# Usage and limits

Our Open Banking API is limited to a global maximum of 100 requests per second per application.

## AISP requests

In compliance with Article 36.5 of the SCA RTS (Strong Customer Authentication Regulatory Technical Standards)[<sup>1</sup>](#article-36-5-links), you must not make more than 4 requests for account information over a period of 24 hours for each account, endpoint, and consent, respectively.

This limit may be surpassed in the following scenarios:
- **The user has many transactions**, which will not fit in the response payload of a single request, and more requests need to be made in order to obtain all the latest transactions.

  :::note
  For the subsequent requests to be considered part of the original request, the requests must happen sequentially, one after the other, over a short period of time.
  :::
- **The user has many accounts.** As the limit is per account, endpoint, and consent, you can make 4 requests per day for each of the consented accounts.
- **The user is actively requesting data.** This limit does not apply if you are making requests because the [PSU](/docs/guides/build-banking-apps/glossary#psu) is present and actively requesting data at your end. 
  In such a case, make sure to include with the request the `x-fapi-customer-ip-address` header containing the IP address of the PSU.
- **The user has just consented access.** In such a case, you can make as many requests as needed to obtain all the necessary historical transactions.
  :::warning [Time restriction]
  Access to transactions older than 90 days is only possible during the first 5 minutes after the user authorised the consent.
  Those 90 days are counted from the moment the request for the transactions is made.
  :::

## Example

_**Scenario**: A PSU has consented access to 3 accounts – let's call them A, B, and C._
_**Account A** has an average of 100 transactions per hour._
_**Accounts B** and **C** have 2 transactions per day on average._

In such a case, we would expect up to:
- 1 request every 6 hours to the `/balances` endpoint, for each of the accounts (A, B, C).
- 1 request every 6 hours to the `/transactions` endpoint, for each of the two accounts with few transactions (B, C).
- Several burst requests every 6 hours to the `/transactions` endpoint for the account with many transactions (A).
- An arbitrary number of requests to the `/balances` and `/transactions` endpoints throughout the day every time the PSU requests information, with the `x-fapi-customer-ip-address` header included for each request (A, B, C).

---

Please make sure to stay under these limits.

If you have a specific use case for the API and these limits are a problem, [contact our API Support team](mailto:api-requests@revolut.com).

---

_<small><sup id='article-36-5-links'>1</sup>Article 36.5 of the Strong Customer Authentication Regulatory Technical Standards: [UK version](https://www.handbook.fca.org.uk/techstandards/PS/2021/2021_01/chapter-v/section-2/040.html) |  [EU version](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32018R0389)</small>_