Skip to main content
Rate limits protect the platform from accidental and malicious overload. Normal production traffic rarely hits them. When they do trigger, the response headers tell you exactly how long to wait.

Global limit

Every authenticated merchant gets 1,000 requests per minute, shared across all /v1/* endpoints. The limit resets on a rolling 60-second window.

Endpoint-specific limits

Some endpoints are more expensive or more sensitive and carry a tighter ceiling:
EndpointLimit
POST /v1/fx/quote30 / minute per IP
GET /v1/fx/rate30 / minute per IP
POST /v1/fx/exchange10 / minute per IP
POST /v1/api-keysReduced (sensitive operations ceiling)
POST /v1/api-keys/{id}/revokeReduced (sensitive operations ceiling)
POST /v1/webhooks/{id}/testReduced (sensitive operations ceiling)
POST /v1/merchant/security/portal-linkReduced (sensitive operations ceiling)
Sensitive operations — key lifecycle, webhook test sends, admin portal link issuance — run under a lower per-merchant ceiling to prevent abuse. Normal integration traffic will not reach it.

Headers on every response

HeaderValue
X-RateLimit-LimitMaximum requests permitted in the current window.
X-RateLimit-RemainingRequests remaining in the current window.
X-RateLimit-ResetUnix timestamp (seconds) when the current window resets.
When you exceed a limit, Anton returns 429 Too Many Requests with an additional header:
HeaderValue
Retry-AfterSeconds to wait before retrying.
Response body: 
{
  "error": {
    "code": "rate_limited",
    "message": "Rate limit exceeded. Retry after 42 seconds."
  }
}

Handling 429

Treat 429 as transient. Back off for at least the number of seconds in Retry-After before retrying. Use jittered exponential backoff when retrying many requests at once — retrying everything at the exact Retry-After moment creates a thundering herd that trips the limiter again. 
retry() {
  local url=$1
  for attempt in 1 2 3 4 5; do
    response=$(curl -sS -D /tmp/hdr -o /tmp/body -w "%{http_code}" "$url" \
      -H "Authorization: Bearer $ANTON_API_KEY")
    if [ "$response" != "429" ]; then
      cat /tmp/body
      return 0
    fi
    retry_after=$(grep -i '^retry-after:' /tmp/hdr | awk '{print $2}' | tr -d '\r')
    sleep "${retry_after:-1}"
  done
  echo "rate limit: retry budget exhausted" >&2
  return 1
}

Requesting a higher limit

Merchants with sustained high-volume needs can request a raised global ceiling. Reach out via help.antonpayments.com with your use case and expected traffic profile.