Skip to main content

Rate limits

There are limits to the number of API requests that you can make within one minute. Every request to a REST endpoint or a WebSocket action is allocated a number of Rate limit weight points.

For example, a Create order request uses 1 weight point.

How it's calculated

The system tracks the number of weight points you use within one minute. The default rate limit is 1000 weight points per minute. Every minute the system resets the counter at bitvavo-ratelimit-resetat.

For every request to Bitvavo API, both REST and WebSocket, the weight points within a minute are subtracted from bitvavo-ratelimit-limit. The system calculates the bitvavo-ratelimit-remaining weight points before the next bitvavo-ratelimit-resetat.

For the calculation, there is also a difference between authenticated and unauthenticated users:

  • If you authenticate your requests, we track your rate limit based on your API key. This applies to both the public and private endpoints.
  • If you don't authenticate your requests, we track your rate limit based on your IP address. This only applies to the public endpoints.

Going over the limit

If you exceed bitvavo-ratelimit-limit within one minute:

  • Authenticated users are blocked for 1 minute (tracked by API key).
  • Unauthenticated users are blocked for 15 minutes (tracked by IP address).

This results in an HTTP 429 response with errorCode 110.

For example, if you exceed the rate limit at 12:00:15 as an authenticated user, you will be able to make requests again at 12:02:00. This is because you used up the rate limit for that first minute and the system blocks you for another minute.

Retrieve the remaining weight points

Rate limit details are included in the REST API response headers:

  • bitvavo-ratelimit-remaining: your remaining weight points until the counter resets.
  • bitvavo-ratelimit-resetat: the timestamp when the counter resets.
  • bitvavo-ratelimit-limit: your allocated weight points per minute. The default value is 1000.

For requests to the WebSocket API, the response doesn't include the rate limit headers. To keep track of your weight points, you need to make a request to the REST API.

WebSocket rate limits

You can maintain multiple WebSockets streams at the same time. Each WebSocket stream has a limit of 5000 requests per second.

If you exceed this request limit, you get an HTTP 429 errorCode 112 and blocks your account for 1 minute.