Postscript DevelopersRate Limiting
Requests are rate limited per API key using a sliding window algorithm.
Tiers
| Tier | Requests / minute | Use Case |
|---|---|---|
standard | 700 | Default for all keys |
high_volume | 1,400 | High-traffic merchants |
partner | 3,500 | Integration partners |
Contact support to upgrade your tier.
Response Headers
Every response includes rate limit headers:
RateLimit-Limit: 700
RateLimit-Remaining: 699
RateLimit-Reset: 45
| Header | Description |
|---|---|
RateLimit-Limit | Maximum requests allowed in the window |
RateLimit-Remaining | Requests remaining in the current window |
RateLimit-Reset | Seconds until the window resets |
429 Too Many Requests
When the limit is exceeded, the API returns HTTP 429 with a Retry-After header:
HTTP/1.1 429 Too Many Requests
Retry-After: 45
Content-Type: application/json
{
"error": {
"code": "rate_limit_exceeded",
"message": "Rate limit exceeded. Please retry later.",
"request_id": "550e8400-e29b-41d4-a716-446655440000"
}
}Best Practices
- Use bulk endpoints —
POST /v1/events/bulkaccepts up to 1,000 events per request, counting as a single rate limit hit. - Respect
Retry-After— Wait the indicated number of seconds before retrying. - Use exponential backoff — For automated retries, increase the delay between attempts.
- Use idempotency keys — Retried requests with the same
idempotency_keywon't create duplicates.