Rate Limiting
API requests are rate-limited per API key based on your plan.
Limits by plan
| Plan | Requests per minute |
|---|---|
| Starter | 50 |
| Growth | 200 |
| Scale | 500 |
| Enterprise | 1,000 |
Response headers
Every response includes rate limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per minute for your key |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Seconds until the window resets |
Exceeding the limit
When you exceed the limit, the API returns 429:
{
"error": {
"code": "rate_limit_exceeded",
"message": "Rate limit exceeded"
}
}
The response includes an additional Retry-After header with the number of seconds to wait.
OAuth endpoint limits
The OAuth token and revocation endpoints have separate IP-based rate limits:
| Endpoint | Limit |
|---|---|
POST /oauth/token | 30 requests/minute per IP |
POST /oauth/revoke | 60 requests/minute per IP |
These limits apply regardless of plan and are based on the client's IP address.
Best practices
- Check
X-RateLimit-Remainingbefore sending bursts of requests - Use the
Retry-Afterheader to schedule retries - Implement exponential backoff for
429responses - Use webhooks instead of polling when possible