The API uses a dynamic throttle which ensures everyone can enjoy the service and no one takes over by making many requests which will slow down responses to other users. Best practices suggest that you should always throttle any requests to API services.
When you request has been throttled you will receive a message like this:
409: "You must wait before accessing this url again."
The HTTP status you will get back is 409 Conflict.
HTTP/1.1 409 You must wait before accessing this url again.
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Retry-After: 1
Date: Wed, 21 May 2014 01:54:48 GMT
Content-Length: 0
Why 409?409 is technically the HTTP status code for "Conflict" but, for legacy reasons when interacting with other systems when the Nexudus API was built, we use the 409 status code instead of the more conventional 429.
Handling limits in code
Consider the following JavaScript code that takes advantage of the "Retry-After" response header to repeat an API request.
const getRequest = (url) => {
$.ajax(url)
.success((data) => {
handleContentData(data);
})
.error((xhr, textStatus, errorThrown) => {
if (xhr.status == 409) {
var delay = request.getResponseHeader('Retry-After');
if (delay) {
//re-try again in "delay" seconds
setTimeout(() => getRequest(url), delay * 1000);
}
} else {
//handle other errors...
}
});
}
API Throttling Limits
You can use these limits as a general rule but keep always in mind the status code of the API responses rather than hard-coding these times in your code.
Endpoint | HTTP Method(s) | Limit | Notes |
---|---|---|---|
* | POST, PUT, DELETE | 60 requests per minute | Base limit for modifying endpoints |
* | POST, PUT, DELETE | 5000 requests per day | Daily limit for modifying endpoints |
* | ALL | 1 req/100ms | Base general limit |
* | ALL | 120 requests per minute | General minute limit |
* | ALL | 5000 requests per hour | General hourly limit |
* | ALL | 200,000 requests per day | General daily limit |
api/spaces/checkin | POST, PUT, DELETE | 60 req/min | Not subject to daily 5000 limit |
api/public | ALL | — | Excluded from 100ms and minute/hour/day limits |
api/auth | ALL | — | Excluded from 100ms and minute/hour/day limits |
api/spaces/users | ALL | — | Excluded from 100ms limit |
api/sys/users/validate | ALL | — | Excluded from 100ms and minute/hour/day limits |
api/sys/users/validatetoken | ALL | — | Excluded from 100ms and minute/hour/day limits |
api/sys/users/token | ALL | — | Excluded from 100ms and minute/hour/day limits |
api/business | ALL | — | Excluded from 100ms and other thresholds |
api/Spaces/CoworkerPricePlanHistories | ALL | 1 request per 10 seconds | |
api/Sys/AuditTrailEntries | ALL | 1 req/10s & 1 req/min | |
api/sys/users/requestPasswordReset | ALL | 10 requests per minute | |
api/sys/users/resetPassword | ALL | 10 requests per minute | |
api/spaces/bookings | ALL | 10 requests per minute | |
api/billing/proposals/runcommand | ALL | 10 requests per minute | |
api/billing/coworkercontracts/runcommand | ALL | 10 requests per minute | |
api/billing/coworkerinvoices/runcommand | ALL | 10 requests per minute | |
api/nexpos/validatepin | ALL | 60 requests per minute | |
api/public/checkin | ALL | 60 requests per minute | |
*/bigquery/pushall | ALL | 1 request per 12 minutes | |
api/integrations/openai | ALL | 12 requests per minute | |
api/sys/users/sendmagiclink | ALL | 12 requests per minute | |
api/sys/users/resetpassword | ALL | 12 requests per minute | Separate from the 10 req/min setting |