Crassula quotas and limits
This article lists the quotas and limits that apply to Crassula.
Overview
We impose quotas and limits on different requests in order to safeguard the system from an excess of data it cannot process and to maintain a fair allocation of system resources. We continuously monitor the needs of our customers and adjust our quotas and application algorithms accordingly to enhance security and prevent unauthorized use.
The number of registrations per hour
Quota on the number of registrations per hour from a single IP and the total number of registrations per hour:
REG_QUOTA_IP=1
REG_QUOTA_TOTAL=50
If the quota is exceeded, the API returns an error with code 429
.
If the client uses their own front end and a custom IP address is used in the clientIp
field during registration via API (/api/public/register
), the quota will also be applied to the specified IP. Custom IP addresses can only be used with API keys.
SMS
Quotas for SMS messages are based on the client's verification status, phone number, and client ID:
Quotas based on IP addresses are not currently applied.
For verified clients:
Number of messages per client/phone per hour: 50
Number of messages per client/phone per day: 100
For unverified clients:
Number of unconfirmed attempts from different IP countries and phone per day: 50
Number of unconfirmed attempts to one country per day: 50
Number of messages to a country per hour: 100
Number of messages to a country per day: 800
Number of messages per client/phone per hour: 10
Number of messages per client/phone per day: 25
Cooldown periods for repeated unconfirmed attempts:
If a code from an SMS is not used, a cooldown is applied to each client/phone in case of repeated unconfirmed attempts within 24 hours:
After the 1st attempt: cooldown of 1 minute
After the 2nd attempt: cooldown of 10 minutes
After the 3rd attempt: cooldown of 1 hour
After the 4th attempt: cooldown of 8 hours
Next attempt: available 24 hours after the previous one, and the attempt counter resets
Interacting with SMS quotas in the Banking API:
The following API endpoints include headers indicating the time of the next allowed attempt, both in cases of success and when quotas are exceeded:
POST /api/confirmation-codes
POST /api/clients/{clientId}/tfa/confirmation-codes
POST /api/clients/{clientId}/tfa/confirmation-codes-with-custom-phone
POST /api/clients/{clientId}/phones
POST /api/clients/{clientId}/phones/{id}/send
POST /api/clients/{clientId}/phone-verification/request
Response Headers:
200 OK: Includes
X-Next-Attempt-After
header indicating when the next attempt can be made.429 Too Many Requests: Includes
X-Next-Attempt-After
andRetry-After
headers indicating when the next attempt can be made.
See Banking API for more detail.
Interacting with SMS quotas in the Web Interface:
The same quotas and rules apply in the Web Interface as on the backend. Additionally:
In the dialog window for entering the confirmation code from the SMS, if the quota is exceeded:
The time until the next available attempt is displayed.
The button for resending the code is hidden.
Other quotas and limits
Issued cards
To see the limit set for a particular card, navigate to Admin panel>Card Issuing>Issued cards, click the card from the list, and open the Limits tab.
For information on issued cards, see Card Issuing:
Transfers and transactions
For information on limits applied to transfers and transactions, see Limits.
eCommerce
Limits configured by the deposit_limits
parameter:
not_verified: 0
email_verified: 250
phone_verified: 1000
identified: 15000
The default value is deposit_limits_default_amount: 1000
.
Other eCommerce limits:
client_limit_allowed_currencies: [ EUR ]
client_limit_validity_period:
-
transaction: '180 days'
-
withdrawal: '30 days'
client_limit_show_account_transaction_count: 5
The transaction_filter_default_limit
parameter
For the /clients/{clientId}/transactions
and /reports/transactions
endpoints the parameter is configured as follows:
transaction_filter_default_limit: 100
Huntli
The Huntli functionality involves passing the limit value, which is either provided by the client or set as the default value:
client_default_monthly_limit: 1000000000
API error codes
Below are the API error codes that apply to limits in Crassula:
429
422