Rate limiting

Digital Platform will enforce rate limits on certain endpoints that could return sensitive information if maliciously subjected to repeated requests. Rate limiting reduces the risk, for example, of a bad actor obtaining a gift-card PIN by repeatedly making requests to the gift-card balance endpoint.

When the rate limit is exceeded these endpoints will return an HTTP 429 response with the following response body indicating when requests will be allowed again:

Copy
Copied
{
  "blockedUntilUtc": "2021-01-21T04:02:20.360Z"
}

The API reference pages will list 429: Too Many Requests as a possible status code when rate limiting can be enabled on a given endpoint. The endpoints, and the specific endpoint parameters, that may be rate limited are as follows: