This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

Rate limiting is per restaurant or per IP address

When the Toast-Restaurant-External-ID header is included in the request, then rate limiting is applied per restaurant location.

If the Toast-Restaurant-External-ID header is absent, then rate limiting is applied per IP address. For example, the partners API does not require a restaurant context, and you do not provide restaurant context for requests for an authorization token.

When rate limits are applied per restaurant location, requests that your API client makes for one restaurant location do not affect the client's rate limits for any other restaurant. In other words, if Client A has reached its rate limit for Restaurant A, it can continue to make requests for Restaurant B until it exhausts its rate limit for Restaurant B.


An API account that integrates with many restaurant locations may have additional, account-specific rate limits that track the total number of requests the client integration makes across all restaurant locations. For these API accounts, the Toast platform tracks both the number of requests made per location, as described above, and the total number of requests made across locations. Requests made for a restaurant location may impact the ability to make requests at other restaurant locations if the client integration has exceeded its account rate limit.

Toast support reaches out directly to integration providers to discuss the need for an account rate limit before putting the rate limit in place. See Account rate limits for more information.