Adjustments in API traffic burst limits
We will adjust the burst limit rates for our PSD2 API traffic in order to maintain service levels and prevent excessive load on the systems.
Background
Nordea’s PSD2 dedicated interface and the bank’s online and mobile channels share the same backend systems. The bandwidth for how many requests can be processed at the same time is equally shared between the PSD2 APIs and other online and mobile channels.
In order to maintain service quality and prevent excessive load on the system, Nordea has implemented limitations on the number of requests per second (“burst limit”). The limitations also ensure fair usage of Nordea's interfaces and provide equal availability to all TPPs utilising the dedicated interface. We do not have amendments for individual TPPs to avoid any favouring of TPPs. The limitations may vary between API products.
Upcoming changes
We currently review the whole burst limit setup across all our products, to implement changes in the future. For some API products the limitations will stay as is and for some API products the throughput will be raised slightly.
We constantly monitor the performance of the dedicated interface and well as the TPP behaviour and we adjust the platform configurations accordingly.
If a TPP exceeds the set limits, their API calls will not be queued, in order to ensure minimal impact on the response times of the dedicated interface. Instead, the TPP will receive an error message:
{"httpCode":"429","httpMessage":"Too Many Requests","moreInformation":"Assembly Rate Limit exceeded"}
indicating that the limit has been exceeded, and they will need to retry the API calls.
In general, a TPP can reach a better service level by not timing API calls within a very short interval. Instead, the requests should be spread evenly for a longer time span, e.g. over a minute.
Learn about current burst limits and subscribe to our newsletter
You can check your current rate/burst limits for the products you are subscribed to in our:
Please subscribe to our newsletter to receive updates about new features and products.
Frequently asked questions about rate and burst limit header information |
Q: When is the X-RateLimit-Remaining value reset? A: The rate limit is currently a soft limit, which means that it does not restrict the number of API calls in any way. In practice, the information can be skipped. The value is reset at midnight CET. |
Q: For X-BurstLimit-Limit, what is considered a burst? A: A burst is a defined as a number of requests arriving within the same second. |
Q: What is the API behaviour if X-BurstLimit-Remaining drops down to 0? A: When the burst limit has been hit, all further API calls towards the same API Product during the same second are rejected. |