question

John Mason avatar image
John Mason asked ·

Why are the rate limits so very low? O_o

We're a software company, currently converting our decades-old app (a full-office medical office management package; known today as an ERP [and CRM] package) (began development in the late 1980s..) to Java/CUBA platform. The new version of our app will need 2FA via SMS for user login, and as our phone service is RingCentral... it seems easy enough to implement this via the RC Java API.


I have it all working; it's very easy to work with (kudos to RC for that), except...the rate limits are exceedingly low! 40 texts per minute? Really?


We have clients in all 50 US states, and we will be self-hosting this new app via Docker containers with each client in their own Docker'ed world, for safety and HIPPA act compliance. Early in the morning, when people are getting into their offices, there's going to be dozens/hundreds of 2FA requests.


Surely mere hundreds of SMS sends wouldn't kill RC's infrastructure. Why are the limits so LOW?

smsjavarate limit
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

· Write an Answer
Phong Vu avatar image
Phong Vu answered ·

There are a few things I want to mention here.

1. API rate limit is per user and per API.

2. Normal phone number with SMS capability is designed for P2P SMS. It is not likely every user would send 40 messages per minute. Though, based on special request with business justification, case by case we can increase the API rate limit for an app.

3. Using a normal phone number to send A2P SMS is against carriers’ rules and as a result, the number would be blocked by a mobile carrier once they detected.

4. The right way to send A2P SMS is to use a Toll-Free SMS number. More info about TF SMS

5. We are introducing a High Volume SMS API to be used with Toll-Free SMS numbers which is dedicated for A2P SMS and is capable of sending more than 3 messages per second with super high API rate limit. This API is still in beta stage and can be accessed via early access program. Fill out this form if you would like to have access.

23 comments Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

What does "A2P" mean? Like I said, we are a RC customer, and we plan to use this in our application (we are a software company; our application is a medical office management package) to send 2FA codes for user's logins, via our own RC account.

0 Likes 0 · ·

I thought that you are familiar with SMS messaging. A2P or Application-to-Person is when a text message is sent from an application to a person automatically without a person to type the message. SMS 2FA is considered as A2P SMS.

If this 2FA is just for internal usages for your company employees, you may want to check if you can use internal messaging "Pager" to send pass code. You can also try to request for higher API rate limit by sending request to devsupport@ringcentral.com. But this won't solve the potential problem if a carrier blocks your number.

0 Likes 0 · ·
John Mason avatar image John Mason Phong Vu ♦♦ ·

It is for users of our software, who will need to log in to said software, and to secure said logins we want to use 2FA. We will self-host this application via Docker containers. This is all covered in the original post.


So it is kind of internal, kind of not. Only our clients (users of our software package) will be receiving these texts, when they need to login.

0 Likes 0 · ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.