Huntington Bancshares · Rate Limits

Huntington Bancshares Rate Limits

Huntington's developer portal does not publish numeric rate limits. The platform is built on Apigee X and Apigee enforces per-API-product quota and spike-arrest policies that are configured per partner contract. Quotas are issued per OAuth client / consumer key based on the treasury management agreement. The platform is sized for 10M+ transaction events daily across the customer base.

2 Limits

Rate LimitingBankingTreasuryOpen Banking

Limits

Treasury Management API (per partner) oauth_client

requests_per_minute

not publicly published; negotiated per Apigee API product

Apigee quota policies enforce per-product per-minute and per-day caps.

Spike arrest oauth_client

requests_per_second

not publicly published; Apigee spike-arrest policy

Burst protection independent of quota; smooths inbound traffic.

Policies

OAuth2 / mTLS Authentication

All production calls require an OAuth2 client credentials flow plus typically mTLS for treasury-grade endpoints. Tokens are short-lived.

Apigee Quota Enforcement

Per-consumer-key quota and spike-arrest policies enforce both burst and sustained ceilings. Specific values are configured per partner per API product.

429 Throttling Response

Standard Apigee 429 response with Retry-After header when quotas are exceeded.

Backoff Strategy

Implement exponential backoff and honor Retry-After header. Coordinate with Huntington partner enablement on quota raises.

Sandbox vs Production

Sandbox endpoints have separate, lower limits intended for integration testing only.

Sources

https://hnbdevportal.huntington.com/