Note
Rate limiting is effective as of April 27, 2026.
Rate limiting is effective as of April 27, 2026.
- Use time-based windows, expressed as requests per second (RPS) or transactions per second (TPS).
- Apply at multiple levels: IP address, API key, user account, or endpoint.
- Use configurable thresholds based on program requirements.
- Automatically reset after the designated time window expires.
-
Return the
HTTP 429 Too many requestsstatus code when thresholds are exceeded.
Rate limiting benefits
Marqeta uses rate limits to prevent abuse and protect the stability, reliability, and performance of the Marqeta platform. Rate limiting is consistent with standard industry practice, and helps Marqeta achieve the following goals:- Reduce the impact of potential risks, such as service degradation from traffic surges or cascading failures.
- Protect the Marqeta platform from becoming overloaded, reducing the possibility that any single tenant or malicious actor could degrade service quality for others.
- Provide security by protecting Marqeta customers from the impacts of service disruptions due to automated attacks, such as credential stuffing, brute force attempts, and distributed denial-of-service (DDoS) attacks.
- Highlight unusual request patterns that often indicate fraudulent activity, providing security teams with early warning signals for investigation.
Program-based rate limiting at Marqeta
Marqeta applies rate limits at the program level, which means that your program has one aggregated API throughput limit across all Core API calls. Authorization traffic is excluded from rate limits, so that only your API usage is affected. When your program exceeds the established limit, the Marqeta platform returns a status code ofHTTP 429 Too many requests, and the API request is not successful. These requests must be resubmitted once traffic drops below the program limit. For example, if your program limit is 200 RPS and you make 300 concurrent calls, 100 of those requests will receive an HTTP 429 response.
Your specific rate limits are based on Marqeta’s analysis of your program’s historical usage patterns and infrastructure requirements.
- Proactive Partnership: If Marqeta has not yet informed you about your program’s rate limit, contact your Account Manager before April 27, 2026.
- Multiple Programs: If you have more than one program live with Marqeta, the new rate limits are applied individually at the program level and are aggregated across all API calls within that specific program.
- Revising Limits: If you outgrow your assigned limits, they can be revised. You can submit a request via your dedicated Customer Success Account Manager for an evaluation.