Skip to main content

Rate limits

API requests are rate limited per client using a sliding window. Staying within the limits - and handling 429 responses gracefully - keeps your integration reliable.

Limits

TrafficDefault limit
Authenticated requests (per API client)100 requests / 60 sec
Unauthenticated auth-route requests (per IP)10 requests / 60 sec

Per-client limits can be adjusted for your integration - contact us if you need a higher throughput.

When you exceed a limit

A throttled request receives 429 Too Many Requests with a Retry-After header giving the number of seconds to wait before retrying:

HTTP/1.1 429 Too Many Requests
Retry-After: 42
{
"data": null,
"message": "Rate limit exceeded. Try again in 42 seconds."
}

Handling it

  • Respect the Retry-After header - wait that many seconds before retrying, ideally with exponential backoff and jitter for repeated hits.
  • Prefer webhooks over polling job status in a tight loop - this is the most common way integrations hit the limit.
  • Spread bulk work out rather than firing requests in parallel bursts.

There are no X-RateLimit-* quota headers on responses; use Retry-After on a 429 as your signal.