Skip to main content
Rate limiting helps ensure fair usage and protects against abuse while maintaining optimal API performance for all users.

How Rate Limiting Works

IP-Based Limits

Limits are applied per source IP address to prevent abuse from specific locations.

Token-Based Limits

Each API access token has its own rate limit allocation for fair resource distribution.

Endpoint-Specific Limits

Critical endpoints like license validation have additional protective limits.

Rate Limiting Factors

Rate limits are calculated based on:
The originating IP address of the request. This helps prevent abuse from specific sources while allowing legitimate distributed usage.
Each authenticated token has its own rate limit allocation, ensuring fair usage across different applications and users.
Critical endpoints such as License Key validation and activation have additional protective limits to maintain system integrity.

Rate Limit Exceeded Response

When you exceed the rate limit, the API responds with:
  • HTTP Response
  • JSON Response
HTTP/1.1 429 Too Many Requests
Content-Type: application/json
Retry-After: 60
The message may vary depending on the endpoint.

Handling 429 Too Many Requests

  1. Do Not Retry Immediately: Avoid sending repeated requests immediately after receiving a 429.
  2. Implement Exponential Backoff:
    • Wait for a short period (e.g., 1 second) before retrying.
    • If the request fails again, double the wait time (e.g., 2 seconds, then 4 seconds, etc.).
    • Continue this pattern up to a reasonable maximum delay.
  3. Review Your Request Patterns: Persistent 429 errors may indicate overly frequent calls. Optimize your integration to reduce unnecessary requests.

Best Practices

1

Implement Exponential Backoff

When you receive a 429 response, wait progressively longer between retries (e.g., 1s, 2s, 4s, 8s).
async function retryWithBackoff(apiCall, maxRetries = 3) {
  for (let i = 0; i < maxRetries; i++) {
    try {
      return await apiCall();
    } catch (error) {
      if (error.status === 429 && i < maxRetries - 1) {
        const delay = Math.pow(2, i) * 1000; // 1s, 2s, 4s
        await new Promise(resolve => setTimeout(resolve, delay));
        continue;
      }
      throw error;
    }
  }
}
2

Cache API Responses

Reduce API calls by caching responses when appropriate, especially for license validation results.
3

Use Batch Operations

Where available, use batch endpoints to reduce the total number of API calls required.
4

Monitor Rate Limit Headers

Check for rate limit headers in responses to proactively adjust your request frequency.
Avoid polling endpoints unnecessarily. Implement webhook handlers where possible to receive real-time updates instead of frequent polling.
By following these guidelines, you can ensure a smoother experience while using the Keymint API.
I