Rate Limiting in API v2
Pennylane API relies on rate limits to ensure stability and reliability. Rate limiting is enabled on both production and sandbox environments and all endpoints are affected.
The rate limiting is applied at the token level. If you have an OAuth app, it will be applied on each generated token from your OAuth app. If you have a developer token, it will be applied directly on your token.
You are allowed to make up to 25 requests every 5 seconds. If you go over this limit, you will receive a 429 HTTP Error
Rate limit exceeded. Please retry in X seconds.Rate Limit Response Headers
When you receive a 429 error, the response includes the following headers to help you handle rate limiting:
Header | Description |
|---|---|
| Seconds to wait before retrying |
| Maximum requests allowed per window |
| Requests remaining in current window |
| Unix timestamp indicating when the rate limit will reset. |
Example Response
HTTP/2 429 Too Many Requests
retry-after: 2
ratelimit-limit: 25
ratelimit-remaining: 0
ratelimit-reset: 1770379510
Rate limit exceeded. Please retry in 2 seconds.Rate Limit Headers on Non Rate-Limited Requests
All API requests that are not rate-limited return rate limit headers. This allows you to monitor your usage proactively and avoid hitting rate limits.
Non rate-limited requests include these headers:
| Header | Description |
|---|---|
ratelimit-limit | Maximum requests allowed per window |
ratelimit-remaining | Requests remaining in current window |
ratelimit-reset | Unix timestamp indicating when the rate limit will reset |
Note: The retry-after header is only included in 429 responses.
Example Response
HTTP/2 200 OK
ratelimit-limit: 25
ratelimit-remaining: 23
ratelimit-reset: 1770379510
{
"id": 123456,
"label": "Journal entry",
...
}Use these headers to monitor your API usage and implement appropriate rate limiting strategies in your application.
Updated about 16 hours ago