Rate limits
Rate Limits
API access is rate-limited per tenant to keep the platform fast for everyone.
Limits
- 100 requests / minute per tenant on standard endpoints
- 20 requests / minute on certificate-generation endpoints (Puppeteer is heavier)
- 5 requests / minute on auth endpoints (login, register, password reset)
Headers
Every response includes:
X-RateLimit-Limit— total quota for the windowX-RateLimit-Remaining— calls remainingX-RateLimit-Reset— Unix timestamp when the window resets
When you hit a limit
We return HTTP 429 Too Many Requests with a Retry-After header in seconds. Back off for that long before retrying.
Best practices
- Use the
updatedAtfilter on list endpoints rather than re-pulling the world - Subscribe to webhooks for change notifications instead of polling
- Cache lookup data (locations, customers) on your side
- Respect
Retry-After— repeated bursts past a 429 will trip a longer timeout
Need more
Enterprise plans get higher limits by default and can request bespoke ceilings. Contact support with the use case.