429 Rate Limiting
Updated over a week ago

429 Error code

  • 429 is returned if anyone sends the same request resulting in an 4** including 429 itself error more than 10 times per 1 minute.

  • 429 is returned if anyone sends more than 500 "POST" API calls per 1 minute.

In this article, we'll delve into what rate limits and throttling are, how they affect clients' API usage, and why they are essential for maintaining the stability and security of Veryfi services.

Rate Limit per Minute (RPM)

At Veryfi, we take it seriously, and part of Veryfi commitment to providing a reliable and secure service involves implementing rate limits for API calls.

What are Rate Limits?

Rate limits are a standard practice in the world of APIs, and they are designed to control the number of requests a user or application can make to the API within a specified time frame. These limits help ensure the fair and responsible use of Veryfi APIs while preventing any single user or application from overwhelming Veryfi infrastructure with an excessive number of requests.

Rate Limits at Veryfi

For Veryfi Data Extraction APIs, we have implemented rate limits to ensure a balanced and secure user experience.

Rate Per Minute (RPM)

  • POST Requests: 500 RPM*

  • Other Methods: 300 RPM

500 for POST https://api.veryfi.com/api/v8/partner/documents (Receipts/Invoices endpoint)

300 per any other partner endpoint

  • GET partner/documents

  • POST partner/documents/id/line_item or partner/documents/id/tags

  • PUT partner/documents/id or partner/documents/id/line_item

What Happens When User Hits the Rate Limit?

If the user exceeds the rate limit (which could happen for less than 1 minute), they will receive a 429 error for all subsequent API calls until subsequent calls decrease. 429 request counts towards the limit, so if API calls don’t stop the user will keep being throttled.

The response returns retry-after header with the value of how long the agent should wait in seconds until repeating.

Why Rate Limits are Crucial

You might wonder how rate limits benefit users directly. Here are a few reasons why rate limits are essential for a positive and productive experience:

1. Data Security and Privacy

Rate limits are an essential component of Veryfi security strategy. They help protect client data by deterring potential attackers from overwhelming the API with excessive requests. This added layer of security ensures that client-sensitive data remains safe and inaccessible to unauthorized parties.

2. Preventing Loop Transactions/ Preventing Fraud

Rate limits also play a role in preventing unintentional looped transactions. Without rate limits, a misconfigured application or script could accidentally make an excessive number of API calls, resulting in unintended consequences. Limiting the rate at which requests can be made, reduces the risk of fraudulent activity, such as spamming or unauthorized access. This safeguards the integrity of Veryfi service and protects client data. Learn more about Duplicate Spike Alert

3. Reliable and Consistent Service

Rate limits ensure that Veryfi API functions reliably and consistently for all users. By preventing any single user or application from monopolizing Veryfi resources, users can count on a smooth and uninterrupted API experience. This reliability is crucial for businesses that rely on Veryfi API for critical data extraction tasks.

4. Enhanced User Experience / Optimized Application Performance

Rate limits contribute to an enhanced user experience for your end users. By preventing API abuse and ensuring consistent performance, our clients can deliver a more reliable and responsive service to their own users. This, in turn, leads to higher user satisfaction and retention. For developers integrating Veryfi API into their applications, rate limits provide a means to optimize performance.


What is the "429 Too Many Bad Requests" Error?

The "429 Too Many Bad Requests" error is triggered when our API detects a high volume of FAILED with 4** error requests that could contain incorrect or incomplete parameters. This could include missing or invalid authentication tokens, malformed JSON payloads, or other issues that prevent the API from understanding and processing the request properly.

Throttling at Veryfi

For Veryfi Data Extraction APIs, we have implemented Throttling to ensure a balanced and secure user experience.


  • 10 failed requests in 60 seconds (1 minute)

  • Failed requests error code type: 4** including 429

The Purpose of Error Request Throttling

Error request throttling, as represented by the "429 Too Many Bad Requests" error, serves several client-facing benefits:

1. Protecting the API Infrastructure
Error request throttling safeguards our API infrastructure from unnecessary load and potential abuse. By responding with a "429" error when it detects repeated bad requests, the API ensures that it remains available and responsive for all users.

2. Facilitating Correct API Usage

The "429 Too Many Bad Requests" error encourages users to send correct and complete requests. When you receive this error, it's an indicator that something is amiss with your request parameters. This prompts you to review and rectify your requests, leading to more efficient use of the API.

3. Preventing API Abuse

Throttling error requests helps prevent API abuse. Without this mechanism, malicious users or poorly configured applications could flood the API with erroneous requests, potentially causing service disruptions. Error throttling discourages such abusive behavior and maintains the integrity of the API.

4. Enhancing API Stability

By limiting the number of bad requests, we contribute to the overall stability of our API service. This ensures that you can rely on the API to consistently deliver accurate results and prevent disruptions caused by repeated errors.

For more details and Error codes, please visit Veryfi API Documentation and Integration Guide: https://docs.veryfi.com/

Did this answer your question?