During the night and this morning I have seen some rate limit errors from the API with the message:
You must not exceed 1000 requests per 60 seconds
Am I right to think the 1000 is a typo? The actual limit doesn’t seem to have changed.
Ewa from FreeAgent Engineering here again — thanks a lot of your patience with this query; I’ll admit it got me digging deep behind the scenes to get an answer for you! You’re absolutely right in thinking there have been no recent changes to our API rate limits. The limits we have documented here are measured per user (which we define as a combination of the same ip/user/company subdomain), however in addition to these we do have an additional rate limit based on IP address which is capped on 1000 requests per minute. This is implemented mostly to protect our API from bad actors, however in very rare cases it might get triggered if several integration users make a high number of requests to our API from the same IP address, which — as unlikely as it might seem — is what happened in this case.
I hope this helps to clarify things a little, though please do let me know if there’s anything else you’d like to know regarding this.
Thank you for taking the time to investigate this! Evidently DoubleAgent had a lot to synchronise on those occasions
Now I know about the IP rate limit, I can update the system to spread the load if necessary.
Thanks again and best wishes,