User API - Usage Limits

The User API has some rate limitations to ensure that we can maintain service levels.

Per Minute Limits

This limit is a maximum on the number of API requests received from a single consumer application in a single minute.

The limit is 360 requests per minute.

If an application sends more requests, later requests will be refused with an HTTP 403 Unauthorized code, and a X-MinuteRate-Limit header will be included in the response.

To aid client applications, we include headers indicating the current status with regard to rate limits. They are:

  • X-MinuteRate-Limit: The current rate limit per minute.
  • X-MinuteRate-Remaining: How many more requests you are allowed in the current minute.

Note that the request per minute limitation does not apply to single sign on requests.

Concurrent Request Limits

This is a limit on the number of simultaneous requests for a single consumer application. These limits only apply to certain calculation-intensive endpoints.

The endpoints that have a concurrent request limit are:

  • Diversity Report (portfolios/:id/diversity.json)
  • Performance Report (portfolios/:id/performance.json)
  • Valuation Report (portfolios/:id/valuation.json)

The limit is 3 concurrent requests.

If we receive more concurrent requests than this limit, later requests will be refused with an HTTP 403 Unauthorized code, and will return a JSON error response with:
"reason":"Too many parallel requests. Currently 3 in process."

Brute Force Limits

As a security precaution, we have several brute force limits in place. You may breach one of these limits if you make repeated requests using an invalid access token over a short time period. If you have reached one of our brute force limits you will receive a 401 Unauthorized response with the message:
Token incorrect, expired or locked out.
You must wait at least 10 minutes before calling our API again.

Trades per Holding Limit

There is a maximum limit of 1000 trades per holding.

If an application sends more trades, later requests will be refused with an HTTP 422 Unprocessable Entity, and will return a JSON error response with:
Limit of trades per holding reached (more than 1000)

Trades per Portfolio Limit

Sharesight is designed for managing investment portfolios with up to 3000 trades. Performance issues may occur when the total number of trades in a portfolio exceeds this limit.