Z
Zaki-PassDocs
Back to Docs

Rate Limiting

The Zaki-Pass API enforces rate limits to ensure fair usage and platform stability. All API responses include rate limit headers so you can monitor your usage.

Rate Limits

  • 100 requests per minute per API key
  • Rate limit resets every 60 seconds
  • JWT-authenticated requests have separate rate limiting

Response Headers

The following headers are returned with every API response:

X-RateLimit-LimitMaximum requests per window (100)
X-RateLimit-RemainingRequests remaining in current window
X-RateLimit-ResetUnix timestamp when the window resets
Retry-AfterSeconds to wait before retrying (only present on 429 responses)

429 Response

When you exceed the rate limit, the API returns a 429 status code with the following response body:

json
{
  "statusCode": 429,
  "message": "ThrottlerException: Too Many Requests",
  "error": "Too Many Requests"
}

Handling Rate Limits

Best practices for handling rate limits:

  1. Implement exponential backoff
  2. Cache responses when possible
  3. Use batch endpoints (e.g., POST /passes/batch) instead of individual calls
  4. Monitor your usage with the X-RateLimit-Remaining header

Retry implementation in JavaScript:

javascript
async function fetchWithRetry(url, options, maxRetries = 3) {
  for (let i = 0; i < maxRetries; i++) {
    const response = await fetch(url, options);

    if (response.status === 429) {
      const retryAfter = response.headers.get('Retry-After') || '5';
      const waitTime = parseInt(retryAfter, 10) * 1000;
      await new Promise(resolve => setTimeout(resolve, waitTime));
      continue;
    }

    return response;
  }
  throw new Error('Max retries exceeded');
}

Retry implementation in Python:

python
import time
import requests

def fetch_with_retry(url, headers, max_retries=3):
    for i in range(max_retries):
        response = requests.get(url, headers=headers)

        if response.status_code == 429:
            retry_after = int(response.headers.get('Retry-After', 5))
            time.sleep(retry_after)
            continue

        return response
    raise Exception('Max retries exceeded')

Batch Endpoints

Use batch endpoints to reduce the number of API calls and stay within rate limits:

  • POST /passes/batch — Issue multiple passes in a single request
  • POST /passes/notify/batch — Send batch notifications
  • Each batch call counts as a single request against the rate limit