Rate Limiting

For authenticated requests, you can make up to 1,000 requests per hour and 10,000 per day by default. This limit is enforced by authorized application as well as IP address. The algorithm is implemented as a leaky bucket so there is no fixed reset time. If you exceed the maximum number of requests within the time period you will receive a 429/Too Many Requests response from the API call.

Do NOT perform concurrent requests by application or IP to the UltraCart system or you will also receive a 429/Too Many Requests response.

If you need an increase in you rate limit, please contact UltraCart support, but expect a thorough review of your integration and push back to make sure that your integration workflow is optimal before any increase is granted. For example if you are breaching the hourly rate limit, we are going to recommend that you spread the workload out over 24 hours. Make use of Webhooks to receive notifications of changes instead of wasting API calls polling the system. Only perform updates to objects when necessary. Cache the responses within your system locally and update that cache based upon a webhook notification.

Abuse Rate Limits

To protect the quality of service from UltraCart, additional rate limits may apply to some actions. For example, rapidly creating content, polling aggressively instead of using webhooks, making API calls with concurrency, or repeatedly requesting data that is computationally expensive may result in abuse rate limiting.

It is not intended for this rate limit to interfere with any legitimate use of the API. Your normal rate limits should be the only limit you target. Please contact UltraCart Support if your use is affected by this rate limit.