Rate Limits

Orum utilizes a Token Bucket Algorithm for applying rate limiting to our endpoints. The token bucket algorithm is based on the construct of a bucket that has a fixed capacity in which tokens are added at a fixed rate. The tokens in the bucket can then be used to make a single request to the api.

The Average value indicates the rate at which the bucket will refill.
The Burst value indicates the size of the bucket.

When the bucket is empty, the response code will be a 429 indicating that you are being rate limited and need to adjust the number of requests accordingly.

The response body will also indicate the following:

{ "error_code": "too_many_requests", "message": "Too Many Requests" }

With headers X-Retry-In and Retry-After also being set to the appropriate values.

X-Retry-In is a text value indicating down to the millisecond the approximate time to retry after.
Retry-After indicates how long to wait in seconds before making a new request.

Orum also utilizes a Web Application Firewall (WAF) solution to ensure that our endpoints are protected from malicious traffic. If your traffic suddenly has a spike in unauthenticated requests or other types of request that would indicate bad traffic, you may be blocked for up to 10 minutes if rate limits are hit in a continued manner.