Rate Limiting
The API enforces per-key rate limits using a moving window algorithm. Each API key has its own usage plan with a single set of counters shared across all requests, regardless of scope or endpoint.
Default limits
| Window | Limit |
|---|---|
| Per minute | 60 requests |
| Per hour | 1,000 requests |
| Per day | 10,000 requests |
All requests made with the same API key count toward the same limits.
Rate limit headers
Every response from a rate-limited endpoint includes informational headers when a limit is exceeded:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum number of requests allowed in the current window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the current window resets |
Retry-After | Seconds to wait before retrying |
429 Too Many Requests
When a rate limit is exceeded, the API returns 429 with a JSON body:
{
"detail": "Rate limit exceeded"
}
The response includes Retry-After and X-RateLimit-* headers. Clients should back off and retry after the Retry-After period.
Best practices
Optimizing your usage
Follow these guidelines to stay within rate limits and build resilient integrations.
- Cache responses when possible to reduce request volume.
- Implement exponential backoff when receiving
429responses. - Monitor
X-RateLimit-Remainingto proactively throttle before hitting limits. - Use the most specific endpoint for your use case rather than polling list endpoints repeatedly.