Skip to main content

Rate Limits

The Flowlix API enforces rate limits to protect the platform and ensure fair usage across all merchants. Rate limits are applied per API key.

Current limits

ScopeLimit
Per API key100 requests per minute
Both test mode and live mode keys share the same limit. Rate limits reset on a rolling 60-second window.

Rate limit headers

Every authenticated response includes rate limit information:
HeaderDescription
X-RateLimit-LimitMaximum requests allowed per window (e.g., 100).
X-RateLimit-RemainingRequests remaining in the current window (e.g., 95).
X-RateLimit-ResetUnix timestamp when the current window resets.
Example headers on a normal response: 
HTTP/1.1 200 OK
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1719792060

When you hit the limit

If you exceed the rate limit, the API returns 429 Too Many Requests with a Retry-After header: 
HTTP/1.1 429 Too Many Requests
Retry-After: 45
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1719792060

{
  "error": {
    "type": "rate_limit_error",
    "code": "rate_limit_exceeded",
    "message": "Too many requests. Please retry after 45 seconds.",
    "param": null,
    "decline_code": null,
    "doc_url": "https://docs.flowlix.eu/errors/rate_limit_exceeded",
    "request_id": "req_abc123def456"
  }
}

Retry strategy

When you receive a 429 response:
  1. Read the Retry-After header — it tells you how many seconds to wait.
  2. Wait the specified time before retrying.
  3. Use exponential backoff if Retry-After is not present: 1s, 2s, 4s, 8s (max 30s).
import time
import requests

def make_request_with_retry(url, headers, json=None, max_retries=3):
    for attempt in range(max_retries):
        response = requests.post(url, headers=headers, json=json)

        if response.status_code != 429:
            return response

        retry_after = int(response.headers.get("Retry-After", 2 ** attempt))
        print(f"Rate limited. Retrying in {retry_after}s...")
        time.sleep(retry_after)

    return response  # Return last response if all retries exhausted

Best practices

  • Monitor X-RateLimit-Remaining — if it drops below 10, slow down your request rate.
  • Batch where possible — use limit=100 on list endpoints to reduce the number of API calls.
  • Use webhooks (coming soon) instead of polling to check payment status.
  • Don’t retry instantly on 429 — always respect the Retry-After header.
  • Spread requests evenly — avoid bursts of requests at the start of each minute.