Skip to main content
DocsAPIRate Limit

Rate Limit

Rate limits exist across PayNet's APIs to prevent spam, abuse, and service overload. Limits are applied to individual APIs on a per-route basis and globally.

It primarily acts as a way to reduce specific clients from generating too much traffic in the system. To ensure stability of the platform and a good user experience for everyone using it, there may be times where you encounter this feature. Usually it means that your solution is making too many requests in a certain amount of time, and that you should try and reduce the traffic you generate.

If you get an error similar to the one below, you've hit the rate limit and should throttled the request frequency before resuming testing activity.

HTTP/1.1 429 Too Many Requests
Date: Thu, 07 Apr 2022 14:12:16 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 40
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubDomains
strict-transport-security: max-age=31536000
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 6f835b74fd08756c-KUL

{
  "error": "Quota has been exceeded"
}
info

Some APIs having a specific rate limiting behavior on top of standard rate limits applied. You can read each API specification to learn more.

Common Mistakes and Mitigations

Some of the common mistakes that participant could have missed out that lead to such situation:

  • Performing a load test to their applications with PayNet API running in sandbox environment. We strongly discouraged this practice as the sandbox environment is not provisioned to operate in a production grade.
  • Scheduling a periodic batch to trigger bulk requests, usually for inquiry services for reporting and reconciliation purposes. We recommend participant to control the number of concurrent requests before sending the request to PayNet.
  • Having different teams building different applications, with each running their own set of testing. We recommend to setup different projects in the Developer Portal to avoid exhausting the common threshold set to respective project or application.