SignCareAPI Docs

Rate Limits

SignCare applies rate limits per API key, per IP, and per client. Here's how to handle them.

Why we rate-limit

Rate limits protect:

  • Upstream providers from being overloaded — most SignCare APIs proxy to government or financial systems with their own limits.
  • Other clients from being starved of capacity.
  • You from runaway loops accidentally burning through your quota.

Policies

PolicyLimitKeyed byApplies to
DefaultPostRateLimit1 req / 5 minX-API-KEY + X-API-APP-IDHeavy/expensive endpoints
PerIpPolicy50 req / minClient IPDefault for most endpoints
ClientAndIpPolicy50 req / minAPI Key + IPDefault for authenticated reads

Specific endpoints may have tighter or looser limits — check the endpoint reference in SignCare Core API or WealthScape API.

What a 429 looks like

HTTP/1.1 429 Too Many Requests
Content-Type: application/json
Retry-After: 60
{
  "success": false,
  "error": "RateLimitExceeded",
  "message": "Rate limit exceeded. Retry after 60 seconds.",
  "retryAfterSeconds": 60
}

Handling 429 correctly

1. Honor the Retry-After header

If present, wait at least that many seconds before retrying.

2. Use exponential backoff with jitter

Don't hammer the API with immediate retries. Use this pattern:

async function callWithBackoff(fn, maxAttempts = 5) {
  for (let attempt = 0; attempt < maxAttempts; attempt++) {
    const res = await fn();
    if (res.status !== 429) return res;
 
    const serverDelay = parseInt(res.headers.get('retry-after') ?? '0', 10) * 1000;
    const backoff = Math.min(serverDelay || Math.pow(2, attempt) * 1000, 30_000);
    const jitter = Math.random() * 500;
    await new Promise((resolve) => setTimeout(resolve, backoff + jitter));
  }
  throw new Error('Max retry attempts exceeded');
}

3. Batch and queue on your side

If you're onboarding many users at once, queue the requests on your side and drain at a steady rate rather than bursting.

4. Monitor and alert

Track the frequency of 429s in your logs. A sudden spike usually means:

  • A runaway loop
  • Load beyond your contracted rate
  • An upstream provider in degraded state

Need higher limits?

Contact support@signcare.io with:

  • Your API Key (never your secret — just the ID prefix is enough)
  • Expected requests per minute / per day
  • Which endpoint(s)
  • Business justification (volume, campaign, seasonality)

We can often increase limits within hours for contracted customers.

Fair-use limits on free accounts

Free / evaluation accounts are restricted to Stage only and share a global soft limit. Contact us for a paid account to unlock production capacity.

Previous

Authentication

Next

Error Codes

On this page