Developer Docs - Security & Limits

DigiChat Documentation

Security & Limits

Limits, allowlists, expiry.

Postman OpenAPI

Security & limits

This page lists the limits your integration should handle cleanly.

Rate limits (`429`)

If you send requests too fast, you may get 429 Too Many Requests.

Client behavior:

Back off (wait, then retry)
Avoid tight loops
Queue/batch if you send at scale

PAYG window limits (`429`)

If you configured a PAYG message cap for a token in a specific date window, sendMessage and sendMedia can return 429 when the window is active and the limit is reached.

IP allowlist (`403`)

If you enabled IP allowlist for a token, requests from other IPs return 403 Forbidden.

Token disabled (`401`)

If a token is disabled/inactive, requests return 401.

Signed payload requirements (`401`)

For signed endpoints, the body must match the signature exactly. This matters most when:

you send canonical fields like chatId, type, and text
you upload media with multipart requests
you rely on compatibility aliases like phone and message

Next Errors & troubleshooting

Docs

Security & limits

Rate limits (429)

PAYG window limits (429)

IP allowlist (403)

Token disabled (401)

Signed payload requirements (401)

Rate limits (`429`)

PAYG window limits (`429`)

IP allowlist (`403`)

Token disabled (`401`)

Signed payload requirements (`401`)