Rate Limits
API requests are rate limited to ensure fair usage and platform stability.
Limits by Plan
| Plan | Requests/minute | Requests/day |
|---|---|---|
| Sandbox | 100 | 10,000 |
| Starter | 500 | 50,000 |
| Growth | 2,000 | 200,000 |
| Enterprise | Custom | Custom |
Rate Limit Headers
Every response includes rate limit information:
X-RateLimit-Limit: 500
X-RateLimit-Remaining: 498
X-RateLimit-Reset: 1705312800| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per window |
X-RateLimit-Remaining | Remaining requests |
X-RateLimit-Reset | Unix timestamp when limit resets |
Rate Limit Response
When exceeded, you'll receive:
http
HTTP/1.1 429 Too Many Requests
Retry-After: 30json
{
"error": {
"code": "RATE_LIMITED",
"message": "Rate limit exceeded. Retry after 30 seconds."
}
}Best Practices
1. Monitor Headers
typescript
const response = await iof.contracts.list();
const remaining = response.headers["x-ratelimit-remaining"];
if (remaining < 10) {
console.warn("Approaching rate limit");
}2. Implement Backoff
typescript
async function withRetry(fn, maxRetries = 3) {
for (let i = 0; i < maxRetries; i++) {
try {
return await fn();
} catch (error) {
if (error.code === "RATE_LIMITED") {
const delay = Math.pow(2, i) * 1000;
await sleep(delay);
continue;
}
throw error;
}
}
}3. Use Batch Operations
Instead of individual requests:
typescript
// Inefficient
for (const id of contractIds) {
await iof.contracts.retrieve(id);
}
// Efficient
const contracts = await iof.contracts.list({
ids: contractIds,
});4. Cache Responses
typescript
const cache = new Map();
async function getContract(id) {
if (cache.has(id)) {
return cache.get(id);
}
const contract = await iof.contracts.retrieve(id);
cache.set(id, contract);
return contract;
}Endpoint-Specific Limits
Some endpoints have specific limits:
| Endpoint | Limit |
|---|---|
/v1/kyc/verify | 10/minute |
/v1/aml/screen | 50/minute |
/v1/reports/generate | 5/minute |
Increasing Limits
Contact sales for:
- Higher rate limits
- Dedicated infrastructure
- Custom SLA
Next Steps
- Errors Reference - Error handling
- Authentication - API access