Rate Limiting
The Pagamio VAS API enforces rate limits to ensure fair usage and maintain system stability. Adhering to these limits is essential to avoid request rejections and service disruptions.
Rate Limit Policies
| Endpoint | Limit per Time Window | Scope | Description |
|---|---|---|---|
/auth/login | 5 requests per minute | IP Address | Prevents brute-force login attempts |
/auth/token/refresh | 10 requests per minute | IP Address | Controls token refresh requests |
/purchase | 10 requests per minute | User Token | Ensures users cannot overload the purchase system |
⚠️ All other endpoints currently have no enforced rate limits, but this may change in future releases.
Request Quotas
- Login Requests: Maximum 5 attempts per minute per IP. Exceeding this will return a
429 Too Many Requestsresponse. - Token Refresh Requests: Maximum 10 attempts per minute per IP. Exceeding this will also return a
429status. - Purchase Requests: Maximum 10 requests per minute per valid user token. Excess requests will be rejected until the time window resets.
⚠️ Ignoring rate limits may result in temporary blocking of your IP or user token.
Last updated: October 2025