Skip to main content
Rate limits are enforced per API key. The default is 600 requests per minute, contractually adjustable for production partners.

Headers

Every response (success or error) carries:
HeaderMeaning
X-RateLimit-LimitCeiling for the current window.
X-RateLimit-RemainingRequests left in the current window.
X-RateLimit-ResetWhen the window resets.

When you exceed it

The API returns 429 Too Many Requests with the rate_limit.exceeded error code and a Retry-After header (seconds to wait).
HTTP/1.1 429 Too Many Requests
Retry-After: 12
{ "code": "rate_limit.exceeded", "message": "Rate limit exceeded.", "request_id": "req_…" }
  • Watch X-RateLimit-Remaining and throttle proactively before hitting 0.
  • On 429, wait Retry-After seconds, then retry with the same Idempotency-Key for writes.
  • Spread bulk catalogue reads; do not parallelize aggressively from one key.
Sandbox keys share the same limiter behavior, so you can validate your backoff logic before going live.