# Rate Limiting Guide

The Fig Markets API implements rate limiting to ensure fair usage and protect our services. Rate limits are currently applied only to the HTTP API endpoints.

## Rate Limit Basics

### Default Limits

Currently all HTTP API endpoints have equal weighting and are subject to the same rate limit.

- **Rate Limit**: 1000 requests per minute per user/IP
- **Time Window**: 1 minute (sliding window)


## HTTP API Rate Limiting

### Rate Limit Headers

Every HTTP response includes rate limit information in the headers:


```
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 950
X-RateLimit-Reset: 1640995200
```

- **X-RateLimit-Limit**: Maximum requests allowed in the time window
- **X-RateLimit-Remaining**: Number of requests remaining in the current window
- **X-RateLimit-Reset**: Unix timestamp when the rate limit window resets


### Rate Limit Exceeded Response

When you exceed the rate limit, you'll receive a `429 Too Many Requests` response:


```json
{
  "error": "Rate limit exceeded",
  "message": "Too many requests",
  "limit": 100,
  "window": "1m0s",
  "reset": 1640995200
}
```

### Example: Handling Rate Limits in HTTP Requests


```javascript
// JavaScript/Node.js example
async function makeApiRequest(url, options = {}) {
  try {
    const response = await fetch(url, options);

    // Check rate limit headers
    const limit = response.headers.get('X-RateLimit-Limit');
    const remaining = response.headers.get('X-RateLimit-Remaining');
    const reset = response.headers.get('X-RateLimit-Reset');

    console.log(`Rate limit: ${remaining}/${limit} requests remaining`);
    console.log(`Reset time: ${new Date(reset * 1000)}`);

    if (response.status === 429) {
      const error = await response.json();
      console.log('Rate limit exceeded:', error);

      // Wait until reset time
      const waitTime = (reset * 1000) - Date.now();
      if (waitTime > 0) {
        console.log(`Waiting ${waitTime}ms for rate limit reset`);
        await new Promise(resolve => setTimeout(resolve, waitTime));
      }

      // Retry the request
      return makeApiRequest(url, options);
    }

    return response;
  } catch (error) {
    console.error('Request failed:', error);
    throw error;
  }
}
```


```python
# Python example
import requests
import time
from datetime import datetime

def make_api_request(url, headers=None):
    try:
        response = requests.get(url, headers=headers)

        # Check rate limit headers
        limit = response.headers.get('X-RateLimit-Limit')
        remaining = response.headers.get('X-RateLimit-Remaining')
        reset = response.headers.get('X-RateLimit-Reset')

        print(f"Rate limit: {remaining}/{limit} requests remaining")
        print(f"Reset time: {datetime.fromtimestamp(int(reset))}")

        if response.status_code == 429:
            error = response.json()
            print('Rate limit exceeded:', error)

            # Wait until reset time
            wait_time = (int(reset) * 1000) - int(time.time() * 1000)
            if wait_time > 0:
                print(f"Waiting {wait_time}ms for rate limit reset")
                time.sleep(wait_time / 1000)

            # Retry the request
            return make_api_request(url, headers)

        return response
    except Exception as e:
        print(f"Request failed: {e}")
        raise
```

## WebSocket Rate Limiting

### Rate Limit Exceeded Response

When you exceed the WebSocket rate limit, you'll receive a JSON-RPC error response:


```json
{
  "jsonrpc": "2.0",
  "id": "your_request_id",
  "error": {
    "code": -32603,
    "message": "Rate limit exceeded",
    "data": {
      "limit": 100,
      "window": "1m0s",
      "reset": 1640995200
    }
  }
}
```