inNovaAPI
Authentication

Rate Limiting

API rate limits and IP whitelist configuration

Rate Limits

Each API Key has a configurable rate limit (default: 100 requests per minute).

When you exceed the limit, the API returns:

HTTP Status: 429 Too Many Requests

Response Headers:

HeaderDescription
X-RateLimit-LimitYour configured limit (requests per minute)
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp (seconds) when the window resets
Retry-AfterSeconds to wait before retrying

Response Body:

{
  "success": false,
  "error": "rate limit exceeded"
}

IP Whitelist

You can restrict API Key usage to specific IP addresses:

  • Supports individual IPs: 203.0.113.50
  • Supports CIDR ranges: 203.0.113.0/24
  • Empty whitelist = no restriction (any IP allowed)

Requests from non-whitelisted IPs receive 403 Forbidden.

Best Practices

  • Use separate keys for different applications
  • Set conservative rate limits for automated trading
  • Monitor your usage and increase limits only when needed