Rate Limits

PlusAuth includes a number of safeguard layers against bursts of incoming traffic to help maximize its stability. Users who send many requests in quick succession may see error responses that show up as http status code 429 which is known as Too Many Requests.

Depending on your subscription you will have different limits.

Plan TypeLimit (requests/second)Burst (requests/minute)
These values are completely configurable for on-premise deployments.

Handling Rate Limits

A basic technique for integrations to gracefully handle limiting is to watch for 429 status codes and build in a retry mechanism. The retry mechanism should follow an exponential backoff schedule to reduce request volume when necessary. It is also recommended building some randomness into the backoff schedule to avoid a thundering herd effect.

Instead of optimizing individual requests, you can have more sophisticated approach which is controlling traffic to PlusAuth at a global level, and throttle it back if you detect substantial rate limiting. A common technique for controlling rate is to implement token bucket rate limiting algorithm on the client-side. There are many implementations for token bucket in almost any programming language.