Setting up Cryptowatch
Extensibility and Community
API

What to do when you are being rate limited

Rate limiting is how a website handles incoming traffic. This article describes rate limiting and how to resolve it.

Rate limiting is a way of controlling the amount of requests handled by the site’s API (Application Program Interface) — these communications are API calls. If you receive an error message like “API rate limit exceeded” or “You are being rate limited”, that is the website telling you it’s time to slow down.

On Cryptowatch, this issue is indicated by error #803.

Typically, slowing down is all you need to do to solve the issue.

When you interact with a website, each action you take demands a portion of the website’s resources. The site can slow down (or crash) if its traffic isn't managed.

One response to this challenge is rate limiting requests to the API. The site can add weights (like time penalties) to specific actions that will slow the rate at which you perform them.

Usually, once a grace-period has passed, the rate limit penalties are removed and you can resume what you were doing.

The only surefire way to resolve this error is to stop what you're doing altogether, at least for a little while. Take a moment to check the site's help center or documentation to see how they implement rate limits. Kraken.com's “What are the REST API rate limits” page is a good example of a document that outlines rate limiting on their platform.

Check out Editing an order in the How to Trade article to learn how to adjust orders on the fly.

Why you are being rate limited

Your computer communicates with the site you’re visiting via an API (Application Program Interface). The vehicles that transmit that information are called API calls. When you trade on a crypto exchange, for example, you are interacting with the order book via API calls when you post or cancel orders.

Each individual API call contributes a small workload for the website’s system. Eventually — and especially during times of high traffic — the site’s system will reach a threshold amount of calls it can handle and begin to slow down.

DoS and DDoS Attacks

An overload of API calls is enough to crash a site, and is commonly known as a DoS (Denial of Service) attack when used maliciously. A DDoS (Distributed Denial of Service) attack is when an attacker uses a collection of computers and internet connections to flood the exchange with API calls.

This is one reason why action penalties are applied to all users on a website; the rate of disturbance from a single computer is unlikely to affect the site, but massive increases in traffic can potentially crash it altogether. When you receive an “API rate limit exceeded” or a variation of this error, you are witnessing a website’s defences in action.