An Update on API Rate Limits

  • 3 minute read

TL;DR: We have updated version 2.0 of the API to allow up to 50 requests per second and to allow up to 40 concurrent uploads when using the chunked upload endpoint.

What are rate limits and why do we use them?

In simple terms, rate limits ensure that an API consumer can only make X calls per Y period of time. Rate limits can be enforced:

  • To prevent denial of service attacks which would make the API totally unavailable
  • To protect against sudden spikes of legitimate traffic from affecting API availability
  • To ensure that all consumers have equal access to API resources
  • To ensure that API resources are performant

For these reasons, Acquia has historically limited API calls to 10 requests per second.

The old way

Up until recently, the way we counted API calls towards rate limits had a few problems:

  • It prevented us from being able to scale our API to meet the demand of new and existing customers.
  • It provided low visibility into how our customers use the API.

The new and improved way

To alleviate these issues, we’ve been working on a better way to count API calls.

Our new approach has some pretty important benefits:

  • It more accurately counts API calls towards rate limits so that we can more consistently and correctly apply them.
  • It gives us greater flexibility moving forward to be able to scale our API capacity to handle the increasingly API-centric workflows of our customers.
  • It allows us to have better visibility into how our customers are using our API.

It also allows us to be more transparent when applying rate limits. All V2 API calls now return a few HTTP headers to allow consumers to better understand how their integrations are consuming rate limits.

Upon making an API call, the response will contain the following headers showing the applied rate limit and how many requests are remaining:

X-Ratelimit-Limit: 50/second
X-Ratelimit-Remaining: 49

If a call exceeds the rate limits, the response will also contain a header containing an ISO-8601 timestamp stating when the next successful call can be made:

X-Ratelimit-Reset: 2022-02-07T15:40:07.028Z

In addition, due to our more accurate counting and better metrics on customer use, we now enforce a rate limit of 50 requests per second. We were also able to increase the number of concurrent Asset chunks being uploaded from 10 to 40.