November 05, 2019

Protecting you against rogue scripts

To help protect you against rogue scripts, we've introduced rate limiting to our pay-as-you-go API

Sometimes scripts go rogue and get scaled accidentally. To better handle this, we've introduced a rate limit of 1,000 individual API calls per minute for the pay-as-you-go plan.

To be very clear about what this means, it is only related to individual API calls, not the number of lookups in a batch. You can still use our batch endpoint to process thousands of lookups at once. (Here's our documentation on single versus batch calls.)

Why are we doing this? On our pay-as-you-go plan, everyone is sharing the same pool of resources. This means that if one customer has a script that goes rogue, it can cause slowdowns or even outages for everyone else. (And a gigantic bill for the person who accidentally scaled.)

For a long time, we've resisted the idea of rate limiting, as we want to be able to scale with you no matter the success you have. But, recent (friendly) incidents have forced us to change this. This is effectively a case of the Tragedy of the Commons: if one person lets their sheep eat all of the grass, there won't be enough for everyone else.

We have set the rate limit at 1,000 per minute for single requests because we think it is reasonably above what most use cases require. (For comparison, the Mapbox Geocoding API has a rate limit of 600 requests per second.)

If do you need higher throughput, we can still help. The Unlimited plan will continue to be un-limited, with dedicated resources per customer and base throughput at 200,000 lookups per hour when optimized. If you need more than that, we can always create a custom cluster for you.

As always, please feel free to reach out. We're here to help.