Rate limits
Learn about Codat's API rate limits and their usage
Third-party rate limits
Many of the financial platforms that Codat integrates with impose rate limits on the use of their APIs. These limits are enforced and reported separately by each API.
Handling rate limits is a challenging aspect of building financial integrations. With Codat, you benefit from our bespoke rate limit handling across all supported providers. This gives you the maximum possible access to your SMB users' contributed data.
Codat rate limits
Usage-based limits
We do not currently enforce usage-based rate limits, but we do monitor them internally. If a client breaks the limits, it usually means there is an overlooked issue in their system or product. We will get in touch with the client to discuss possible improvements to reduce the number of calls. This will enhance the Codat experience for the client and their users.
Client-based limits
ACC, or Active Connected Company, is a company that has an active, linked, and syncing connection to an underlying platform.
Client-based limits set an upper limit on the number of configuration changes in a day. Codat sets these limits at:
- 1,000 requests per day, or
- 100 requests per day per ACC, whichever is greater.
These transactions are intended to be low volume. Therefore, a high number of requests in this area indicates potentially erroneous behavior and should trigger contact with the client.
Company-based limits
Company-based limits set an upper limit on the number of data-based requests an account can make against a company per day. This is to reduce the operational load. Codat sets these limits on the ACC level at:
- 1,000 requests per day, and
- 10 concurrent requests.
Note that these limits represent a global request count.
Note that the rate limits do not automatically recalculate when a new ACC is added, and do not reset until the end of the day.
Account A has a production client with 2 active companies. The client-based limit is calculated as the greater of (2*100 || 1,000)
, resulting in 1,000 allowed requests. Adding 1,000 * 2 ACCs for the company-based limit gives Account A a total limit of 3,000 requests.
They choose to make 1,100 requests against both companies for a total of 2,200 requests and have 800 requests remaining.
They then link a third company. Because the same total of requests applies, they can use the remaining 800 requests to make calls against the third company.
Account B has a production client with 140 active companies. The client-based limit is calculated as the greater of (140* 100 || 1,000)
, resulting in 14,000 allowed requests. The company-based limit is calculated as 140*1,000
, resulting in 140,000 allowed requests.
This gives Account B a total limit of 154,000 requests.
Hard DoS-based limits
Hard DoS-based limits are set to protect against bad actors and do not prevent sensible usage. Codat sets these limits at:
- 1,000 requests per minute from any IP Address.