Rate Limits

Learn about API rate limits.

The Lithic API enforces rate limiting on all endpoints with the exception of card embeds. Traffic that breach our limits will receive a 429 status code and will not be processed.

We group endpoints by resource (table provided below), and rate limits will be applied across endpoints belonging to a particular resource. We enforce rate limits separately for each HTTP method. For example, if you make a call to GET /cards and GET /cards/{uuid} within the same second, both calls will contribute to your consumed GET /cards requests per second (RPS) because they both belong to the cards resource and have the same HTTP method. However, a call to GET /cards and POST /cards will be evaluated separately because they are different HTTP methods even though they belong to the same resource. Similarly, PATCH /cards and POST /cards will be evaluated separately because they are different HTTP methods (even though they are both write operations).

In Production, the default rate limit for read operations is 30 RPS and for write operations is 5 RPS. In Sandbox, the default rate limit for read operations is 15 RPS and for write operations is 1 RPS.

The exceptions to these defaults are the cards resource with 15 RPS and 2 RPS for write operations in Production and Sandbox, respectively and the transfers resource with 5 RPS and 2 RPS for write operations in Production and Sandbox, respectively.

Account holder creation via the KYC advanced workflow may be subject to lower rate limits due to third-party vendors.

We will always include the response header x-requests-remaining which indicates how many RPS you have left in the given second. Should you be rate limited, you will also see the response header retry-after: "1" indicating the need to wait one second before retrying requests. Note that the Lithic SDKs natively support retries when the retry-after header is present.

Lithic reserves the right to temporarily tighten these limits during high load or service interruptions. If higher RPS is needed for specific one-off operations (e.g. migrations), please contact[email protected]

Resource Groupings with Defaults

Resource

Endpoints

Default Rate Limit Production

Default Rate Limit Sandbox

accounts

/accounts*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

account_holders

/account_holders*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

auth_rules

/auth_rules*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

auth_stream

/auth_stream*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

cards

/cards* (excluding search by pan)

30 RPS read
15 RPS write

15 RPS read
2 RPS write

card_programs

/card_programs*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

funding_sources

/funding_sources*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

responder_endpoints

/responder_endpoints*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

transactions

/transactions*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

external_bank_accounts

/external_bank_accounts*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

tokenization_decisioning

/tokenization_decisioning*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

tokenizations

/tokenizations*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

disputes

/disputes*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

balances

/balances
/financial_accounts/{uuid}/balances
/aggregate_balances

30 RPS read
5 RPS write

15 RPS read
1 RPS write

card_product

/card_product*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

financial_accounts

/financial_accounts*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

financial_transactions

/financial_accounts/{uuid}/financial_transactions

/cards/{uuid}/financial_transactions

30 RPS read
5 RPS write

15 RPS read
1 RPS write

payments

/payments*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

transfers

/transfers*
/transfer_configuration_codes

30 RPS read
5 RPS write

15 RPS read
2 RPS write

reports

/reports*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

statements

/financial_accounts/{uuid}/statements*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

events

/events*
/event_subscriptions*

30 RPS read
5 RPS write

15 RPS read
1 RPS write

simulations (sandbox only)

/three_ds_authentication/simulate
/simulate*

N/A

15 RPS read
1 RPS write

Changelog

  • May 20, 2024 - Enforcement begins
  • May 13, 2024 - Initial public documentation released