Docs
Reference

Rate Limiting

API rate limits and throttling policies

Rate Limiting

To ensure fair usage and platform stability, all API endpoints are rate-limited. This document explains the rate limiting policies and how to handle rate limit responses.

Rate Limit Headers

Every API response includes rate limit information in the headers:

HeaderDescription
X-RateLimit-LimitMaximum requests allowed per window
X-RateLimit-RemainingRequests remaining in current window
X-RateLimit-ResetUnix timestamp when the window resets
X-RateLimit-Retry-AfterSeconds to wait before retrying (on 429)

Example response headers:

HTTP/1.1 200 OK
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 87
X-RateLimit-Reset: 1704067200
Content-Type: application/json

Endpoint-Specific Limits

Authentication Endpoints

EndpointLimitWindow
POST /api/auth/sign-in515 minutes
POST /api/auth/sign-up315 minutes
POST /api/auth/forgot-password31 hour
POST /api/auth/reset-password515 minutes
POST /api/auth/verify-email101 hour

Email API Endpoints

EndpointLimitWindow
POST /api/email/send1001 hour
POST /api/email/send-batch101 hour
GET /api/email/inboxes2001 hour
GET /api/email/inboxes/:id/messages3001 hour
POST /api/email/inboxes201 hour
DELETE /api/email/inboxes/:id501 hour
POST /api/email/webhooks501 hour

Billing API Endpoints

EndpointLimitWindow
POST /api/billing/checkout101 hour
POST /api/billing/portal201 hour
GET /api/billing/subscriptions1001 hour
POST /api/billing/cancel101 hour

Project API Endpoints

EndpointLimitWindow
GET /api/projects2001 hour
POST /api/projects501 hour
PUT /api/projects/:id1001 hour
DELETE /api/projects/:id501 hour

Admin API Endpoints

EndpointLimitWindow
GET /api/admin/users1001 hour
GET /api/admin/organizations1001 hour
POST /api/admin/impersonate101 hour

Webhook Endpoints

EndpointLimitWindow
POST /api/webhooks/stripe10001 hour
POST /api/webhooks/email5001 hour

Tier-Based Limits

Rate limits vary by subscription tier:

TierEmail SendAPI RequestsWebhooks
Free100/day1,000/day100/day
Starter1,000/day10,000/day1,000/day
Pro10,000/day100,000/day10,000/day
EnterpriseUnlimitedUnlimitedUnlimited

Handling Rate Limits

When you exceed a rate limit, the API returns a 429 Too Many Requests response:

HTTP/1.1 429 Too Many Requests
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1704067200
X-RateLimit-Retry-After: 3600
Content-Type: application/json

{
  "error": "Rate limit exceeded",
  "code": "RATE_LIMIT_EXCEEDED",
  "message": "You have exceeded the rate limit. Please try again in 3600 seconds.",
  "retryAfter": 3600,
  "limit": 100,
  "window": "1h"
}

Exponential Backoff

Implement exponential backoff when retrying:

async function fetchWithRetry(url: string, options: RequestInit, maxRetries = 3): Promise<Response> {
  for (let attempt = 0; attempt < maxRetries; attempt++) {
    const response = await fetch(url, options);
    
    if (response.status !== 429) {
      return response;
    }
    
    const retryAfter = response.headers.get('X-RateLimit-Retry-After');
    const delay = retryAfter ? parseInt(retryAfter) * 1000 : Math.pow(2, attempt) * 1000;
    
    console.log(`Rate limited. Retrying after ${delay}ms...`);
    await new Promise(resolve => setTimeout(resolve, delay));
  }
  
  throw new Error('Max retries exceeded');
}

Rate Limit Monitoring

Track your usage to avoid hitting limits:

class RateLimitMonitor {
  private limits: Map<string, { remaining: number; reset: number }> = new Map();
  
  updateFromHeaders(endpoint: string, headers: Headers) {
    const remaining = parseInt(headers.get('X-RateLimit-Remaining') || '0');
    const reset = parseInt(headers.get('X-RateLimit-Reset') || '0');
    
    this.limits.set(endpoint, { remaining, reset });
    
    if (remaining < 10) {
      console.warn(`Low rate limit for ${endpoint}: ${remaining} remaining`);
    }
  }
  
  shouldThrottle(endpoint: string): boolean {
    const limit = this.limits.get(endpoint);
    if (!limit) return false;
    
    return limit.remaining < 5 && Date.now() / 1000 < limit.reset;
  }
}

Best Practices

  1. Cache responses when appropriate to reduce API calls
  2. Use batch endpoints for bulk operations
  3. Implement backoff for all API clients
  4. Monitor headers to track remaining quota
  5. Queue requests for non-time-sensitive operations
  6. Use webhooks instead of polling when possible

Increasing Limits

To request higher rate limits:

  1. Upgrade to a higher tier plan
  2. Contact support with your use case
  3. Provide estimated request volumes
  4. Enterprise customers can negotiate custom limits

Contact: api-support@yourapp.com

API Reference

Complete reference for all APIs and SDKs

Error Codes

Complete reference of HTTP status codes and error responses

On this page

Rate LimitingRate Limit HeadersEndpoint-Specific LimitsAuthentication EndpointsEmail API EndpointsBilling API EndpointsProject API EndpointsAdmin API EndpointsWebhook EndpointsTier-Based LimitsHandling Rate LimitsExponential BackoffRate Limit MonitoringBest PracticesIncreasing Limits