/

API Security Policies

API Security Policies

Owned by Brecht Bauwens

Last updated: Mar 14, 2025

Our APIs are protected by several security policies to ensure controlled and secure access.

Daily Quota

Default quota: 50,000 API calls per day (rolling 24-hour window). A quota increase can be requested via api-support@vanmarcke.com.
Quota usage is calculated based on the access token type:
- Client Credentials: Counted per API key.
- Authorization Code / Password: Counted per API key and customer ID.

Rate Limit

API calls are limited to 1 request every 20 milliseconds.

Authentication

An OAuth access token must be sent in the Authorization header as a Bearer token:
Authorization: Bearer {access_token}
For details on obtaining a valid OAuth access token, refer to Authentication - OAuth 2.0 .

API Key

Clients must always send an API key in the HTTP header with name ‘x-api-key’:
x-api-key: {your_api_key}
The API key identifies the client application and can be found in the registered application details in the Developer Portal - My Workspace.
Important Security Note:
- Do not share your API key.
- Be cautious when sharing Postman collections that contain your API key.

Related content

API Guidelines

Van Marcke Integration

More like this

Authentication - OAuth 2.0

Authentication - OAuth 2.0

Van Marcke Integration

Read with this

Get Access Token via Authorization Code Grant Type

Get Access Token via Authorization Code Grant Type

Van Marcke Integration

Read with this

Getting Access / Application Registration

Getting Access / Application Registration

Van Marcke Integration

More like this

Concept of Service Users

Concept of Service Users

Van Marcke Integration

More like this

PunchOutOrderMessage / Cart

PunchOutOrderMessage / Cart

Van Marcke Integration

Read with this