Rest operations

Rate limiting

The API implements a rate limiting system for all authenticated calls. The purpose of this functionality is to protect servers from abuse and to provide a clear expectation of the level of service that the API commits to fulfil.


Rate limits are defined across categories of API calls as described in the following table.

Category API Calls Maximum allowed requests per second Maximum allowed requests per hour
Account calls
GET time
GET accounts
GET accounts/:id/positions
GET accounts/:id/balances
GET accounts/:id/executions
GET accounts/:id/orders
GET symbols/:id
GET symbols/:id/options
Market Data calls GET markets
GET markets/quotes/:id
GET markets/candles/:id
20 15000
Order calls POST accounts/:id/orders[/:orderId]
POST accounts/:id/orders[:/orderId]/impact
DELETE accounts/:id/orders/:orderId
10 500

Rate limit headers

The API communicates rate limit information in the headers of responses to all calls that are limited.

Specifically, the following headers are provided:

  • X-RateLimit-Remaining – number of requests allowed against a the current limit
  • X-RateLimit-Reset – time when the current limit will expire (Unix timestamp)

Sample rate limit headers

HTTP/1.1 200 OK
Content-Length: 123
Content-Type: application/json; charset=utf-8
Date: Fri, 18 Aug 2014 22:17:16 GMT
X-RateLimit-Remaining: 100
X-RateLimit-Reset: 1300286940

Exceeding limits

If one exceeds the above rate limits, then the API server will respond with a rate limit error message with the HTTP status code 429 (Too Many Requests) and the same rate limit headers one would receive in a normal response to limited call.