📊 API Limitations

The API uses a dynamic throttle which ensures everyone can enjoy the service and no one takes over by making many requests which will slow down responses to other users. Best practices suggest that you should always throttle any requests to API services.

When you request has been throttled you will receive a message like this:

409: "You must wait before accessing this url again."
The HTTP status you will get back is 409 Conflict.

HTTP/1.1 409 You must wait before accessing this url again.
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Retry-After: 1
Date: Wed, 21 May 2014 01:54:48 GMT
Content-Length: 0
📘

Why 409?

409 is technically the HTTP status code for "Conflict" but, for legacy reasons when interacting with other systems when the Nexudus API was built, we use the 409 status code instead of the more conventional 429.

Handling limits in code

Consider the following JavaScript code that takes advantage of the "Retry-After" response header to repeat an API request.

const getRequest = (url) => {
 $.ajax(url)
  .success((data) => {
      handleContentData(data);
 })
 .error((xhr, textStatus, errorThrown) => {
   if (xhr.status == 409) {
      var delay = request.getResponseHeader('Retry-After');
         if (delay) {
              //re-try again in "delay" seconds
              setTimeout(() => getRequest(url), delay * 1000);
          }
      } else {
          //handle other errors...
      }
  });
}

API Throttling Limits

You can use these limits as a general rule but keep always in mind the status code of the API responses rather than hard-coding these times in your code.

EndpointHTTP Method(s)LimitNotes
*POST, PUT, DELETE60 requests per minuteBase limit for modifying endpoints
*POST, PUT, DELETE5000 requests per dayDaily limit for modifying endpoints
*ALL1 req/100msBase general limit
*ALL120 requests per minuteGeneral minute limit
*ALL5000 requests per hourGeneral hourly limit
*ALL200,000 requests per dayGeneral daily limit
api/spaces/checkinPOST, PUT, DELETE60 req/minNot subject to daily 5000 limit
api/publicALLExcluded from 100ms and minute/hour/day limits
api/authALLExcluded from 100ms and minute/hour/day limits
api/spaces/usersALLExcluded from 100ms limit
api/sys/users/validateALLExcluded from 100ms and minute/hour/day limits
api/sys/users/validatetokenALLExcluded from 100ms and minute/hour/day limits
api/sys/users/tokenALLExcluded from 100ms and minute/hour/day limits
api/businessALLExcluded from 100ms and other thresholds
api/Spaces/CoworkerPricePlanHistoriesALL1 request per 10 seconds
api/Sys/AuditTrailEntriesALL1 req/10s & 1 req/min
api/sys/users/requestPasswordResetALL10 requests per minute
api/sys/users/resetPasswordALL10 requests per minute
api/spaces/bookingsALL10 requests per minute
api/billing/proposals/runcommandALL10 requests per minute
api/billing/coworkercontracts/runcommandALL10 requests per minute
api/billing/coworkerinvoices/runcommandALL10 requests per minute
api/nexpos/validatepinALL60 requests per minute
api/public/checkinALL60 requests per minute
*/bigquery/pushallALL1 request per 12 minutes
api/integrations/openaiALL12 requests per minute
api/sys/users/sendmagiclinkALL12 requests per minute
api/sys/users/resetpasswordALL12 requests per minuteSeparate from the 10 req/min setting