Back to api

Rate limits

Rate Limits

API access is rate-limited per tenant to keep the platform fast for everyone.

Limits

  • 100 requests / minute per tenant on standard endpoints
  • 20 requests / minute on certificate-generation endpoints (Puppeteer is heavier)
  • 5 requests / minute on auth endpoints (login, register, password reset)

Headers

Every response includes:

  • X-RateLimit-Limit — total quota for the window
  • X-RateLimit-Remaining — calls remaining
  • X-RateLimit-Reset — Unix timestamp when the window resets

When you hit a limit

We return HTTP 429 Too Many Requests with a Retry-After header in seconds. Back off for that long before retrying.

Best practices

  • Use the updatedAt filter on list endpoints rather than re-pulling the world
  • Subscribe to webhooks for change notifications instead of polling
  • Cache lookup data (locations, customers) on your side
  • Respect Retry-After — repeated bursts past a 429 will trip a longer timeout

Need more

Enterprise plans get higher limits by default and can request bespoke ceilings. Contact support with the use case.

Was this article helpful?

Related Articles

Still have questions?

Our support team is here to help.