Rate limits

Limits are applied per client IP + endpoint. When the quota is exceeded the API responds with HTTP 429 Too Many Requests.

Endpoint quotas

The following per-endpoint windows are enforced. Endpoints not listed below are not throttled.

Method	Endpoint	Window	Max requests
POST	/Login/*	1 minute	5
POST	/Payment/request	1 minute	5
POST	/Payment/promo	1 minute	5
POST	/Payment/card-list	1 minute	10
POST	/Payment/terms-list	1 minute	10
POST	/Order	1 minute	50
POST	/Order/Guest	1 minute	10
POST	/Product/List	1 minute	30
POST	/Product/external/list	1 minute	10
GET	/Categories	1 minute	20
POST	/Categories/List	1 minute	20
GET	/Customers/Address/Countries	1 minute	10
GET	/Customers/Address/Cities	1 minute	10
GET	/Customers/Address/Districts	1 minute	10
GET	/Content/Sliders	1 minute	15
POST	/Content/Stories	1 minute	15
POST	/Content/Showrooms/*	1 minute	15
GET	/Content/Banners/*	1 minute	15
GET	/Content/News	1 minute	15
GET	/Content/Banks	1 minute	15
GET	/Content/Filters	1 minute	15
GET	/Content/Search/*	1 minute	30
GET	/Content/Configs	1 minute	5
GET	/Categories/List/*	1 minute	15
GET	/Categories/*	1 minute	15
GET	/Categories/Variants/*	1 minute	15
GET	/Categories/Variants	1 minute	15
GET	/Categories/Types	1 minute	15
GET	/Products/Detail/{productID}/*	1 minute	15
GET	/Products/Similars/{productID}/*	1 minute	15
GET	/Products/Comments/*/*	1 minute	15
GET	/Products/List/*	1 minute	20
GET	/Products/Regions	1 minute	15
GET	/Products/Brands	1 minute	15
GET	/Products/Types	1 minute	15
GET	/Products/Platforms	1 minute	15
GET	/Products/Variants	1 minute	15
GET	/Products/Variants/Types	1 minute	15

429 response

When a quota is exceeded the API responds:

HTTP/1.1 429 Too Many Requests
Retry-After: 17

Honor the Retry-After header (seconds) before retrying.

Backoff strategy

Use full-jitter exponential backoff:

delay = random(0, min(cap, base * 2 ** attempt))

with base = 200ms, cap = 10s, capped at five attempts.