Skip to main content

Rate Limits

The Basis Theory API has rate limits applied to ensure the speed and consistency of our systems. Please reach out if you need custom rate limits or our Tier 1 rate limit.

Default Rate Limits

  • Test Tenant Rate Limit
    • Counter: BT-API-KEY
    • Rate: 50 Requests / 10 Seconds
    • Mitigation: Throttle
  • Management API Key Rate Limit
    • Counter: BT-API-KEY
    • Rate: 200 Requests / 60 Seconds
    • Mitigation: Block 60 Seconds
  • Public API Key Rate Limit
    • Counter: BT-API-KEY and IP
    • Rate: 50 Requests / 10 Seconds
    • Mitigation: Block 10 Seconds
  • Proxy Endpoint Rate Limit
    • Counter: BT-PROXY-KEY
    • Rate: 500 Requests / 10 Seconds
    • Mitigation: Throttle
  • Private API Key Rate Limit
    • Counter: BT-API-KEY
    • Rate: 1000 Requests / 10 Seconds
    • Mitigation: Throttle
  • Listing Tokens Rate Limit (GET /tokens|/tokens/search)
    • Counter: BT-API-KEY and IP
    • Rate: 200 Requests / 10 Seconds
    • Mitigation: Throttle
  • Creating Tokens Rate Limit (POST /tokens|/tokenize)
    • Counter: BT-API-KEY and IP
    • Rate: 200 Requests / 10 Seconds
    • Mitigation: Throttle

Tier 1 Rate Limits

  • Test Tenant Rate Limit
  • Management API Key Rate Limit
    • Counter: BT-API-KEY
    • Rate: 400 Requests / 60 Seconds
    • Mitigation: Block 60 Seconds
  • Public API Key Rate Limit
    • Counter: BT-API-KEY and IP
    • Rate: 100 Requests / 10 Seconds
    • Mitigation: Block 10 Seconds
  • Proxy Endpoint Rate Limit
    • Counter: BT-PROXY-KEY
    • Rate: 1000 Requests / 10 Seconds
    • Mitigation: Throttle
  • Private API Key Rate Limit
    • Counter: BT-API-KEY
    • Rate: 2000 Requests / 10 Seconds
    • Mitigation: Throttle
  • Listing Tokens Rate Limit (GET /tokens|/tokens/search)
    • Counter: BT-API-KEY and IP
    • Rate: 400 Requests / 10 Seconds
    • Mitigation: Throttle
  • Creating Tokens Rate Limit (POST /tokens|/tokenize)
    • Counter: BT-API-KEY and IP
    • Rate: 400 Requests / 10 Seconds
    • Mitigation: Throttle

Legacy Rate Limit Rules

  • Globale Rate Limit
    • Counter: IP
    • Rate: 1000 Requests / 10 Seconds
    • Block Duration: 10 Seconds
  • Portal:
    • Counter: IP
    • Rate: 600 Requests / 10 Seconds
    • Block Duration: 10 Seconds
  • API
    • POST /tokens/search
      • Counter: IP
      • Rate 50 Requests / 10 Seconds
      • Block Duration: 10 Seconds
    • GET /tokens
      • Counter: IP
      • Rate 100 Requests / 10 Seconds
      • Block Duration: 10 Seconds
    • POST (/tokens | /tokenize)
      • Counter: IP
      • Rate 200 Requests / 10 Seconds
      • Block Duration: 10 Seconds

Reactors

Applicable to invoking Reactors or invoking Pre-Configured Proxies with a Request or Response Transform.

LimitNote
Code lengthThe maximum code length accepted by a Reactor is 50K chars.
Payload SizeThe maximum payload size to invoke a Reactor is 5 MB. Please reach out if your use case requires more than that.
ConcurrencyThe default hot concurrency is set to 1 by default, this will fan out and cold start additional Reactors if multiple requests happen concurrently. If you need additional hot concurrency, please reach out.
Synchronous TimeoutSynchronous Reactor Invoke calls will timeout after 30s.

Error Codes

Error CodeMeaning
429Request has been rate limited