What Happens When You Hit Your Monthly API Requests Limit?
Have you ever hit your monthly API rate limit? If not, consider yourself lucky. It’s one of the biggest pains in using an API service. Your app users are all happy using the API and everything is going well until your app gets too popular, then all of a sudden you start getting throttled. Now you need to scramble to figure out what happened and how to fix it before things explode.
There are many reasons why your API might hit a roadblock. Like you may have guessed, one of them is not having enough. If you are relying on one of the free APIs out there instead of paying for access to premium APIs, odds are you are already experiencing delays, errors, or blocks—or have the potential to hit these restrictions.
If you are building applications that generate data or trigger actions on behalf of end-users, you should be aware of the API limits imposed by the APIs you are using. These limits can prevent your application from working properly or even cause it to break.
The purpose of this article is to make you aware of API rate limits and give general recommendations about how to handle them.
Here are some of the points we will focus on:
- What are API limits?
- How are they set?
- What are API Requests
- What happens to your application if you run out of API calls?
- 3 simple steps to overcome API rate limit issue
What are API Limits?
Let’s start by clearly defining what we mean by “API Limits”.
An API provider is an organization that provides access to an Application Programming Interface (API). An API is a set of routines, protocols, and tools for building software applications.
For example, apilayers’s CountryLayer API is used by thousands of developers to build applications that interact with demographic data. Your application will submit requests to the API provider’s servers asking for information or instructions about how to interact with other services that are part of the same ecosystem.
To ensure the proper functioning of the service, the provider will impose limits on how many requests can be made per minute or hour. This way they can manage load and provide optimal service for each request.
The API rate limit is the number of API calls or requests an application can make within a specified period. Aside from making concurrent API calls, aggressive polling and fast configuration updates can contribute to your application getting rate limited.
What are API requests?
API requests are methods that you can follow to request data from an API. It is used to send information that you want the API to process.
For example, you can use an API request to request your profile or user information from a server or application. You can also use it to send data that you want the API to process.
There are two types of API requests: GET and POST.
- GET request – This type of request is used to retrieve data from a server. When you type in a website URL into your browser and hit enter, you’re performing a GET request.
- A POST request –This type of request is used to send data to a server or application. When you submit a form on a website, the information from the form is sent as part of a POST request.
An API can receive or send information. When an API requests data from a server or application, it will receive a response. The API endpoint is the point at which the API connects to the web service. It allows the API to access data on a server represented by an HTTP query string. The request occurs when you add an API endpoint to a URL and call the server.
For each request, you receive a response with an HTTP status. That tells you if the action is a success. Unsuccessful requests made, whether for exceeding the rate limit or making too many requests during a short time, will receive the HTTP 429 Too Many Requests response status code.
How Are API Requests Accepted or Declined?
All API endpoints go through authentication. Authentication determines who the end-user is and calculates the number of requests made by the user.
An authorization token or key is the identifying credential for the end-user in the authentication mechanism. Basic authentication, using an email can also be used to determine who the end-user is.
Application permission uses the identifying credential to determine if a request should be accepted or declined.
The authentication token or key identified the end-user as the owner of the application. That is JSON Web Tokens (JWT) or opaque string tokens. Each API token generated is calculated separately, even if generated multiple times by the end-users of your application. New API requests will be unsuccessful if the API rate limit is exhausted.
How are API limits set?
API providers often set limits on the usage of their APIs to protect their infrastructure and other customers. These limits are often different for individual developers versus companies that are buying enterprise-level access to the API because larger companies can absorb more cost. The former might be allowed 100 calls per day while the latter might be allowed 10,000 calls per day depending on how much they pay for access.
For example, the apilayer just announced an increase in the monthly API (insert link) request to over 10, 000 for professionals and 50,000 for enterprise subscribers per month. This applies to their major APIs like the Vatlayer, countryLayer, finanacelayer, and many more.
There are different types of API rate limits imposed by API providers. The most common types of limits are:
- Requests per second: Limit on the number of requests that can be made per second.
- Requests per minute: Limit on the number of requests that can be made per minute.
- Requests per hour: Limit on the number of requests that can be made in one hour window.
- Requests per day: Limit on the number of requests that can be made in a 24 hours period.
- Requests per month: Limit on the number of requests that can be made in a 30 days period.
If you are exceeding any rate limits set by the API provider, you are most likely to experience slower response times, error messages, or even your account being temporarily disabled or permanently shut down by its owner.
The standard rate limit is based on a combination of several parameters:
Current usage: How many calls have been made in the last hour? In the last 24 hours? In the last week? In the last month?
Maximum amount: What’s the maximum number of calls allowed during any given period?
The standard rate limit is calculated by multiplying your current usage by your maximum amount. This creates a hard limit that allows you to exceed it if you’re operating at or below capacity but prevents you from going over what you’re allocated.
For example, if your current usage is 5 calls per second and your maximum amount is 10 calls per second, then your rate limit would be 50 calls per second. If you wanted to make more calls, you could upgrade to a higher plan with a higher call rate limit.
Why Do API Providers Use Limits?
Every API provider limits some part of their service. Limits are for your protection, but they can also be frustrating. Understanding the reasons behind these limits will help you avoid any surprises.
- Anti-abuse protection
One of the main reasons why API providers use limits is to be fair to everyone who uses their service. They have to be careful about how much bandwidth they allocate, just as any other company has to be careful about how much bandwidth they allocate for websites hosted on their servers.
- Limit Free Plan
Another reason why API Providers limit requests is that they are often free or have a free plan which includes limits. It’s not worth wasting resources on someone who isn’t willing to pay for the service, so they will limit usage until the user accepts the terms of service or upgrades to a paid account.
- Cost reduction
Limits also help protect themselves from getting hit with unexpectedly high bills from customers who use too many resources without expecting it. Some companies have been known to run up huge bills by using more bandwidth than they were supposed to – and then refusing to pay it back when the provider attempted to cut them off. By imposing limits, they can hopefully avoid this scenario altogether.
- Cryptographic Keys
Some APIs use keys to identify users of their services. If a key is limited, then it ensures there are no duplicate keys and only one user can access your service. An example of this type of key is a session cookie that tracks a user’s activity within a website.
What happens to your application or website if you run out of API calls?
On a typical application, when you run out of API calls, your application will stop working. This will happen to any application that runs on the web. Here are common things you will notice:
- A Status / Error Code
The first thing that happens when an API limit is reached is that your software will be served with a status/error code from the API provider.
- You will no longer be able to retrieve data. Instead, you will receive an HTTP code such as 403 (Forbidden) or 500 (Internal Server Error).
- If you try to access endpoints directly through IP or domain, they will return HTTP 503 (Service Unavailable) status code.
Until the API limit issue is resolved each time your software tries to call the API service it will be served with the same status code.
- Suspension of API services
Next, the API service will simply stop serving your application/website with API functions and data. When you log in to your API provider user dashboard you may notice that there is a message which states:
You have exceeded your monthly request limit.
Your current subscription plan does not allow any further API Requests for this period. To minimize service disruption, you might want to consider upgrading your Subscription Plan.
Screenshot of Control Panel – Dashboard from https://aviationstack.com/dashboard
You may see the same message again on the ‘API Usage’ page of the user Dashboard.
A screenshot is taken from https://aviationstack.com/usage
Three (3) Steps to Overcome API rate Limits
Running out of API calls shouldn’t be a major issue unless you are running on a limited plan. Some cases can cause serious problems for your application or website. It might even cause it to go offline indefinitely. If you are running thin on API calls, you might want to consider the following ways on how to prevent this from happening.
Once your usage exceeds the number of API calls, there are two options:
- Get your API rate limit status
If you are working with a paid plan, then you are probably already familiar with your API rate limit status. However, if you are working with a free account, then you will likely be encountering the API rate limit for the first time.
The APIs for many services return an HTTP header with the current rate limit status. If you are going to be doing a lot of requests, you should check this header on every request to make sure that you don’t exceed your rate limit.
Additionally, you can find your API rate limit status by going to the developer console, clicking on API Access, and then looking at the rate limits section.
Here, you’ll see your daily quota as well as the number of requests that have been made so far today.
- Buy more API calls
Now you know how to check your API limits, but what if you’ve already hit those limits? The next step is to buy more API from your service provider. The costs of the different plans vary and depend on several factors. However, you can always check the service provider’s official website for more information on how many you can purchase and its price.
- Get your app into an enterprise plan
If you want to build a scalable application, you need to design it from the beginning with growth in mind. Failing to plan for your API usage can cause you to hit rate limits.
To prevent this problem, it’s crucial to get your app access to higher-paying levels of an enterprise plan. An enterprise plan is where you pay for higher capacity upfront. The upside with this approach is that there is no risk that your app will run out of request tokens and be shut down because you’ve already paid for enough capacity.
If your app is on the enterprise program, you can buy additional capacity upfront. The program allows you to have a higher quota so you don’t have to worry about hitting the quota limit from other apps or large downloads. If it’s not in an enterprise program, you can switch it from a free program to an enterprise program.
When you hit your API rate limit, apps will stop working as normal. They’ll either stop displaying data or start asking for payments to access the information you really need. To help you avoid this situation, try to keep track of the number of times your app uses each API so it doesn’t happen by accident.
Even better, you should be proactive by subscribing to a plan that will have more than enough API request limits for your application so you’re not scrambling to fix it when the time comes.
You can take advantage of the new increase in the API limits of apilayers groups of apps like vatlayer api, finanacelayer api e.t.c. that gives data ranging from demographics to finance. The new increase in the business and enterprise API plan allows developers to avoid potential problems regarding API Limit request error.