Skip to main content
To maintain service reliability, protect against abuse, and ensure consistent quality of service for all users, the following rate limits apply to the APIs. All Secure ID verification APIs are subject to rate limits measured in transactions per minute (TPM). These limits apply per merchant account and are categorised based on resource requirements and typical usage patterns of each API.

Standard

100 TPM - Verification APIs that require real-time processing and external data validation

Medium

200 TPM - Lightweight verification services with faster processing capabilities

Restricted

5 TPM - Resource-intensive bulk operations that require significant processing time

Rate limits

  • Standard (100 TPM)
  • Medium (200 TPM)
  • Restricted (5 TPM)
Standard rate limit: 100 transactions per minuteSecure ID APIs that require real-time processing and external data validation.
APIDescription
Aadhaar MaskingMasks sensitive Aadhaar information
Bank Account Verification Async V2Asynchronous bank account validation
Bank Account Verification Sync V2Synchronous bank account validation
Create Auth TokenCreates authentication token for Video KYC
Create E-Sign RequestInitiates electronic signature process
Create User for Secure ID SuiteCreates user profile for Video KYC
Data AvailabilityChecks data availability for verification
Deactivate Static KYC LinkDeactivates static KYC verification link
Driving LicenceValidates driving licence information
Employee DetailsRetrieves employment verification data
Face MatchCompares facial biometric data
Fetch Financial InformationRetrieves financial account information
Fetch GSTIN with PANRetrieves GST numbers linked to PAN
GETFetch User Details From Access TokenRetrieves user details using access token
Generate Static KYC LinkGenerates static KYC verification link
GeocodingConverts address to geographical coordinates
Get BAV Status V2Retrieves bank account verification status
Get Consent StatusChecks consent status for data access
Get E-Sign StatusChecks electronic signature status
Get Status for Verify PAN in BulkRetrieves bulk PAN verification status
Get Status of Aadhaar Verification via OCRChecks OCR-based Aadhaar verification
Get Status of PAN Verification via Smart OCRChecks OCR-based PAN verification
Get Status of Verify PAN SyncChecks synchronous PAN verification status
Get Video KYC StatusGets Video KYC session status
Initiate Video KYC RequestStarts Video KYC verification process
Mobile 360 Send OTP RequestSends OTP for mobile verification
Mobile 360 Verify OTPVerifies OTP for mobile authentication
Name MatchCompares name variations and matches
PAN 360Comprehensive PAN details and validation
Initiate OAuthInitiates OAuth authentication process
OAuth Access Token GenerationGenerates OAuth access token
PassportValidates passport information
Request ConsentRequests user consent for data access
Request Financial InformationRequests access to financial data
Reverse GeocodingConverts coordinates to address information
Smart OCROptical character recognition for documents
Upload Document For E-SignUploads documents for electronic signing
Vehicle RCRetrieves vehicle registration details
Verify CINValidates Corporate Identity Numbers
Verify GSTINValidates GST identification numbers
Voter IDValidates voter identification cards

Rate limit error handling

When you exceed the rate limit for any API, the system returns an HTTP 429 status code.
The following response structure is returned when rate limits are exceeded:
{
  "type": "invalid_request_error",
  "code": "rate_limit_exceeded",
  "message": "Too many requests",
  "details": [
    {
      "field": "rate_limit",
      "issue": "Rate limit exceeded for this endpoint"
    }
  ]
}

Best practices for rate limit management

Use these guidelines to optimise your API usage and avoid rate limit errors.
When you receive a 429 response, implement retry logic with exponential backoff:
async function makeAPIRequest(url, options, maxRetries = 3) {
  for (let attempt = 1; attempt <= maxRetries; attempt++) {
    try {
      const response = await fetch(url, options);
      
      if (response.status === 429) {
        const retryAfter = response.headers.get('retry-after');
        const delay = retryAfter ? parseInt(retryAfter) * 1000 : Math.pow(2, attempt) * 1000;
        
        console.log(`Rate limit exceeded. Retrying after ${delay}ms`);
        await new Promise(resolve => setTimeout(resolve, delay));
        continue;
      }
      
      return response;
    } catch (error) {
      if (attempt === maxRetries) throw error;
    }
  }
}
Check the rate limit headers in successful responses to proactively manage your request timing:
const response = await fetch('/api/verify-gstin', options);

const remaining = response.headers.get('X-RateLimit-Remaining');
const resetTime = response.headers.get('X-RateLimit-Reset');

if (parseInt(remaining) < 10) {
  console.log('Approaching rate limit. Consider slowing down requests.');
}
Avoid sending bursts of requests at the beginning of each minute. Instead, distribute your requests evenly throughout the time window.Example strategy:
  • For 100 TPM limit: Send 1 request every ~600ms
  • For 200 TPM limit: Send 1 request every ~300ms
  • For 5 TPM limit: Send 1 request every ~12 seconds

Requesting rate limit increases

If your application requires higher rate limits, you can submit a request through the support form or contact your account manager directly. When you submit your request, include the following information:
  • Your merchant ID
  • Current usage patterns and volumes
  • Expected future usage requirements
  • Business justification for the increase
Your account manager can provide faster processing and personalized assistance for rate limit increase requests.
I