Rate limits
REST API
When a rate limit is exceeded, a status of 429 Too Many Requests will be returned.
Public endpoints
We throttle public endpoints by IP: 10 requests per second, up to 15 requests per second in bursts. Some endpoints may have custom rate limits.
Private endpoints
We throttle private endpoints by profile ID: 15 requests per second, up to 30 requests per second in bursts. Some endpoints may have custom rate limits.
/fills endpoint has a custom rate limit of 10 requests per second, up to 20 requests per second in bursts.
FIX API
The FIX API throttles the number of incoming messages to 50 commands per second, up to 100 messages per second in bursts. A maximum of 7 connections can be established per profile.
How it works
Our ratelimiting uses a lazy-fill token bucket implementation. A TokenBucket stores a maximum amount of tokens which is the burst size and fills at a given rate called the refresh rate. The bucket will start full and as requests are received a token is removed for each request. Tokens are continuously added to the bucket at the refresh rate until full.
When a user sends a request, here's how TokenBucket calculates whether or not to rate limit the user:
- Fill the user's TokenBucket to a token size based on the following formula:
token_amount = min(burst, previous_token_amount + (current_time - previous_request_time) * refresh_rate) - Remove 1 token if possible, otherwise rate limit the request.
- Repeat Steps 1 and 2 for each subsequent request.
Example
Let's say you have a TokenBucket with burst = 3 and refresh_rate = 1. The table below represents the state of your token bucket after a series of requests
| Action | Time | Tokens | Notes |
|---|---|---|---|
| Initial State | 0.0 | 3.0 | New TokenBucket is initialized to max capacity (burst) |
| Request 1 | 0.5 | 2.0 | First fill the TokenBucket, then remove a token. Because we are at max capacity, just subtract 1 token from 3 |
| Request 2 | 0.8 | 1.3 | Fill the TokenBucket to 2.3 (min(3, (2 + (.8 - .5) * 1.0)) = min(3, 2.3) = 2.3), then subtract 1 |
| Request 3 | 0.9 | 0.4 | Fill the TokenBucket to 1.4 (min(3, (1.3 + (.9 - .8) * 1.0)) = min(3, 1.4) = 1.4), then subtract 1 |
| Request 4 | 1.0 | 0.5 | Fill the TokenBucket to 0.5 (min(3, (.4 + (1.0 - .9) * 1.0)) = min(3, 0.5) = 0.5). Ratelimit because we don't have enough tokens available |
| Request 5 | 1.4 | 0.9 | Fill the TokenBucket to 0.9 (min(3, (0.5 + (1.4 - 1.0) * 1.0)) = min(3, 0.9) = 0.9). Ratelimit because we don't have enough tokens available |
| Request 6 | 1.8 | 0.3 | Fill the TokenBucket to 1.3 (min(3, (0.9 + (1.8 - 1.4) * 1.0)) = min(3, 1.3) = 1.3), then remove 1 |
| Request 7 | 5.0 | 2.0 | Fill the TokenBucket to 3.0 (min(3, (0.3 + (5.0 - 1.8) * 1.0)) = min(3, 3.5) = 3) since we would "overflow" with our calculations. Then subtract 1 token |
Updated 22 days ago