Skip to main content
Skip table of contents

Rate limits on payment gateways

Purpose and scope

A payment gateway is a service that allows you to accept and authorize credit or debit card payments securely. Integrating one into your new or existing WebShop is another way to Sell Smarter! It provides you with an additional payment method to your customers, and is a safe and secure way of processing credit and debit card payments. However, having an integrated payment gateway poses some security risks; one such risk is the ability for bad actors to easily validate stolen credit or debit cards.

To mitigate against this risk, we've implemented a rate limit on all Aphix WebShops which have an integrated payment gateway.

The purpose of this article is to explain how this standard feature works as a measure in assisting fraud prevention.

Introducing terms and concepts used in this article



Payment gateway

a service that allows you to accept and authorize credit or debit cards securely.

Rate limit

the maximum number of times an action can be repeated within a certain timeframe. 

In this context, the rate limit refers to the number of attempts made to Checkout using a payment gateway within one session.

Fitting it all together


You have a payment gateway integrated into your Aphix WebShop.

Your customer follows the checkout process, and once they have selected to pay via a payment gateway and click "Order with <payment gateway>", the "checkout attempt" counter is initiated. 

Any attempt to move beyond this screen is counted as a "checkout attempt", and is counted towards the rate limit. The rate limit has been set to 10 "checkout attempts" for all payment gateways integrated with WebShop. 

Different payment gateways may require additional steps and each new screen counts as a "checkout attempt". Additionally, moving back and forth between pages on any screen after your customer clicks "Order with <payment gateway>" and while using the payment gateway count as "checkout attempts" and also count towards the rate limit.

Examples of how the rate limit affects different payment gateways
  • Stripe - each time you refresh the card screen counts as a "checkout attempt"; after 10 refreshes, the rate limit is reached.

  • Realex / Global Payments - each time you refresh the card holder screen counts as a "checkout attempt"; after 10 refreshes, the rate limit is reached.

  • SagePay - each time you submit the card holder details counts as a "checkout attempt"; after 10 refreshes, the rate limit is reached.

Should your customer reach their rate limit, the following actions occur:

  • your customer is signed out of their account,

  • the home page of your WebShop is displayed,

  • the contents of items in a guest cart are removed,

  • the contents of items in a cart of a registered customer remain in their cart, but the customer is required to log in again to retrieve them.

The "checkout attempts" counter is reset to 0 once your customer has been signed out of their account. This means that the next time your customer logs in, your customer can place their order successfully , provided they do not reach the rate limit again.

Key points

  • Each payment gateway has a rate limit set to 10 attempts.  However, the rate limit can be configured to a different amount, provided you have a legitimate reason to do so. Contact us for more information.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.