Rate Limiting

Rate limits for the API and how to use them


New Changes Coming

We are actively working on API rate limiting changes, and will be updating API docs early 2024


Rate limits for the SmartBuildings API are currently on a per IP address basis.

In the future we will be having more fine-grained limits. Examples might be per client_credential or per route rate limits.

Reading Your Rate Limit

The response headers of each request made to the API will show the current maximum rate allowed, and the remaining limits.

The rate limit headers indicating maximum limit will be of the form x-ratelimit-limit-*, while the headers indicating remaining limit will be of the form x-ratelimit-remaining-*.

Example Response Header Showing Rate Limits

access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
connection: keep-alive
content-length: 1392
content-type: application/json; charset=utf-8
date: Fri, 20 Mar 2020 17:10:40 GMT
etag: W/"570-2/xkFsZz1d2qlzXb6OBswcSfNCs"
expires: 0
pragma: no-cache
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
via: kong/1.4.2, 1.1 vegur
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-kong-proxy-latency: 25
x-kong-upstream-latency: 27
x-ratelimit-limit-hour: 10000
x-ratelimit-limit-minute: 500
x-ratelimit-limit-second: 50
x-ratelimit-remaining-hour: 9997
x-ratelimit-remaining-minute: 499
x-ratelimit-remaining-second: 49
x-xss-protection: 1; mode=block

What’s Next

Learn about Tenant Mode in SmartBuildings...