Skip to main content

Rate Limiting

The IonGuard API implements request limits to protect the system against excessive use and ensure availability for all clients.

Tiers

TierLimitScopeEndpoints
api60 req/minPer user (or IP if unauthenticated)All authenticated endpoints
api-auth5 req/minPer IPLogin, refresh, logout
api-driver300 req/minPer IPHardware data ingestion endpoints

Response headers

Every API response includes headers indicating the rate limiting state:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 57
HeaderDescription
X-RateLimit-LimitMaximum request limit in the period
X-RateLimit-RemainingRequests remaining in the current period

When the limit is exceeded

The API returns status 429 Too Many Requests:

HTTP/1.1 429 Too Many Requests
Retry-After: 34
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 0

{
"message": "Too Many Attempts."
}
HeaderDescription
Retry-AfterSeconds until the limit is renewed

Best practices

  • Cache responses when possible — avoid fetching data that has not changed
  • Respect Retry-After — wait the indicated time before trying again
  • Use WebSocket for real-time data instead of frequent API polling
  • Efficient pagination — request only the necessary data using the limit parameter

Driver tier

The api-driver tier (300 req/min) is intended for hardware integrations that need to send data at high frequency (e.g., BLE signals from antennas). If your integration requires higher limits, contact the system administrator.