Skip to main content
Rate limits protect the platform from accidental and malicious overload. Normal production traffic rarely hits them. When they do trigger, the response headers tell you exactly how long to wait.

Global limit

Every authenticated merchant gets a base of 1,000 requests per minute, shared across all /v1/* endpoints, enforced on a rolling 60-second window. The limit is per merchant (not per IP) — seats and servers behind a shared egress NAT all count against the same quota, but separate merchants never share quotas with each other.

Merchant rate-limit tiers

Merchants can be placed on a higher tier by Anton. The tier applies a multiplier to the base 1,000 rpm ceiling.
TierMultiplierEffective ceiling
Default1,000 rpm
Growth2,000 rpm
Scale5,000 rpm
High-volume10×10,000 rpm
Enterprise20×20,000 rpm
Read your current tier from GET /v1/merchant — the response includes rate_limit_multiplier (1, 2, 5, 10, or 20) and the effective rate_limit_per_minute. Promotions take effect immediately on the next request; no rollout is required.

Endpoint-specific limits

Some endpoints are more expensive or more sensitive and carry a tighter ceiling:
EndpointLimit
POST /v1/fx/quote30 / minute per merchant
GET /v1/fx/rate30 / minute per merchant
POST /v1/fx/exchange10 / minute per merchant
POST /v1/webhooks/{id}/testReduced (sensitive operations ceiling)
Sensitive operations — webhook test sends and similar one-off verification flows — run under a lower per-merchant ceiling to prevent abuse. Normal integration traffic will not reach it.

Headers on every response

HeaderValue
X-RateLimit-LimitMaximum requests permitted in the current window.
X-RateLimit-RemainingRequests remaining in the current window.
X-RateLimit-ResetUnix timestamp (seconds) when the current window resets.
When you exceed a limit, Anton returns 429 Too Many Requests with an additional header:
HeaderValue
Retry-AfterSeconds to wait before retrying.
Response body:

Handling 429

Treat 429 as transient. Back off for at least the number of seconds in Retry-After before retrying. Use jittered exponential backoff when retrying many requests at once — retrying everything at the exact Retry-After moment creates a thundering herd that trips the limiter again.

Requesting a higher limit

Merchants with sustained high-volume needs can request a raised global ceiling. Reach out via help.antonpayments.com with your use case and expected traffic profile.