Xaman Developer Docs
Developer ConsoleAPI Endpoints
  • Build on Xaman
  • Concepts
    • Getting started
      • Terminology
      • Developer Education
    • 🔐Authorization & Credentials
    • Payloads (sign requests)
      • 🚨Secure Payment Verification
      • Workflow
      • Lifecycle
        • Sample POS lifecycle
      • Payload Delivery
        • Deep Linking
        • QR Scanning
        • Push
        • xApps
        • Mobile (iOS/Android)
        • Desktop browser
      • Status updates
        • Websocket
        • Webhooks
          • Signature verification
        • API Call (polling)
      • Networks
      • Payload Return URL
      • Tx Explorer(s)
    • Special Transaction Types
    • Limitations
      • Rate limits
      • Transaction types
      • Push permission
    • Implementation checklist
      • Protocol specific checks
  • Environments
    • 🌎Browser ("Web3")
      • CORS (Browser)
    • 📱xApps ("dApps")
      • Requirements
      • Develop & Test
      • CORS (xApp)
      • Xumm UI interaction
      • Your own backend (Auth)
      • Style guide
      • Development & Debugging
      • xAppBuilder 🏗️
        • Connecting localhost to xAppBuilder
        • xAppBuilder FAQ
    • 📂Backend (SDK / API)
      • User identification payloads
    • 🎛️Native Apps
    • 🙇Identity (OAuth2, OpenID)
      • Test Tools
  • JS/TS SDK
    • Xaman SDK (Intro)
    • Examples / User stories
      • Sign Requests (payloads)
        • Browser
        • xApp
        • Backend
      • Verify Payload signature
      • Simple Sign Request
    • 📦SDK (syntax)
      • Xumm.ping()
      • Xumm.on(event, fn)
      • Xumm.off(event, fn)
      • Xumm.helpers { … }
        • ping()
        • getRates( … )
        • getRails()
        • getHookHash( … )
        • getHookHashes()
        • getCuratedAssets()
        • getNftokenDetail( … )
        • getKycStatus( … )
        • verifyUserTokens([ … ])
        • getTransaction( … )
      • Xumm.user { … }
      • Xumm.environment { … }
      • Xumm.payload { … }
        • create( … )
        • createAndSubscribe( … )
        • cancel( … )
        • subscribe( … )
        • get( … )
      • Xumm.xapp { … }
        • ready()
        • openSignRequest({ … })
        • selectDestination({ … })
        • scanQr()
        • tx({ … })
        • close({ … })
        • share({ … })
        • navigate({ … })
        • openBrowser({ … })
        • on(xAppEvent, fn)
        • off(xAppEvent, fn)
      • Xumm.userstore { … }
        • list()
        • get( … )
        • delete( … )
        • set( … , { … } )
      • Xumm.backendstore { … }
        • get()
        • set({ … })
        • delete()
      • Xumm.push { … }
        • event( … )
        • notification( … )
      • Xumm.runtime { … }
      • Xumm.authorize()
      • Xumm.logout()
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Concepts
  2. Limitations

Rate limits

To prevent excessive load on our platform, the Xumm platform applies rate limits. The limits depend on the type of consumer (regular API, SDK, JWT) and endpoint(s).

PreviousLimitationsNextTransaction types

Last updated 1 year ago

Was this helpful?

On average, the Xumm platform allows API consumers to make between 60~200 calls per minute. These numbers depend on the load on the platform and the use of the API consumer.

Some endpoints have lower limits, e.g.:

  • POST a Payload (sign request) on average allows for sending 30 payloads per minute

  • Fetching TXs (no need to use our platform, best use a native XRPL WebSocket connection): 60 requests per minute

  • KYC status: 600 calls per minute

  • Account metadata: 120 calls per minute

To make sure you are not hitting the API limits, every call to our API returns two response headers:

  • X-RateLimit-Limit (e.g.: 30)

  • X-RateLimit-Remaining (e.g. 21)

These headers return the results of the current requests allowed per minute, and the amount remaining in the current (sliding) minute.

These numbers are not guarantees: they are averages and can be adjusted by our platform on the fly, based on your overall API call behaviour & end user interaction(s).

Raising API limits

If there are good reasons to assign elevated API limits, we're happy to have a discussion to hear about the reasons how your application consumes the Xumm API, and why your application needs higher limits. Please .

API limits will only be raised if:

  • Your app does not use polling techniques: to retrieve the status of a payload, use the websocket we provide for status updates (or the createAndSubscribe / subscribe method provided by the SDK: createAndSubscribe( … ) / createAndSubscribe( … )). Backend applications can also use a webhook: Webhooks.

  • (If your app is an xApp) - Your app respects the xApp Requirements\

contact Xumm Support