> ## Documentation Index
> Fetch the complete documentation index at: https://developers.safarapi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rate limiting

> Per-key limits, headers, and how to back off

Rate limits are enforced **per API key**. The default is **600 requests per
minute**, contractually adjustable for production partners.

## Headers

Every response (success or error) carries:

| Header                  | Meaning                              |
| ----------------------- | ------------------------------------ |
| `X-RateLimit-Limit`     | Ceiling for the current window.      |
| `X-RateLimit-Remaining` | Requests left in the current window. |
| `X-RateLimit-Reset`     | When the window resets.              |

## When you exceed it

The API returns `429 Too Many Requests` with the `rate_limit.exceeded` error
code and a `Retry-After` header (seconds to wait).

```
HTTP/1.1 429 Too Many Requests
Retry-After: 12
```

```json theme={"theme":"github-dark-dimmed"}
{ "code": "rate_limit.exceeded", "message": "Rate limit exceeded.", "request_id": "req_…" }
```

## Recommended handling

* Watch `X-RateLimit-Remaining` and throttle proactively before hitting `0`.
* On `429`, wait `Retry-After` seconds, then retry with the **same**
  [`Idempotency-Key`](/api-concepts/idempotency) for writes.
* Spread bulk catalogue reads; do not parallelize aggressively from one key.

Sandbox keys share the same limiter behavior, so you can validate your backoff
logic before going live.
