API Rate Limits

How many API requests you can send, at the user and account level, and how to stay within the limits.

ReferenceAutomated trading429 errors
In short

Every action (placing an order, reading the orderbook, reading positions, and so on) sends one request per account to your broker's server. To protect those servers, we apply rate limits at two levels: user level and pseudo/trading account level. Cross any limit and you get a `429 Too Many Requests` error. The limits are generous, so a breach usually means a bug in your strategy code.

API stands for Application Programming Interface. In simple words, every action you do (placing an order, reading the orderbook or positionbook, and so on) creates one request per account. Each request talks to your stock broker’s server to place an order, read portfolio data, and similar tasks. Too many requests in a short time can affect a server’s performance. So both we and your brokers set limits on how many requests can be sent.

These API limits mainly affect API users doing automated trading. Manual traders are unlikely to face this issue unless they send a lot of orders in bulk. If a manual trader does hit a limit, they should report it to support.

Why rate limits exist

There are two main reasons for rate limits:

  • Bad code written by a user that calls API functions continuously in a loop
  • A malicious user trying a DOS attack

As an API user, you need to understand that this is the most important feature for you as well. An API breach is almost always caused by a bug in the user’s strategy code. API limits help you safeguard yourself. We have seen users suffer heavy losses because their rogue code kept firing orders, when they used APIs that do not have such limits.

Admin

Limits

If your system crosses any of the limits below, you will receive a server error: 429 Too Many Requests.

User level

This applies at the user level, so requests for all accounts are counted together.

LimitTime interval
500 requestsper 5 seconds
1500 requestsper 1 minute

Pseudo / trading account level

This applies at the pseudo/trading account level, so only requests for a single pseudo/trading account are counted.

LimitTime interval
60 requestsper 5 seconds
130 requestsper 1 minute
300 requestsper 5 minutes

How limits are calculated

Every API request made to the AutoTrader Server counts as 1 unit. The common requests are:

  • Place Order
  • Modify Order
  • Cancel Order
  • Read Positions
  • Read Orders
  • Read Margins

Desktop client

The desktop client syncs your live portfolio to your computer. It runs a sync every 15-20 seconds, and you can change this interval in settings. The client may increase the interval if you have more accounts. This is because each sync makes 3 requests for each live account (to fetch orders, positions and margins).

Guidelines for staying within API limits

Manual trading (website users)

Manual traders are unlikely to breach limits unless they have 100+ accounts under them.

Here is an example. Assume you have 100 live accounts under you. When you place an order, or refresh a screen (positions, orders, margins, and so on), it creates:

  • 1 request for each trading account
  • 100 requests under your user

When does a breach happen?

  • The 5-second user-level limit is 500. If you refresh the screen 6 times within 5 seconds, that is 600 requests in 5 seconds, which breaches the limit.
  • The 1-minute user-level limit is 1500. If you refresh the screen 16 times within 1 minute, that is 1600 requests in 1 minute, which breaches the limit.

Based on how many accounts you trade, you can work out how many operations you can do within the limits. As a general rule, do not go too close to the limits.

Automated trading (API users)

The limits are set to a reasonable value. If your code is breaking them, check that it is not doing something wrong or redundant.

  • Keep only those pseudo accounts live that your strategy actually uses.
  • If you are using the desktop client:
    • If you are doing random testing, close the desktop client. This stops your requests from reaching the AutoTrader server.
    • Set portfolio sync to OFF if your strategy does not read live portfolio data.
    • Increase the portfolio sync interval (for example, 30 or 40 seconds).
    • The client has built-in handling to avoid hitting the limits. Unless you have too many live accounts, the client should take care of it.
  • If you access the API directly (without the desktop client):
    • Cache the portfolio in your strategy and refresh it periodically, or only when needed.
    • If your strategy creates many orders in a short time, add some delay in your code to avoid hitting the limits.

Breach of limit

A breach is a serious issue. It puts load on our servers and affects other clients. Worse, if a broker’s RMS (Risk Management System) has bugs, a breach could send too many orders to the exchange, which in rare cases can cause far bigger problems. The load from one user’s badly written code can affect all of our clients if we do not keep API rate limits in place.

Whenever a breach happens, the system automatically disables the user account. The user is expected to explain the cause and the fixes to avoid hitting API limits again. If a user keeps breaching the limits or fails to cooperate with the support team, their access will be permanently revoked.

Admin

Note: If your AutoTrader Web user is disabled, it does not mean you cannot trade. You can always log in to your stock broker’s trading terminal and operate your trading account.

API limits protect stock exchanges and their systems, stock brokers and their systems, our own systems, and all market participants (traders and investors). So we have a zero-tolerance policy for users who fail to cooperate when a breach happens.

Industry standards

API rate limits are a standard practice in the industry, though not every user is aware of it. Most major brokers and trading platforms publish similar order and request rate limits in their own API documentation.

Next steps

Was this page helpful?

Last updated 20 June 2026