Rate Limits

Every day increasing numbers of developers make requests to the Regulatory Intelligence API. To help manage the sheer volume of these requests, limits are placed on the number of requests that can be made.

These limits help us provide the reliable and scalable API that our developer community relies on. 

Rate limits and authentication method

Rate limits are at the client level and are set at a base rate of 240 requests per minute. 

OAuth 2.0 Bearer Token: App rate limit

This authentication method and rate limit allows you to make a certain number of requests to endpoints on behalf of your RI API application. When using this authentication method, rate limits are determined by the number of requests you make using a Bearer Token.

The base rate limit of 240 requests minute interval, allows you to make 240 requests per window on behalf of your application when you use your Bearer Token.

Recovering from a rate limit

When these rate limits are exceeded, a 429 'Too many requests' error is returned from the endpoint.  

Ideally, the client-side is self-aware of existing rate limits and can pause requests until the currently exceeded window expires. If you exceed a 1-minute limit, then waiting a minute or two before retrying makes sense.

Tips to avoid being rate limited

The tips below are there to help you code defensively and reduce the possibility of being rate limited. 

Caching

Store API responses in your application or on your site (where permissible) if you expect a lot of use. For example, don’t try to call the Regulatory Intelligence API on every page load of your website landing page or application dashboard. Instead, call the API infrequently and load the response into a local cache. When users hit your website or application, load the cached version of the results.