We have safeguards in place to protect against abuse/DoS attacks as well as order book manipulation caused by the rapid placing and canceling of orders.
Currently, we have three API limit types in place:
1. Public calls do not require a key and are therefore tied to the IP address. Public calls are rate limited by IP per pair for Trades and OHLC and the rest by IP only. It is generally recommended not to perform more than 1 public call per second. If you get rate limited, it should clear up in 4-5 seconds if you slow down right away and a minute or so if you don't.
2. Private calls have a counter per API key. Each key's "call counter" starts at 0. Certain calls will increase the counter. If the counter exceeds the key's maximum call count (based on user's verification level), API access is suspended for 15 minutes.
|Action||Change to Call Count|
|Ledger/trade history calls||+2|
|All other API calls (including balance checks)||+1|
The key's counter is reduced every couple of seconds.
|Tier||Maximum Call Count per key||Call count reduction|
|2||15||-1 every 3 seconds|
|3||20||-1 every 2 seconds|
|4||20||-1 every 1 seconds|
3. Placing orders rate limit is based on time on book and rate limited per pair by account. The longer the order is left on the book, the more you can trade. Canceled orders penalize more than filled ones. The penalty curve is high until 15 seconds and then becomes negligible if the order is on the book for more than 5 minutes.