API limits documentation

Last update: Jun 15th, 2016

Summary

1. How does it work?
2. Headers information
3. Exceeding requests quota

1. How does it work?

In order to avoid an unreasonable number of requests from one merchant, some PayU APIs are protected by a quota-system that allows only a certain number of requests during a period of 60 seconds.

The APIs that are protected by this system will send additional response headers, so the consumer application knows how many requests it has left.

If the merchant exceeds his quota, he will have to wait before making anymore requests to that API.

2. Protected APIs

• Automatic Live Update v1
• Automatic Live Update v2
• Automatic Live Update v3
• Instant Delivery Notification
• Instant Reverse/Refund Notification
• Instant Order Status
• Token Payments V2

3. Headers information

The following headers are sent:

Header	Description
X-Rate-Limit-Limit	Number of allowed requests for a period of 60 seconds.
X-Rate-Limit-Reset	How much time remains, in seconds, until the end of the current period of 60 seconds.
X-Rate-Limit-Remaining	Requests available until the end of current period of 60 seconds.

4. Exceeding requests quota

When client exceeds requests quota, server will return response code 429 (Too Many Requests).