429 Too Many Requests response.
How the limit works
The limit uses a token bucket model. This means that each accepted request consumes capacity, and once maximum capacity is reached, the request gets rejected with a429 Too Many Requests error. Over time, the bucket capacity refills automatically.
When you hit the limit
- You receive a
429 Too Many Requests, which includes retry guidance in the error message.
It does not currently set a separate
Retry-After response header.- Implement a conservative backoff when you receive the
429error rather than retrying aggressively.
Important note
The limit is applied per merchant account and endpoint. Therefore, when an endpoint is rate-limited, other endpoints will keep returning responses until they hit their limit.Stay within limits
To stay within the limit, listen for webhooks instead of polling. For example, you can listen forpayment.succeeded and payment.failed events instead of calling the verify payments endpoint to get the final status of a transaction.
