Rate limiting

The IBANfox API employs a number of safeguards against bursts of incoming traffic to help maximise its stability. Clients which send many requests in quick succession may see error responses that show up as status code 429.

Rate limits

Rate limiting restricts the number of requests accepted by the API within any given second. Rate limiting varies between free accounts and paid accounts. Current limits are:

  • For free accounts: 1 requests per second
  • For paid accounts: 10 requests per second

Response headers

The following response headers are returned by the IBANfox API to tell you what rate limits apply to your account, and how much of the limit has been exhausted:

  • X-Ratelimit-Limit:nn – the per-second rate limit on the account
  • X-Ratelimit-Remaining:mm – how many per-second requests remain available

Handling limiting on the client side

A basic technique for integrations to gracefully handle limiting is to watch for 429 status codes and build-in a retry mechanism. The retry mechanism should follow an exponential backoff schedule to reduce request volume when necessary.