Pomelo Rate Limits
Pomelo (pomelo.la) secures its REST API with OAuth 2.0 client-credentials Bearer tokens and applies per-client protections against abuse. Public, per-endpoint request quotas are not published; effective limits are set per program. Operationally significant is the real-time authorizer: when Pomelo POSTs an authorization to the client's endpoint, the client must validate the signature and return a signed approve/reject response within the card network time window, or the transaction is rejected. Bulk operations are bounded (innominated card batches are capped at 1,000 cards each, with bulk batch creation limited per request). Specific numeric per-endpoint limits are not reconciled in this artifact.
Pomelo Rate Limits is the machine-readable rate-limit profile for Pomelo on the APIs.io network, conforming to the API Commons Rate Limits specification.
It captures 5 rate-limit definitions, measuring requests, milliseconds, cards, batches, and items.
The profile also includes 3 backoff/retry policies defined and response codes documented for throttled.
Tagged areas include Fintech, Card Issuing, Embedded Finance, Payments, and Latin America.