Rate limits in MCP
How fast you can hit the EPD MCP endpoint.
The MCP endpoint limit
The MCP endpoint is treated as part of EPD’s data rate-limit category:
60 requests per minute, per API key
This is in addition to the global per-merchant limit:
1000 requests per hour across all keys for the same merchant
When you hit either limit, EPD returns an error:
{
"error": {
"type": "rate_limit_error",
"code": "rate_limit_exceeded",
"message": "Too many requests. Retry after 4 seconds.",
"request_id": "req_..."
}
}
How to stay under the limit
Prefer composite tools like create_customer_and_charge over three separate tool calls. One MCP request, three underlying actions.
Use limit: 100 on list_* tools instead of pulling 10 at a time. Fewer round-trips, faster results.
Account info, plans, and webhook versions change rarely. Cache them on your client for the session.
The 60/min limit is per key. A high-volume reporting service should hold its own restricted key separate from the agent’s.
Backing off correctly
When you receive rate_limit_exceeded:
The HTTP response includes a Retry-After header in seconds. Wait at least that long.
If many workers retry at exactly Retry-After, you create a synchronized stampede. Add ±25% jitter.
After 3-5 retries, escalate to the operator. Persistent rate-limit errors usually indicate a runaway loop.