Basis Theory · Rate Limits

Basis Theory Rate Limits

Basis Theory applies per-tenant request rate limits and per-request detokenization caps across its APIs, and returns HTTP 429 when limits are exceeded. Documented hard caps include at most 20 tokens detokenized within a single Proxy request and at most 100 tokens detokenized within a single Reactor request. A tenant may register up to five webhook URLs. Numeric requests-per-second limits are governed by plan and are not fully published; those values are not reconciled in this artifact.

Basis Theory Rate Limits is the machine-readable rate-limit profile for Basis Theory on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 4 rate-limit definitions, measuring tokens, webhooks, and requests.

The profile also includes 2 backoff/retry policies defined and response codes documented for throttled.

Tagged areas include Tokenization, Data Vault, PCI Compliance, Payments, and Security.

4 Limits Throttle: 429
TokenizationData VaultPCI CompliancePaymentsSecurityRate LimitingQuotasThrottling

Limits

Proxy Detokenization Per Request request
tokens
20
At most 20 tokens may be detokenized within a single Proxy request.
Reactor Detokenization Per Request request
tokens
100
At most 100 tokens may be detokenized within a single Reactor request.
Webhook URLs Per Tenant tenant
webhooks
5
Each tenant may register up to five webhook URLs.
Requests Per Second tenant
requests
see provider documentation
Per-tenant request rate limits are governed by plan; not publicly enumerated.

Policies

Tiered Limits
Limits scale with plan; Enterprise agreements may raise or remove default caps.
Backoff Strategy
Clients should implement exponential backoff with jitter and honor Retry-After on HTTP 429 responses.

Sources