We have safeguards in place to protect against abuse/DoS attacks as well as order book manipulation caused by the rapid placing and canceling of orders.
Currently, we have 3 API limit types in place:
1. Public calls are rate limited by IP per pair (Trades and OHLC) and the rest by IP only. It should clear up in 4-5 seconds if you slow down right away and a minute or so if you don't.
2. Private calls have the counter per API key:
Every user of our API has a call counter which starts at 0.
Ledger/trade history calls increase the counter by 2.
Place/cancel order calls do not affect this counter.
All other API calls including balance checks increase the counter by 1.
The user's counter is reduced every couple of seconds, and if the counter exceeds the user's maximum API access is suspended for 15 minutes. Tier 2 users have a maximum of 15 and their count gets reduced by 1 every 3 seconds. Tier 3 and 4 users have a maximum of 20; the count is reduced by 1 every 2 seconds for tier 3 users, and is reduced by 1 every 1 second for tier 4 users.
3. Placing orders rate limit is based on time on book and fill rate per pair by account. The longer the order is left on the book, the more you can trade. Canceled orders penalize more than filled ones. The penalty curve is high until 15 seconds and then becomes neglectable if the order is on the book for more than 5 minutes.