Tracking Server API Rate Limits

API Rate Limiting

Due to increased use and its effect on some of the tracking servers, rate limiting is being enabled on all the tracking servers (Secure and Super Nodes). The intent is to spread out the API calls as there have been large spikes causing increased memory and CPU usage.  The limits will be adjusted based on usage patterns and feedback from the community over time.


The rate limiting predominantly affects hosting providers, monitoring applications, aggregators, etc. No effect is anticipated for applications such as wallets.

General Guidelines

Static Data

  • Much of the data, such as payments, does not change often. There is very little need to constantly make calls to update this data. Please review your application data needs and adjust how often API calls are made where possible.

API vs. ‘/grid’

  • The tracking server web pages retrieve server data using the ‘/grid’ path and were never meant to be used for API calls for third party applications.  Please refrain from using ‘/grid. NOTE: rate limiting also applies to ‘/grid’ and will be more restrictive.

Initial Rates

  • The target for API calls is maximum of one call per second. The initial rates allow for bursting over short periods, but the maximum within the period will apply. For example: a path may allow a maximum of 30 calls in 30 seconds. If 30 calls are made in 10 seconds, the requester will have to wait 20 seconds for a reset of the count.

Rates by Path

  • some API paths will allow for higher or lower rates. Those rates will be published in the API guide on the tracking servers.

Headers

  • rate limiting data is available in the response headers for your application to consume if needed. The following http headers can be used to determine Rate Limiting budgets:

HTTP/1.1 429 Too Many Requests

X-RateLimit-Limit: 30
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1575391883

Retry-After: 60

 

Exceeding the Limit

  • when the limit is exceeded, a JSON object is returned which includes the status code of 429, information about the limits (max/secondes) and how long it will be until the count resets. Example: {"status":429,"error":"rate limit","message":"Too many requests. Limit to max 30 per 30 seconds. Try again in 12 seconds."}

Target Servers

  • each of the tracking servers are capable of returning API calls.  The tracking server infrastructure cannot be configured to round robin incoming calls to servers without some extensive changes.  For now, it would be beneficial if your applications could point to a specific server or randomly select a server rather than use the URL without a number. E.g securenodes3.na.zensystem.io instead of securenodes.na.zensystem.io.


NOTE: If the API does not supply data needed for a specific purpose, let the team know. The request will be reviewed and incorporated into the next server build if possible.