Webhooks & APIs
      Back to home
      1. Knowledge Base
      2. Webhooks & APIs

      Booxi API - Fair Use & Limitations

      Fair use and limitations pertaining to the usage of Booxi API.

      Fair Use

      • API Key Usage
        The Merchant API key shall be used as a public key, which can be implemented in both client and server sides. The Partner API key shall be used as a private key (similar to a password) and solely used for server to server calls. If a partner key is exposed to the public, we shall not be held responsible for any data leak associated with this partner key, as it is the responsibility of the client to protect the confidentiality of the key.
      • API Calls
        API calls per API key shall not exceed 5 requests per second with a maximum of 300 requests per minute. Exceeding this quota will return a 429 error, and it is the responsibility of the client to respect this quota and handle the 429 errors. We also recommend making API calls with an interval of at least 10ms between each request. Any API calls generating 400 errors will count as double requests for the quota.
      • API Change
        Booxi shall be free to apply any changes required to comply with applicable law, address a material security risk, or avoid a substantial economic or material technical burden.

        As part of its progressive maintenance Booxi may choose to develop new components, features or API that come in replacement of existing ones. Clients will be notified of any deprecation at least 6 months in advance of the new release. When such replacements are released, a transition period of 3 months will be observed before deprecating the replaced component, feature or API. The transition period might be extended if regressions or anomalies are detected.
      • API Abuse
        API usage is solely authorized to conduct legal business by the client or a consultant under contractual agreement with the client, any usage for spam or reported as abusive is strictly prohibited and will result in the revocation of the API access. It is also prohibited to resell the use of the API.

      Limitations

      • Limit of 300 calls per minute.
      • Polling is not permitted, the use of a webhook is recommended instead.
      • The API shall not be used to query large amounts of data, such as for reporting or BI purposes, the use of a webhook or automated CSV transfers is recommended instead.