Skip to main content

API Versioning

PCI Booking does not version its API. There is a single API endpoint and all changes are backwards compatible. You do not need to specify a version number, pin to a version, or migrate between versions. When new features are added, they are made available at the same base URL:
New fields may be added to response objects over time. Your integration should ignore unknown fields rather than failing on them. Existing fields, endpoints, and behaviors are not removed or changed in a breaking way. If a breaking change is ever required, PCI Booking will notify affected customers directly with migration guidance and a transition period.
Check the Changelog for recent feature additions and bug fixes.

Rate Limits

PCI Booking enforces per-user rate limits on certain API endpoints. The rate limit is configured per account and measured in requests per second.

Which endpoints are rate-limited

Rate limiting applies to the following endpoint groups: Other endpoints (account management, SFTP, stylesheet management, card capture forms) are not rate-limited.

Rate limit behavior

  • The limit is measured per calendar second. Each API user has a maximum number of allowed requests per second.
  • When the limit is exceeded, the API returns HTTP 429 Too Many Requests with a plain text message.
  • There are no Retry-After or X-RateLimit-* response headers. Wait at least one second before retrying.

Example 429 response

Increasing your rate limit

Rate limits are set per account. If your integration requires a higher throughput, contact PCI Booking support to adjust your limit.
If your account does not have a rate limit configured, no throttling is applied. This is the default for new accounts. PCI Booking may set a limit on your account if usage patterns require it.