Rate Limiting
ZevPay enforces rate limits to ensure fair usage and protect the API from abuse. All REST API endpoints are subject to rate limiting.
Limits
| Scope | Limit | Window |
|---|---|---|
| Global (per API key) | 100 requests | 1 minute |
Session initialization (POST /v1/checkout/session/initialize) | 30 requests | 1 minute |
Rate limits are applied per API key. Test and live keys have separate counters.
INFO
These limits are generous for normal usage. If your integration requires higher limits, contact us at support@zevpay.ng.
Rate limit response
When you exceed the rate limit, the API responds with HTTP 429 Too Many Requests:
{
"success": false,
"error": {
"code": "HTTP_ERROR",
"message": "ThrottlerException: Too Many Requests"
},
"correlationId": "-"
}Handling rate limits
Implement exponential backoff when you receive a 429 response:
async function fetchWithRetry(url, options, maxRetries = 3) {
for (let attempt = 0; attempt <= maxRetries; attempt++) {
const response = await fetch(url, options);
if (response.status !== 429) return response;
// Exponential backoff: 1s, 2s, 4s
const delay = Math.pow(2, attempt) * 1000;
await new Promise(resolve => setTimeout(resolve, delay));
}
throw new Error('Rate limit exceeded after retries');
}import time
import requests
def fetch_with_retry(url, **kwargs):
max_retries = 3
for attempt in range(max_retries + 1):
response = requests.request(**kwargs, url=url)
if response.status_code != 429:
return response
# Exponential backoff: 1s, 2s, 4s
delay = (2 ** attempt)
time.sleep(delay)
raise Exception("Rate limit exceeded after retries")Best practices
- Batch operations where possible instead of making many individual requests
- Cache responses to avoid redundant API calls (e.g., cache bank list, verify results)
- Spread requests evenly over time rather than sending bursts
- Use webhooks instead of polling for payment status — see Webhooks
Request body size
All REST API endpoints enforce a 1 MB maximum request body size. Requests exceeding this limit will be rejected with a 413 Payload Too Large response.
This limit is more than sufficient for all API operations. If you're sending metadata with your requests, keep it concise.