Rate limits

Each API key can make up to 60 requests per minute. Every response includes headers showing how many requests you have left in the current window.

Response headers

Every authenticated response carries these three:

HeaderValue
X-RateLimit-LimitRequests allowed per window (currently 60).
X-RateLimit-RemainingRequests left in the current window.
X-RateLimit-ResetUnix seconds when the window resets.

When you exceed the limit

You get a 429 rate_limited response with a Retry-After: <seconds> header pointing at the next window boundary:

{"HTTP/1.1 429 Too Many Requests\nRetry-After: 42\n\n{\"error\":{\"code\":\"rate_limited\",\"message\":\"...\",\"retry_after\":42}}"}

Fixed vs sliding window

The window is fixed, not sliding. In the worst case that means a boundary burst of about 120 requests in one second (last second of window N plus first second of window N+1). If that boundary behavior matters for your workload, get in touch and we can switch you to a sliding window.

Edge protection

In addition to the per-key limiter, a per-IP rate limit shed volumetric junk before it reaches the app. Legitimate traffic never gets close.

Bug or unclear docs? Include the request_id from the response envelope when reporting.

Ready to build? Mint an API key.