Rate Limits
This API surface is for integration partners building on top of the Rokt network. Rokt ecommerce partners integrating placements on their own checkout should use the Rokt Ecommerce developer docs instead.
The Partnerships API caps requests per minute on a small set of write-heavy and recovery endpoints. Limits are keyed to your partner principal (derived from your API token), not to your IP — so multiple servers in your fleet share one bucket.
Limits by endpointLimits by endpoint への直接リンク
| Method & Path | Limit | Rationale |
|---|---|---|
POST /v1/accounts/register/partnership | 10 / minute | Registration kicks off a multi-step backend orchestration — expensive, and merchant-onboarding traffic is bursty rather than sustained. |
POST /v1/partnership/accounts/{account_id}/payout-setup | 10 / minute | Each call provisions a Stripe Connect account. |
POST /v1/partnership/network-privacy-requests | 10 / minute | Consumer privacy request traffic should be paced and submitted once per user request. |
POST /v1/partnership/accounts/{account_id}/data-deletion-requests | 10 / minute | Account-level deletion submits to the Data Deletion service and is tracked as a partnership operation. |
POST /v1/partnership/accounts/{account_id}/pages | 30 / minute | Add-page provisioning is heavier than a controls write; lower cap than MCL/status. |
PUT /v1/partnership/accounts/{account_id}/pages/{page_id} | 30 / minute | Layout-type switching is page provisioning work — same weight class and cap as add-page. |
PATCH /v1/partnership/accounts/{account_id}/layouts/{layout_id} | 60 / minute | Theme PATCH writes the templated layout configuration. |
PUT /v1/partnership/accounts/{account_id}/marketplacecontrolslists | 60 / minute | Per-merchant control writes; comfortable headroom for batch sync. |
PUT /v1/partnership/accounts/{account_id}/offercontrolslists | 60 / minute | Per-merchant offer-side control writes. |
PUT /v1/partnership/accounts/{account_id}/status | 60 / minute | Pause/resume cascade across page variants. |
GET /v1/partnership/operations/{operation_id} | 600 / minute | Polling-friendly. Sized for ~10 polls/sec across your whole fleet. |
Other read endpoints (GET /v1/partnership/accounts, MCL, OCL, status, payout-status, blocked-domains) | 60 / minute | Per-partner default for partnership reads. |
Limits are per partner, not per merchant. If you onboard 50 merchants in a minute, you'll hit the register limit on the 11th call regardless of which merchant it's for. Spread bursts out, or queue client-side.
POST /v1/partnership/network-privacy-requests does not take Idempotency-Key and does not create a partnership operation. For that endpoint, honor Retry-After and retry only the same user request after backoff. Account-level data deletion uses the normal Idempotency-Key retry contract.
How limits are keyedHow limits are keyed への直接リンク
Limits are keyed to your API credentials. Every server in your fleet using the same credentials shares one counter.
Requests with a missing, invalid, or unverifiable Authorization header are rejected with 401 before rate-limiting applies.
The 429 responseThe 429 response への直接リンク
When a limit is exceeded, the server returns 429 Too Many Requests with the standard partnership envelope:
{
"status": 429,
"error": "RateLimitExceeded",
"message": "Rate limit exceeded: 10 per 1 minute. Retry after the window resets.",
"request_id": "0e3a1b9c-1234-4abc-9def-aaaabbbbcccc",
"data": null
}