In order to increase the reliability of our REST API for all our customers, we will introduce new security measures starting in January 2021 to prevent system overload due to excessive automated access.
For this purpose, we will introduce an access limitation for API requests using the AccessToken. Each customer account will then be allowed to make up to 60 such API accesses within one minute. If this limit is exceeded, the server will reject further accesses until the full minute has passed.
Please ensure that the scripts, services or applications you use to access our REST API can handle HTTP status 429 ("Too Many Requests") by the date mentioned above. Ideally, the "Retry-After" header from the server response should be evaluated too. With this header, the server tells you when accesses are allowed again. However, the evaluation of the "Retry-After" header is optional.
If you are using Excel or Microsoft Flow to access our REST API, you do not need to make any adjustments to your site as part of the change. These services already respect the corresponding server responses correctly when the limit is exceeded and only send further requests after the time limit has passed.
If you have further questions, please contact firstname.lastname@example.org.