Fine Grained Rate Limiting for service-to-service Microsoft Store APIs
Xbox services implement Fine Grained Rate Limiting (FGRL), this includes Collections and Inventory endpoints used in commerce scenarios through service-to-service calls. Please ensure your services handle the rate limits and throttling HTTP response codes as described here.
Affected Endpoints
The following endpoints enforce FGRL limits:
https://collections.mp.microsoft.com/v9.0/collections/publisherQuery
https://collections.mp.microsoft.com/v8.0/collections/b2bLicensePreview
https://collections.mp.microsoft.com/v8.0/collections/consume
https://purchase.mp.microsoft.com/v8.0/b2b/recurrences/query
https://purchase.mp.microsoft.com/v8.0/b2b/recurrences/{recurrenceId}/change
These endpoints are used by the following GDK APIs:
Rate Limits
As with Xbox services, rate limits are a combination of user + title ID for XStore* client APIs:
- {userId;titleId}: limit of 100 operations / 300 sec.
In addition to the user context, commerce endpoints also include a PublisherID flag, which is used for rate limiting of service-to-service calls:
- {userId;publisherId}: limit of 200 operations / 300 sec.
The limits are enforced for sustained traffic only, no burst rate limits are enforced.
Rate Limiting Behavior
Like the existing rate limiting for Live service calls, rate limited commerce calls to will return an HTTP 429 error. The response body for this error includes additional information in the following format: The rate limit of {X} operations in {Y} seconds has been exceeded for aspect {Z}.
The response header will also include a 'Retry-After' header to indicate when the next call will be allowed.
To avoid being rate-limited, analyze your calling patterns to determine when calls exceed the existing call limits. Then throttle or reduce calls where possible and implement logic to respect the Retry-After header.