Rate Limits
IOTMER applies rate limits to protect platform stability. Limits are applied per API key or per user session.
Default limits
| Endpoint group | Limit |
|---|---|
| Auth endpoints | 20 req/min |
| Read operations (GET) | 300 req/min |
| Write operations (POST/PUT/DELETE) | 100 req/min |
| Device provisioning | 50 req/min |
Rate limit headers
Every response includes rate limit headers:
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 287
X-RateLimit-Reset: 1710500460
Handling 429 errors
When you exceed a limit, the API returns 429 Too Many Requests with a Retry-After header indicating when to retry.
Implement exponential backoff in your client:
for attempt := 0; attempt < maxRetries; attempt++ {
resp, err := client.Do(req)
if resp.StatusCode == 429 {
time.Sleep(time.Duration(math.Pow(2, float64(attempt))) * time.Second)
continue
}
break
}