Skip to main content
Skip table of contents

Crassula quotas and limits

This article lists the quotas and limits that apply to Crassula.

Overview

We impose quotas and limits on different requests in order to safeguard the system from an excess of data it cannot process and to maintain a fair allocation of system resources. We continuously monitor the needs of our customers and adjust our quotas and application algorithms accordingly to enhance security and prevent unauthorized use.

The number of registrations per hour

Quota on the number of registrations per hour from a single IP and the total number of registrations per hour:

  • REG_QUOTA_IP=1

  • REG_QUOTA_TOTAL=50

If the quota is exceeded, the API returns an error with code 429.

If the client uses their own front end and a custom IP address is used in the clientIp field during registration via API (/api/public/register), the quota will also be applied to the specified IP. Custom IP addresses can only be used with API keys.

SMS

Quotas for SMS messages are based on the client's verification status, phone number, and client ID:

Quotas based on IP addresses are not currently applied.

For verified clients:

  • Number of messages per client/phone per hour: 50

  • Number of messages per client/phone per day: 100

For unverified clients:

  • Number of unconfirmed attempts from different IP countries and phone per day: 50

  • Number of unconfirmed attempts to one country per day: 50

  • Number of messages to a country per hour: 100

  • Number of messages to a country per day: 800

  • Number of messages per client/phone per hour: 10

  • Number of messages per client/phone per day: 25

Cooldown periods for repeated unconfirmed attempts:

If a code from an SMS is not used, a cooldown is applied to each client/phone in case of repeated unconfirmed attempts within 24 hours:

  • After the 1st attempt: cooldown of 1 minute

  • After the 2nd attempt: cooldown of 10 minutes

  • After the 3rd attempt: cooldown of 1 hour

  • After the 4th attempt: cooldown of 8 hours

  • Next attempt: available 24 hours after the previous one, and the attempt counter resets

Interacting with SMS quotas in the Banking API:

The following API endpoints include headers indicating the time of the next allowed attempt, both in cases of success and when quotas are exceeded:

  • POST /api/confirmation-codes

  • POST /api/clients/{clientId}/tfa/confirmation-codes

  • POST /api/clients/{clientId}/tfa/confirmation-codes-with-custom-phone

  • POST /api/clients/{clientId}/phones

  • POST /api/clients/{clientId}/phones/{id}/send

  • POST /api/clients/{clientId}/phone-verification/request

Response Headers:

  • 200 OK: Includes X-Next-Attempt-After header indicating when the next attempt can be made.

  • 429 Too Many Requests: Includes X-Next-Attempt-After and Retry-After headers indicating when the next attempt can be made.

See Banking API for more detail.

Interacting with SMS quotas in the Web Interface:

The same quotas and rules apply in the Web Interface as on the backend. Additionally:

In the dialog window for entering the confirmation code from the SMS, if the quota is exceeded:

  • The time until the next available attempt is displayed.

  • The button for resending the code is hidden.

sms-code-quota.png

SMS quotas in Web Interface

Other quotas and limits

Issued cards

To see the limit set for a particular card, navigate to Admin panel>Card Issuing>Issued cards, click the card from the list, and open the Limits tab.

For information on issued cards, see Card Issuing:

Transfers and transactions

For information on limits applied to transfers and transactions, see Limits.

eCommerce

Limits configured by the deposit_limits parameter:

  • not_verified: 0

  • email_verified: 250

  • phone_verified: 1000

  • identified: 15000

The default value is deposit_limits_default_amount: 1000.

Other eCommerce limits:

  • client_limit_allowed_currencies: [ EUR ]

  • client_limit_validity_period:

  • - transaction: '180 days'

  • - withdrawal: '30 days'

  • client_limit_show_account_transaction_count: 5

The transaction_filter_default_limit parameter

For the /clients/{clientId}/transactions and /reports/transactions endpoints the parameter is configured as follows:

transaction_filter_default_limit: 100

Huntli

The Huntli functionality involves passing the limit value, which is either provided by the client or set as the default value:

client_default_monthly_limit: 1000000000

API error codes

Below are the API error codes that apply to limits in Crassula:

  • 429

  • 422

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close