API Rate Limiting



Ultimate's API management strategy employs an API gateway to manage quotas and rate limits for how many API calls an API client can make over a particular time period, normally 1 minute. If the rate of requests has been too high the server is not willing to accept this and will return to the API client an HTTP Status Code 429.

Receiving a status 429 from one of Ultimate's APIs is not an error, it is the server kindly asking you to please reduce the rate at which your client is making requests. The IETF explanation for HTTP Status Code 429 can be found here: https://tools.ietf.org/html/rfc6585#section-4

You should not seek to dodge this nor to circumvent server security settings by trying to spoof your IP. Applications must respect the server's answer by not sending too many requests.

We are considering implementing a "Retry-after" header in the future along with the 429 response. This header would specify the number of seconds an API client should wait before making another call. The proper way to deal with this would to read this header and to sleep your request process for that many seconds. If you desire you can put an optional check in your code now to check for this header and use the value if it's present.

Until a Retry-after header is implemented and in case you call an API that does not yet use it, a default looping delay value of 1 second should be used before resuming the subsequent calls to the API that returned a 429.

If you are concerned with making calls at 1 second intervals until the limit window resets resulting in a response other than 429, you may choose to use an exponentially increased delay.