Skip to content

Rate Limits

PlusAuth includes a number of safeguard layers against bursts of incoming traffic to help maximize its stability. Users who send many requests in quick succession may see error responses that show up as http status code 429 which is known as Too Many Requests.

Handling Rate Limits

A basic technique for integrations to gracefully handle limiting is to watch for 429 status codes and build in a retry mechanism. The retry mechanism should follow an exponential backoff schedule to reduce request volume when necessary. It is also recommended building some randomness into the backoff schedule to avoid a thundering herd effect.

Instead of optimizing individual requests, you can have more sophisticated approach which is controlling traffic to PlusAuth at a global level, and throttle it back if you detect substantial rate limiting. A common technique for controlling rate is to implement token bucket rate limiting algorithm on the client-side. There are many implementations for token bucket in almost any programming language.

Subscription Plan Rate Limits
Plan TypeLimit (requests/second)Burst (requests/minute)
Free 10 120
Basic 20 300
Pro 30 600
Enterprise 50 1200

Rate limits are completely configurable for on-premise deployments.