Rate limiting

Rate limiting is a strategy to limit access to APIs. It restricts the number of API calls a client can make within a specific timeframe. This helps defend the API against overuse, both unintentional and malicious.

Rate limits are often applied to an API by tracking the IP address, or in a more business-specific way such as API keys or access tokens.

We use a Token Bucket algorithm to determine if a request is allowed to be processed. There is a maximum number of tokens available that are being refreshed at a constant rate.

When using rate limiting like this, you will always limit the amount of requests on a per user/ip/region/vehicle basis. When a user has no tokens available they will usually receive an error that will look like this:

To summarize, rate limiting is a strategy used to make sure that APIs are not overused in case of a malicious attack or accidental mistake. Usually waiting a bit or switching network will remove this issue.