rate limit are provided in the HTTP response headers, and will appear as follows:
'X-RateLimit-Limit' => 25 # the rate limit for the specific endpoint
'X-RateLimit-Remaining' => '0'
'X-RateLimit-Reset' => '2022-10-13T04:08:00.328125Z' # when the rate-limit for this endpoint is released
'Retry-After' => 60 # seconds
|X-RateLimit-Limit||The maximum number of requests that the consumer is permitted to make per 5 minutes.|
|X-RateLimit-Remaining||The number of requests remaining in the current rate limit window. Can be negative if over quota.|
|X-RateLimit-Reset||The time at which the current rate limit window resets in UTC epoch seconds.|
|Retry-After||How long the consumer should wait before making a follow-up request.|