2026-05-21
api, limitations

The following explain the rate limits, operation caps, and special behaviors of the iCafeCloud API limitations.

  1. The default API rate limit is 200 requests per minute per user.
    When the limit is exceeded, the API returns HTTP 429 with the exception message:
    Too Many Attempts: xxxx
  2. Two endpoints have their own rate limits that override the default:

Endpoint

Rate limit

v2/cafe/{cafeId}/members/action/refreshBonus

100 rpm

v2/cafe/{cafeId}/products/{productId}/image

2000 rpm


  1. All responses whether successful or throttled  carry the same four rate-limit headers:
    X-RateLimit-Limit Meaning: The effective maxAttempts for the matched route.
    When not capped: Constant (e.g. 200). When capped (429):
    X-RateLimit-Remaining Meaning: Requests still available in the current window (post-decrement). When not capped: Counts down — max-1 → max-2 → … → 0. When capped (429): Stays at 0.
    X-RateLimit-Reset Meaning: Unix timestamp (seconds) when a slot frees up next. When not capped: Approximate reset timestamp. When capped (429): Real window-reset moment — use for UI countdown.
    Retry-After Meaning: Seconds to wait; standard HTTP header (RFC 7231 §7.1.3). When not capped: 0. When capped (429): Window seconds remaining; HTTP clients auto-back-off.

—-----------------------------------------------------------------------------------—-----------------------------------------------------

  1. Api load rate limitation is 200 request per minute
    Max limit for some operations:
    const MAX_STAFF                                = 100;
    const MAX_MEMBERGROUP                = 100;
    const MAX_MEMBER                        = 50000;
    const MAX_NEWS                                = 100;
    const MAX_PRICE                                = 100;
    const MAX_PRODUCTGROUP                = 100;
    const MAX_PRODUCT                        = 500;
    const MAX_OFFER                                = 1000;
    const MAX_PCGROUP                        = 100;
    const MAX_PC                                = 500;
    const MAX_ROOM                                = 100;
    const MAX_PAUSE                                = 100;
    const MAX_BOOTPC                        = 500;
    const MAX_HARDWARE                        = 100;
    const MAX_GAMECLASS                        = 100;
    const MAX_GAME                                = 1000;
    const MAX_POOL                                = 100;
    const MAX_POOLLICENSE                = 100;
    const MAX_EVENT                                = 100;
    const MAX_IDCCONFIG                        = 100;
    const MAX_IDCCLASS                        = 100;
    const MAX_ORDER                        = 5000;

  1. The POST /api/v2/cafe/{cafeId}/members/action/topup endpoint limits staff to one top-up per second for the same member.
    This prevents accidental duplicate top-ups when the same member is being credited.

Related: