Rate Limits

Attend-Go uses a sliding-window rate limiter to protect the API from abuse while allowing legitimate burst traffic. Limits are applied per IP address and per API key.

v1 endpoints (Ping, Attendance): 120 requests per 60-second window per IP. Internal endpoints have lower per-user limits tuned for their specific use cases.

When rate-limited, responses include a Retry-After header indicating how many seconds to wait before retrying. The response status code is 429 Too Many Requests.

Implement exponential backoff when receiving 429 responses. Cache responses where possible to reduce API calls. Use webhooks instead of polling for real-time updates. Batch requests where the API supports it.