Rate Limits
HCSS enforces the following rate limits to ensure API stability and prevent against denial of service attacks. Learn how to implement retry logic to handle rate limits gracefully.
Rate limiting is crucial to prevent abuse, misuse, or overload of the system, regulate traffic flow, provide a stable system, and improve security. If rate limiting is not imposed, compromised credentials can be exploited by attackers to execute automated attacks against your company at scale.
| Rate Limit Policy |
|---|
| 100 requests / minute |
| 20 concurrent requests |
The API will respond with a 429 code if either of these limits are exceeded. Metadata related to rate limits is available in the following response headers:
| Header | Description |
|---|---|
| Retry-After | Recommended time to wait (in seconds) before retrying |
| Remaining-Calls | The number of calls remaining in the next minute interval |
Implementing Retry Logic
To avoid hitting rate limits and ensure robust API integration, implement retry logic with appropriate wait intervals between requests. When you receive a 429 response, use theRetry-After header value to determine how long to wait before retrying your request. For repeated failures, gradually increase your wait time between retries, and check the Remaining-Calls header to see how many requests you have left. This helps keep your API calls smooth and within the limits.Rate limits are applied at the company level. If two clients exist, a single rate limit is applied to both.
Contact us if you need assistance with rate limits