The tracking API group is used for manipulating your customer and event properties or fetching a specific timestamp.
Please note that the API requests in the Tracking group should be used for real-time tracking rather than, e.g. big scheduled imports; as that causes a significant strain on the technical side.
Starting November 1st, 2021, requests to the Tracking API from a single IP address that are above the new rate limit will get a response HTTP 429 to retry later at a slower rate. The data from the limited IP address will be ignored. Incoming requests from other IP addresses will not be affected. The text below refers to this change, coming November 1st, 2021.
The default IP-based rate limit is set to 6 000 HTTP requests per minute per IP address (i.e., 100 RPS / IP). The actual limit can vary in different instances and will always be at least the above.
Requests to the Tracking API from a single IP address that are above this rate limit will get a response HTTP 429 Too Many Requests. This means you should retry the request(s) later with an Exponential backoff and send subsequent requests at a slower rate. The data that had been sent in a request with a response 429 will be ignored (i.e., not saved into the platform). Incoming data in requests from other IP addresses will not be affected.
The HTTP 429 error is a protection put in place to protect your project and avoid erroneously consuming MPE in case one of the integrations goes haywire and produces an excessive amount of events, for example, a one-page view tracked a hundred times instead of only once. Thus this protection helps prevent cluttering data or slowing down campaigns.
The limits are designed to be high enough to ensure that no legitimate tracking use case will ever hit the limit. Because the limit applies at a single visitor level, even if you have millions of visitors on your site at the same time, it is highly unlikely you would hit the limit.
If you indeed hit this limit, please review your integrations (JS SDK, Mobile SDKs or backend integrations), whether some of the API callers (limit is per IP) are not erroneously producing excessive messages. If your API calls are indeed legitimate, reach out to to your CSM and request limit increase.
X-Forwarded-Foris used, the IP address in this header is taken for the purposes of IP-based rate limit instead of the actual sender address. This ensures that the rate limit is per customer endpoint even when the events need to be resent by proxy and are aggregated in a single IP.