PlutoPay Docs
API Reference Dashboard ↗

#Rate limits

Requests are rate limited per merchant (keyed by API key), so your limit is never affected by other merchants.

Bucket Limit
Standard endpoints 100 requests / minute
Payment creation (/v1/transactions, /v1/payment-intents, /v1/terminal/create-payment, /v1/checkout/sessions) 60 requests / minute (in addition to the standard bucket)

#Headers

Every /v1 response carries the current budget:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 97

When you exceed a limit you get 429 with a Retry-After header (seconds) and the canonical error envelope:

{ "error": { "type": "rate_limit_error", "message": "Too many requests. Please slow down and retry shortly." } }

#Handling 429

Back off for Retry-After seconds and retry — prefer exponential backoff. Because a 429 means the request was not processed, it's safe to retry with the same Idempotency-Key.

The inbound webhook endpoint is separately protected with a high per-IP limit; it does not affect your API budget.