Rate Limiting

The API is rate limited per minute and different resources have different limits. If a resource is 10 per minute that means for a time period of 16:20:00 to 16:21:00, only ten requests are allowed for the period (dictated by server). The rate limiter does allow bursting so if no requests have been received between 16:20:00 and 16:20:50, and then 10 are received over the next 10 seconds, they should all succeed.

You must implement suitable error handling for 429 responses. Using an exponential backoff with a random jitter is the recommended way to handle 429s.

The different rate limits for different resources are listed below.

Unauthenticated Users

If an api user has not created an api session, then all requests (including authentication requests) are limited to 10 per minute.

Authenticated User

Once a user has logged in, higher rates are allowed.


Rates requests are limited to 200 per minute


For all other resources, requests are limited to 500 per minute

HTTP Headers and Response Codes

Each response has HTTP headers that provide data on where your application is at for a given rate limit.

  • X-Rate-Limit-Limit: the rate limit ceiling for that given request
  • X-Rate-Limit-Remaining: the number of requests left for the 1 minute window
  • X-Rate-Limit-Reset: the remaining window before the rate limit resets

When the rate limit is applied the API will return status code HTTP 429 “Too Many Requests”. In which case you should wait 60 secounds before retrying.

Different requirements

If you have different requirements, please contact our solutions team so we can better address your needs.