Dear RingCentral Developers,
The RingCentral Platform Team has recently reinforced the rate limits for application authentication APIs. We would like to remind all developers that the /token endpoint is subject to a strict rate limit of 5 requests per minute per application.
Applications that repeatedly exceed this limit will receive HTTP 429 (Too Many Requests) responses. Continued violations may result in temporary suspension of the application in order to protect overall platform stability and service reliability.
To ensure compliance and avoid service disruption, please follow these best practices:
- Do not request a new access token each time you invoke another API.
- Request an access token once and store it securely in memory or in your database.
- Reuse the access token for subsequent API calls until it expires.
- Use the expiration time provided in the token response to determine token validity.
- Before the access token expires (typically after 3600 seconds), use the refresh token or a JWT to obtain a new access token and refresh token.
- Store the newly issued tokens and continue reusing them appropriately.
- If multiple processes are running in parallel, share the same access token across those processes instead of requesting a separate access token for each process when using the same user credentials and application client ID.
Implementing proper token management prevents unnecessary authentication requests, reduces the risk of hitting rate limits, and ensures efficient and reliable API usage.
We strongly encourage you to review your application’s authentication logic and update it as needed. In addition, please refer to the relevant developer documentation for guidance on best practices, including implementing rate limiting, exponential backoff for retries, and request optimization strategies.
Please address any non-compliant behavior as soon as possible to prevent potential disruptions to your application.
Thank you for your cooperation in maintaining a stable and high-performing platform.
RingCentral Developer Relations Team