We have safeguards in place to protect against abuse/DoS attacks as well as order book manipulation caused by the rapid placing and canceling of orders.
Currently, we have 3 API limit types in place:
1. Public calls are rate limited by IP per pair (Trades and OHLC) and the rest by IP only. It should clear up in 4-5 seconds if you slow down right away and a minute or so if you don't.
2. Private calls have a counter per API key. Each key's "call counter" starts at 0. Certain calls will increase the counter. If the counter exceeds the key's maximum call count (based on user's verification level), API access is suspended for 15 minutes.
|Action||Change to Call Count|
|Ledger/trade history calls||+2|
|All other API calls (including balance checks)||+1|
The key's counter is reduced every couple of seconds.
|Tier||Maximum Call Count per key||Call count reduction|
|2||15||-1 every 3 seconds|
|3||20||-1 every 2 seconds|
|4||20||-1 every 1 seconds|
3. Placing orders rate limit is based on time on book and rate limited per pair by account. The longer the order is left on the book, the more you can trade. Canceled orders penalize more than filled ones. The penalty curve is high until 15 seconds and then becomes negligible if the order is on the book for more than 5 minutes.