Guide
Rate limits
Limits protect every application from abuse and keep latency predictable. Development and staging run relaxed
limits for fast iteration; production runs real ones. When you exceed a limit, the API returns 429 with error.code: rate_limited.
Reading the headers
Every response carries the standard rate-limit headers. Use RateLimit-Remaining to pace ahead of a
limit, and honor Retry-After (seconds) on a 429 before retrying.
HTTP headers
RateLimit-Limit: 600
RateLimit-Remaining: 599
RateLimit-Reset: 41
Retry-After: 41Backing off cleanly
On a 429, wait for Retry-After and retry with exponential backoff. The same pattern covers transient 5xx responses. Authentication-sensitive routes (sign-in, verify, MFA) are limited more tightly than
reads — expect to back off sooner on those.
JavaScript
async function withRetry(fn, tries = 4) {
for (let i = 0; ; i++) {
const res = await fn();
if (res.status !== 429 || i >= tries) return res;
const wait = Number(res.headers.get("Retry-After") ?? 2 ** i);
await new Promise((r) => setTimeout(r, wait * 1000));
}
}