We receive a lot of 429 responses from the bunq API and am looking in to building some kind of throtthling.
The docs mention that a maximum of 3 calls per endpoint is allowed PER IP. I hope that really is not the case and that the ApiContext is considered as well.
With over 1500 customers making use of our Bunq synchronization feature, the following is a pretty realistic scenario:
Customer A an B both start the sync-feature, which will read all mutations (paginated) from a certain date:
Within 3 seconds:
Get Customer A mutations, page 1
Get Customer B mutations, page 1
Get Customer A mutations, page 2,
Get Customer B mutations, page 2 => Code 429
In theory i can throttle the calls for a single customer (which should really be much much better than just 3calls/3seconds from a professional API perspective), but it's unthinkable that i have to explain why customer B has to wait, because someone else is 'using the Bunq Api!'
In addition to this, the docs mentions: We have a lower rate limit for /session-server: 1 request within 30 consecutive seconds.
This would mean, we can only have 1 customer starting with Bunq OAuth per 30 seconds?
I really hope somebody can debunk all of the above :)