Have you ever hit your monthly API rate limit? If not, consider yourself lucky. It’s one of the biggest pains in using an API service. Your app users are all happy using the API and everything is going well until your app gets too popular. Then, all of a sudden, you start getting throttled. Now you need to scramble to figure out what happened and how to fix it before things explode.
If you are building applications that generate data or trigger actions on behalf of end-users, you should be aware of the limits on the APIs you are using. These limits can prevent your application from working properly or even cause it to break.
The purpose of this article is to make you aware of API rate limits and give you general recommendations about how to handle them.
Here are some of the points we will focus on:
- What are API limits?
- How are they set?
- What are API Requests
- What happens to your application if you run out of API calls?
- 3 simple steps to overcome API rate limit issue
Table of Contents
What are API Limits?
Let’s start by clearly defining what we mean by “API Limits”.
An API provider is an organization that provides access to an Application Programming Interface (API). An API is a set of routines, protocols, and tools for building software applications.
Your application submits requests to the API provider’s servers asking for information or instructions about how to interact with other services that are part of the same ecosystem.
To ensure the service functions properly, the provider imposes limits on how many requests you can make per minute or hour. This way they can manage load and provide optimal service for each request.
The API rate limit is the number of API calls or requests an application can make within a specified period. Aside from making concurrent API calls, aggressive polling and fast configuration updates can contribute to your application getting rate limited.
What are API requests?
API requests are methods that you follow to request data from an API. You use requests to send information that you want the API to process.
For example, you can use an API request to request your profile or user information from a server or application. You can also use it to send data that you want the API to process.
There are two types of API requests: GET and POST.
- GET request – This type of request retrieves data from a server. When you type in a website URL into your browser and hit enter, you’re performing a GET request.
- A POST request –This type of request sends data to a server or application. When you submit a form on a website, the information from the form is sent as part of a POST request.
An API can receive or send information. When an API requests data from a server or application, it receives a response. The API endpoint is the point where the API connects to the web service. It allows the API to access data on a server represented by an HTTP query string. The request occurs when you add an API endpoint to a URL and call the server.
For each request, you receive a response with an HTTP status. That tells you if the action is a success. Unsuccessful requests made, whether for exceeding the rate limit or making too many requests during a short time, receive the HTTP 429 Too Many Requests response status code.
How Are API Requests Accepted or Declined?
All API endpoints go through authentication. Authentication determines who the end-user is and calculates the number of requests made by the user.
An authorization token or key is the identifying credential for the end-user in the authentication mechanism. Basic authentication, using an email can also determine who the end-user is.
Application permission uses the identifying credential to determine if a request should be accepted or declined.
The authentication token or key identified the end-user as the owner of the application. That is JSON Web Tokens (JWT) or opaque string tokens. Each API token generated is calculated separately, even if generated multiple times by the end-users of your application. New API requests are unsuccessful if the API rate limit is exhausted.
Why Do API Providers Use Limits?
Every API provider limits some part of their service. Limits are for your protection, but they can also be frustrating. Understanding the reasons behind these limits will help you avoid any surprises.
- Anti-abuse protection
One of the main reasons why API providers use limits is to be fair to everyone who uses their service. They have to be careful about how much bandwidth they allocate, just as any other company has to be careful about how much bandwidth they allocate for websites hosted on their servers.
2. Cost reduction
Limits also help protect providers from unexpectedly high bills from customers who use too many resources without expecting it. Some companies run up huge bills by using more bandwidth than they were supposed to – and then refusing to pay it back when the provider attempted to cut them off. By imposing limits, they can hopefully avoid this scenario altogether.
3. Cryptographic Keys
Some APIs use keys to identify users of their services. If a key is limited, then it ensures there are no duplicate keys and only one user can access your service. An example of this type of key is a session cookie that tracks a user’s activity within a website.
What happens to your application or website if you run out of API calls?
On a typical application, when you run out of API calls, your application will stop working. This will happen to any application that runs on the web. Here are common things you will notice:
A Status / Error Code
The first thing that happens when an API limit is reached is that your software gets served a status/error code from the API provider.
- You can no longer retrieve data. Instead, you will receive an HTTP code such as 403 (Forbidden) or 500 (Internal Server Error).
- If you try to access endpoints directly through IP or domain, they return an HTTP 503 (Service Unavailable) status code.
Until you resolve the API limit issue, each time your software tries to call the API service it will be served with the same status code.
Suspension of API services
Next, the API service will simply stop serving your application/website with API functions and data. When you log in to your API provider user dashboard you may notice that there is a message which states:
You have exceeded your monthly request limit.
Your current subscription plan does not allow any further API Requests for this period. To minimize service disruption, you might want to consider upgrading your Subscription Plan.
Screenshot of Control Panel – Dashboard from https://aviationstack.com/dashboard
You may see the same message again on the ‘API Usage’ page of the user Dashboard.
A screenshot is taken from https://aviationstack.com/usage
3 Steps to Overcome API rate Limits
Running out of API calls can cause serious problems for your application or website. It might even cause it to go offline indefinitely. If you are running thin on API calls, you might want to consider the following ways to prevent this from happening.
Once your usage exceeds the number of API calls, there are two options:
Get your API rate limit status
If you are working with a paid plan, then you are probably already familiar with your API rate limit status. However, if you are working with a free account, then you are likely encountering the API rate limit for the first time.
The APIs for many services return an HTTP header with the current rate limit status. If you are going to be doing a lot of requests, you should check this header on every request to make sure that you don’t exceed your rate limit.
Additionally, you can find your API rate limit status by going to the developer console, clicking on API Access, and then looking at the rate limits section.
Here, you’ll see your daily quota as well as the number of requests that have been made so far today.
Buy more API calls
Now you know how to check your API limits, but what if you’ve already hit those limits? The next step is to buy more API calls from your service provider. The costs of the different plans vary and depend on several factors. However, you can always check the service provider’s official website for more information on how many you can purchase and how much it costs.
Get your app into an enterprise plan
If you want to build a scalable application, you need to design it from the beginning with growth in mind. Failing to plan for your API usage can cause you to hit rate limits.
To prevent this problem, it’s crucial to get your app access to higher-paying levels of an enterprise plan. An enterprise plan is where you pay for higher capacity upfront. The upside of this approach is that there is no risk that your app will run out of request tokens and be shut down because you’ve already paid for enough capacity.
If your app is on the enterprise program, you can buy additional capacity upfront. The program allows you to have a higher quota so you don’t have to worry about hitting the quota limit from other apps or large downloads. If it’s not in an enterprise program, you can switch it from a free program to an enterprise program.
When you hit your API rate limit, apps will stop working as normal. They’ll either stop displaying data or start asking for payments to access the information you really need. To help you avoid this situation, try to keep track of the number of times your app uses each API so it doesn’t happen by accident.
Even better, you should be proactive by subscribing to a plan that will have more than enough API request limits for your application so you’re not scrambling to fix it when the time comes. apilayer offers a vast portfolio of APIs which are more than affordable with great API calls limits depending on the subscription plan, suitable for any size of business.