Skip to main content
Tesouro uses rate limiting to protect against spikes of incoming traffic that can put our systems at risk. These limits help us ensure that Tesouro remains stable and usable for everyone. If you exceed the rate limit, you will receive a 429 Too Many Requests HTTP response. When this happens, wait before retrying the request.

Rate limit response headers

For every API request within the allowed rate limit, Tesouro returns the following HTTP headers:
HTTP headerDescription
RateLimit-LimitThe number of requests allowed per second. Same as X-RateLimit-Limit-Second.
RateLimit-RemainingThe number of available requests remaining in the current second. Same as X-RateLimit-Remaining-Second.
RateLimit-ResetThe time remaining, in seconds, until the rate limit quota is reset.
X-RateLimit-Limit-SecondThe number of requests allowed per second. Same as RateLimit-Limit.
X-RateLimit-Remaining-SecondThe number of available requests remaining in the current second. Same as RateLimit-Remaining.
If you exceed the rate limit, the response will include a Retry-After header indicating how many seconds to wait before sending another request: 
HTTP/1.1 429 Too Many Requests
Content-Type: application/json; charset=utf-8
RateLimit-Reset: 1
Retry-After: 1
RateLimit-Limit: 30
RateLimit-Remaining: 0

{
  "message": "API rate limit exceeded"
}

Handling rate limits

  1. Monitor rate limit headers: Check RateLimit-Remaining on each response to track your remaining quota.
  2. Implement a backoff strategy: If you receive a 429 response, wait for the duration specified in the Retry-After header before retrying. Consider using exponential backoff for retries.
If the current rate limiting levels are not satisfactory for your integration, please contact your Account Manager at Tesouro to request an adjustment.