Increasement of limits
The limits have been increased from 1,000 requests to up to 1,500 requests per IP-address and hour. At the moment we do not see any problems with that. If there will be a suspicious behavior on the API with an unusual amount of requests, we may change the limit to deal with it.
How we handle exceedments
If the limit will be reached we will now return an HTTP status code 429 along with the header retry-after. In that you will find as value the amount of seconds you need to wait before making a new requests.
Until you are able to make new requests, we will hide the following headers.
- bt-api-limit-ratio
- bt-api-limit-used
- bt-api-limit-free
Enhanced protection against flooding
Although we have already a mechanism to detect and throttle flooding, we have adapted the value for the threshold. Also the way of taking effect has been changed to detect and fight against flooding attacks in a more efficient way. You should not be affected as long as you are within the limits and not constantly flooding the API.
Tags: