Home
Guides
Start typing to search…

Accounting

Rate limiting

API

A rate limiter that limits the number of requests received by each API client within any given minute. The current default value is 1000 requests per minute.

📘

We can adjust limits to prevent abuse or support well-behaved high-traffic applications.

For more information on rate limits and patterns to responding to experiencing rate limiting, please see the API rate limiting page.

Kafka

Our Kafka instance has Producer quotas, but they are set so high that they never come into effect. As per the API rate limits, we reserve the right to adjust these to ensure fair use of the service.

Auditing

Moneyhub take great care to audit as many facets of our API, Kafka and service as possible. This ensures a secure and healthy environment for you to build and manage your product.

All of our API requests, admin portal actions, Kafka interactions and support tickets are meticulously managed and recorded for review/audit purposes.

Logging/usage tracking

Moneyhub employ a wide range of logging across our services. This logging can help us keep a close eye on the health and status of our entire solution.

If you encounter issues using the API or have a question about how a specific API call was processed, we can investigate this for you with our logging and usage tracking. There are a few key ids we can be given to help search for specific calls:

  • userId
  • correlationId
  • transactionId
  • accountId

If you encounter issues using Kafka or have a question about how a specific event was processed, we can investigate this for you with our logging and usage tracking.

Client Accessible

You can access information about error handling in two ways:

  1. Error responses from the API, non-OIDC errors, are surfaced through the response itself, and we document these within our API reference.
  2. Admin portal. Under API -> Users -> {individual user} you can access specific OIDC errors that have occurred when making authentication/authorisation requests.

Session management

Two sessions you will encounter using our service are as follows:

  1. Admin portal - Our developer portal maintains an active session for 30 minutes, unless an action is taken, in which case the timeout resets to 30 minutes.
  2. Tokens - Access tokens issued through the client_credentials grant expire after 7200 seconds (2 hours). To maintain secure access, ensure your application handles token expiration gracefully.
  3. The mTLS signed certificates from our CA last for 1 year and require you to maintain expiring ones.

Updated about 2 months ago