Rate Limiting
The IonGuard API implements request limits to protect the system against excessive use and ensure availability for all clients.
Tiers
| Tier | Limit | Scope | Endpoints |
|---|---|---|---|
| api | 60 req/min | Per user (or IP if unauthenticated) | All authenticated endpoints |
| api-auth | 5 req/min | Per IP | Login, refresh, logout |
| api-driver | 300 req/min | Per IP | Hardware data ingestion endpoints |
Response headers
Every API response includes headers indicating the rate limiting state:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 57
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum request limit in the period |
X-RateLimit-Remaining | Requests remaining in the current period |
When the limit is exceeded
The API returns status 429 Too Many Requests:
HTTP/1.1 429 Too Many Requests
Retry-After: 34
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 0
{
"message": "Too Many Attempts."
}
| Header | Description |
|---|---|
Retry-After | Seconds until the limit is renewed |
Best practices
- Cache responses when possible — avoid fetching data that has not changed
- Respect
Retry-After— wait the indicated time before trying again - Use WebSocket for real-time data instead of frequent API polling
- Efficient pagination — request only the necessary data using the
limitparameter
Driver tier
The api-driver tier (300 req/min) is intended for hardware integrations that need to send data at high frequency (e.g., BLE signals from antennas). If your integration requires higher limits, contact the system administrator.