Rate Limits

All API endpoints require authentication. Regardless of the authentication method used, the Pabau API enables users to make requests based on their subscription plan.

The Pabau API applies a rate limit every 2 seconds for both authentication methods; however, the limits differ between requests made with the api_token and those made by OAuth application.

It is important to note that the rate limiting for the Pabau API is applied company-wide.

Below, you'll find the specific rate limits for each of our four subscription plans, detailing the limits for both authentication methods over a 2-second window:

Plan	API rate limit
Essential	20 requests per 2 seconds per `api_token`
Advanced	40 requests per 2 seconds per `api_token`
Professional	80 requests per 2 seconds per `api_token`
Power	100 requests per 2 seconds per `api_token`
Enterprise	120 requests per 2 seconds per `api_token`

If you exceed the rate limit, our API will start rejecting your requests and you'll receive an error response of HTTP 429 "Too Many Requests" in the body:

Daily API fair usage limit for POST/PUT endpoints

In addition to rate limiting, public API has a daily API fair usage limit for all POST/PUT endpoints. Fair usage is considered to be a maximum of 10 000 POST/PUT requests daily per user per 24 hours. The daily limit will be reset at midnight in UTC.

How the limit for 10000 requests per day per user is calculated?
Martin is a user of Pabau. He has two custom integrations using the Pabau API. Both custom integrations are subject to the same daily limit to make requests against the Pabau API on behalf of the user, Martin. So, for example, if one of those integrations is making 350 POST requests per day and the other integration 100 PUT requests each per day, then there's 10000 - 350 - 100 - 100 = 9450 POST/PUT requests left for those two integrations to use for the remaining time until the reset.

How the limit for 10000 requests per day per user is calculated?

Martin is a user of Pabau. He has two custom integrations using the Pabau API. Both custom integrations are subject to the same daily limit to make requests against the Pabau API on behalf of the user, Martin. So, for example, if one of those integrations is making 350 POST requests per day and the other integration 100 PUT requests each per day, then there's 10000 - 350 - 100 - 100 = 9450 POST/PUT requests left for those two integrations to use for the remaining time until the reset.

📘

We strongly recommend integrations built using api_token and apps using OAuth 2.0 to follow the daily fair usage limit of 10000 POST/PUT requests.

In the case of exceeding the 10 000 daily limit on multiple occasions, we may start blocking your POST/PUT requests towards our API.

How to avoid being rate limited

If you're reaching the rate limit, options to improve performance include restructuring the integration architecture, using Webhooks and/or upgrading to Enterprise plan.