> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tesouro.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rate limiting

> Learn how rate limiting works in the Embedded Banking API.

Tesouro uses [rate limiting](https://en.wikipedia.org/wiki/Rate_limiting) to protect against spikes of incoming traffic that can put our systems at risk. These limits help us ensure that Tesouro remains stable and usable for everyone.

If you exceed the rate limit, you will receive a `429 Too Many Requests` HTTP response. When this happens, wait before retrying the request.

### Rate limit response headers

For every API request within the allowed rate limit, Tesouro returns the following HTTP headers:

| HTTP header                    | Description                                                                                               |
| ------------------------------ | --------------------------------------------------------------------------------------------------------- |
| `RateLimit-Limit`              | The number of requests allowed per second. Same as `X-RateLimit-Limit-Second`.                            |
| `RateLimit-Remaining`          | The number of available requests remaining in the current second. Same as `X-RateLimit-Remaining-Second`. |
| `RateLimit-Reset`              | The time remaining, in seconds, until the rate limit quota is reset.                                      |
| `X-RateLimit-Limit-Second`     | The number of requests allowed per second. Same as `RateLimit-Limit`.                                     |
| `X-RateLimit-Remaining-Second` | The number of available requests remaining in the current second. Same as `RateLimit-Remaining`.          |

If you exceed the rate limit, the response will include a `Retry-After` header indicating how many seconds to wait before sending another request:

```http lines theme={null}
HTTP/1.1 429 Too Many Requests
Content-Type: application/json; charset=utf-8
RateLimit-Reset: 1
Retry-After: 1
RateLimit-Limit: 30
RateLimit-Remaining: 0

{
  "message": "API rate limit exceeded"
}
```

### Handling rate limits

1. **Monitor rate limit headers:** Check `RateLimit-Remaining` on each response to track your remaining quota.
2. **Implement a backoff strategy:** If you receive a `429` response, wait for the duration specified in the `Retry-After` header before retrying. Consider using exponential backoff for retries.

<Info>
  If the current rate limiting levels are not satisfactory for your integration, please contact your Account Manager at Tesouro to request an adjustment.
</Info>
