All commercial cloud services providing public API’s implement a rate-limiting system of some form, primarily to protect systems from abuse and over-utilization of system resources.
Fortnox rate limit
When the number of requests reach the rate limit the HTTP 429 (Too Many Requests) is displayed making it very clear if the rate-limit is being enforced.
The limit is 300 requests per minute per client-id and tenant.
The rate limit is based on a sliding window algorithm with a period of 5 seconds, so the actual limit is 25 requests per 5 seconds.
Any over-usage (burst) during a period will mean that the rate limit kicks in until enough time has passed to make the average 25 requests per period again.
The rate-limit scales with more tenants / access-tokens
Remember that the rate limit is not based on external IP-addresses, but rather access-token. If your integration is used by five different Fortnox-tenants, every one of those tenants will have a unique access-token granting you 300 requests per minute for each such token.