Usage Rate Limit

• Overview
• Rate Limiting Strategy
  • 3rd-party Identifier
  • API Request Method
  • API Resource Path
  • Example Rate Limits
• What Happens When Rate Limits Are Exceeded?
  • Response Status Code
  • Headers
  • Payload

Overview

To ensure the stability and performance of the Conecto API, we have implemented rate limiting to protect our services from unexpected third-party API usage behavior. This documentation outlines the rate-limiting strategy for Conecto API public endpoints, detailing the applied limits, preferred algorithms, and the response structure when limits are exceeded.

Rate Limiting Strategy

The rate limiting is applied based on the following criteria:

3rd-party Identifier

• Authorization by header x-access-key: <CONECTO-CLIENT-ID>
• Authorization by Authorization: Bearer <JWT-TOKEN>, which decodes the JWT token and resolves a Conecto Client ID from the database.

API Request Method

• Applicable for methods such as GET, POST, PATCH, etc.

API Resource Path

• Specific paths like /pos/v2/lookup/tickets, /pos/v2/{locationId}/taxes

Example Rate Limits

• Online Ordering Order V1/V2 endpoints: 500 requests per resource per hour
• All POS Checks related endpoints (/pos/v2/{locationId}/checks): 500 requests per hour
• POST /pos/v2/lookup/tickets: 500 requests per hour
• For all other API endpoints: 100 requests per 60-minute window

What Happens When Rate Limits Are Exceeded?

When the rate limit is exceeded, the API response will be:

Response Status Code

• 429 - Too Many Requests

Headers

• X-RateLimit-Limit: indicating the rate limit
• X-RateLimit-Remaining: showing the remaining requests within the window
• Retry-After: indicating the time to wait before retrying

Payload

{
    "status": 429,
    "timestamp": "2023-11-22T10:34:39.646Z",
    "message": "Too Many Requests, exceeded your X requests per Y limit.",
    "details": []
}