> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Versioning and Rate Limits

> PCI Booking API versioning policy and rate limit details. The API is unversioned and backwards compatible.

## API Versioning

PCI Booking does not version its API. There is a single API endpoint and all changes are backwards compatible. You do not need to specify a version number, pin to a version, or migrate between versions.

When new features are added, they are made available at the same base URL:

```text theme={null}
https://service.pcibooking.net/api
```

New fields may be added to response objects over time. Your integration should ignore unknown fields rather than failing on them. Existing fields, endpoints, and behaviors are not removed or changed in a breaking way.

If a breaking change is ever required, PCI Booking will notify affected customers directly with migration guidance and a transition period.

<Info>
  Check the [Changelog](/reference/changelog) for recent feature additions and bug fixes.
</Info>

## Rate Limits

PCI Booking enforces per-user rate limits on certain API endpoints. The rate limit is configured per account and measured in **requests per second**.

### Which endpoints are rate-limited

Rate limiting applies to the following endpoint groups:

| Endpoint Group         | Description                                                                                    |
| ---------------------- | ---------------------------------------------------------------------------------------------- |
| **Card management**    | Token operations: create, query, update, delete, duplicate, transfer, CVV management, 3DS data |
| **Payment gateway**    | Transaction processing via UPG: charge, pre-auth, capture, void, refund                        |
| **eWallet operations** | Payments Library session operations                                                            |

Other endpoints (account management, SFTP, stylesheet management, card capture forms) are not rate-limited.

### Rate limit behavior

* The limit is measured per calendar second. Each API user has a maximum number of allowed requests per second.
* When the limit is exceeded, the API returns HTTP `429 Too Many Requests` with a plain text message.
* There are no `Retry-After` or `X-RateLimit-*` response headers. Wait at least one second before retrying.

### Example 429 response

```text theme={null}
Rate limit exceeded max 10 requests per second for user example-user
```

### Increasing your rate limit

Rate limits are set per account. If your integration requires a higher throughput, contact PCI Booking support to adjust your limit.

<Warning>
  If your account does not have a rate limit configured, no throttling is applied. This is the default for new accounts. PCI Booking may set a limit on your account if usage patterns require it.
</Warning>
