Are REST API rate limits per user or per application?


#1

Hi, we are developing a marketplace application that will be used by a lot of people. In REST API documentation, it is said that there are limits for the number of normal requests (10/sec.) and a more strict limit on /report calls. The question is, do this limits apply to every application user individually, or the application as a whole. We are using OAuth by the way, so we have different authentication tokens per user.
If the limit is per-application, can it be extended somehow? And can my app or IP address get banned for making too much requests?
Another question is am I safe to assume that I will always get status code 429 if the application reaches any of the rate limits (including daily ones)? Or should I parse the response body for error code or something?


#2

Right now it is actually on a per account basis. We are looking into changing this but for now it is at the account level.

Yes, you should get a 429 when you hit the limit.