How to handle Rate Limits

The Rate Limiting format of the “Open banking. by Klarna” API collection follows the widely spread pseudo-standard used by the majority of online services, summarized in a RFC draft. In general, if a request cannot be processed due to set limits, a 429 response will be returned. The respective request might be retried as soon as the wait time (in seconds) provided by the RateLimit-Reset header (RFC draft Section 3.4) elapsed. Further details about Rate Limiting can be found in the RFC draft or in other parts of Klarnas documentation.

Rate Limits, if they occur, can mainly be categorized into two groups. In case any of the downstream systems are overloaded (including TSPs and ASPSPs), their 429 response will be forwarded, containing all relevant headers. As this is not expected to happen on a regular basis, the respective Rate Limiting headers will only be present for 429 responses. In case an unnaturally high amount of consent calls are initiated, exceeding typical daily limits or human capabilities (see How to use the Consent API), a protection mechanism will limit further subsequent requests of the respective consent, to ensure compliance according to the PSD2 RTS. In contrast to all other APIs, the Consent API shares the respective Rate Limiting headers in all responses (not exclusive to 429 responses), enabling clients to handle them gracefully.

It is important that clients implement the respective handling of Rate Limits to ensure compliance and the best availability of data.