Rate Limiting
The API enforces rate limits to ensure fair usage and platform stability. Limits are applied per API key for authenticated requests and per IP address for unauthenticated requests.
Authenticated Rate Limits
Section titled “Authenticated Rate Limits”Authenticated endpoints are rate-limited by API key ID:
| Layer | Standard Tier | Elevated Tier |
|---|---|---|
| Global (all endpoints) | 100 req/min | 500 req/min |
| Write endpoints (POST, PATCH, DELETE) | 30 req/min | 150 req/min |
| Billing endpoints | 10 req/min | 30 req/min |
All new API keys start at the standard tier. To request elevated limits, contact us from your API Keys dashboard page — an admin will review and grant access.
Unauthenticated Rate Limits
Section titled “Unauthenticated Rate Limits”| Endpoint | Key By | Limit |
|---|---|---|
Registration (/api/v1/auth/register) | IP address | 5 req/15min |
| Registration | Email (in request body) | 3 req/hour |
Public endpoints (/api/v1/public/*) | IP address | 60 req/min |
Rate Limit Headers
Section titled “Rate Limit Headers”Every response includes rate limit headers:
X-RateLimit-Limit: 100X-RateLimit-Remaining: 87X-RateLimit-Reset: 1709312400| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed in the current window |
X-RateLimit-Remaining | Remaining requests in the current window |
X-RateLimit-Reset | Unix timestamp (seconds) when the window resets |
Retry-After | Seconds to wait before retrying (only on 429 responses) |
Handling 429 Responses
Section titled “Handling 429 Responses”When you exceed the rate limit:
HTTP/1.1 429 Too Many RequestsRetry-After: 30X-RateLimit-Limit: 100X-RateLimit-Remaining: 0X-RateLimit-Reset: 1709312400{ "error": { "code": "RATE_LIMITED", "message": "Rate limit exceeded. Retry after 30 seconds." }, "meta": { "requestId": "req_abc123", "timestamp": "2026-03-02T12:00:00Z" }}Best Practices
Section titled “Best Practices”- Respect
Retry-After— wait the specified number of seconds before retrying - Use exponential backoff — if you continue hitting limits, increase wait times
- Monitor remaining quota — check
X-RateLimit-Remainingand slow down proactively - Batch where possible — reduce request count by fetching larger pages (up to
limit=100) - Cache responses — avoid re-fetching data that hasn’t changed