Rate limits
API requests are rate limited per client using a sliding window. Staying within the limits - and handling 429 responses gracefully - keeps your integration reliable.
Limits
| Traffic | Default limit |
|---|---|
| Authenticated requests (per API client) | 100 requests / 60 sec |
| Unauthenticated auth-route requests (per IP) | 10 requests / 60 sec |
Per-client limits can be adjusted for your integration - contact us if you need a higher throughput.
When you exceed a limit
A throttled request receives 429 Too Many Requests with a Retry-After header giving the number of seconds to wait before retrying:
HTTP/1.1 429 Too Many Requests
Retry-After: 42
{
"data": null,
"message": "Rate limit exceeded. Try again in 42 seconds."
}
Handling it
- Respect the
Retry-Afterheader - wait that many seconds before retrying, ideally with exponential backoff and jitter for repeated hits. - Prefer webhooks over polling job status in a tight loop - this is the most common way integrations hit the limit.
- Spread bulk work out rather than firing requests in parallel bursts.
There are no X-RateLimit-* quota headers on responses; use Retry-After on a 429 as your signal.