Rate Limiting
How we safeguard the PayArk API and ensure high availability for all merchants.
Overview
To maintain stability and prevent abuse, PayArk enforces rate limits on all API endpoints. Limits are applied based on your **API Key**. If your application exceeds these limits, the API will return a 429 Too Many Requests response.
Sliding Window
We use a sliding window algorithm. Limits reset gradually as older requests exit the window.
Per-Merchant Limits
Limits are scoped to your Project. Multiple servers using the same backend key share the same limit.
Standard Limits
The following limits apply to all accounts by default during our public beta.
| Endpoint Group | Request Limit | Purpose |
|---|---|---|
| /v1/checkout | 20 requests / minute | Prevents duplicate payment creation. |
| /v1/callback/* | 30 requests / minute | Safeguards payment verification. |
| /v1/payments | 100 requests / minute | General API interaction. |
| Global Limit | 100 requests / minute | Overall account safety limit. |
Need higher limits for a high-volume launch? Contact support to discuss a custom plan.
Response Headers
Check the following HTTP headers in every API response to monitor your current usage.
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 98
X-RateLimit-Reset: 12 // Seconds until window resets
Handling 429 Errors
When you receive a 429 error, our SDK retries only when the Retry-After header is present and valid. If you are using our REST API directly, you should:
- Check the
Retry-Afterheader for the number of seconds to wait. - Wait the specified time before attempting the request again.
- Implement jittered exponential backoff to avoid "thundering herd" issues.