Rate limiting

To prevent API abuse, we limit how many requests can be made by a single user. For rate limiting, we use a token bucket mechanism: you have a bucket that refills over time, and each request takes tokens from it. As a general rule, we use the following request costs for API endpoints:

Operation	Cost
`GET` requests	1 token
`POST`, `PUT`, `PATCH`, `DELETE`	5 tokens

Some resource-intensive endpoints may cost more.

Checking your limits

Every response includes the following headers:

Header	What it tells you
`X-RateLimit-Limit`	Your bucket's max capacity
`X-RateLimit-Remaining`	Tokens you have left
`X-RateLimit-Reset`	Seconds until the bucket is full again

When you hit the limit

If you run out of tokens, you'll get a 429 Too Many Requests response with a Retry-After header telling you how long to wait:

{
"error": {
  "code": 1007,
  "description": "Too many requests"
  }
}

To avoid hitting limits:

Check X-RateLimit-Remaining to prevent exceeding rate limits.
Use exponential backoff if you exceed a rate limit and receive a 429 error response.
Cache responses for data that doesn't change often.

Rate limiting

Checking your limits

When you hit the limit

On this page