API rate limits

To protect system performance and ensure fair usage, the API enforces rate limits on incoming requests.

The API allows up to 2500 requests per 5-minute window per IP address.

This limit applies to all requests coming from the same IP, regardless of whether they are sent by:

• A single user

• A single application

• Multiple users or applications sharing the same IP

When the limit is exceeded

If more than 2500 requests are sent from the same IP address within 5 minutes:

• Additional requests from that IP are temporarily blocked

• The API responds with the HTTP status code 429 Too Many Requests

• Requests will continue to be rejected until the 5-minute window resets

Once the limit resets, requests are accepted again automatically. No manual action is required.

How rate limiting works

• Requests are counted on a rolling 5-minute basis

• All requests from the same IP contribute to the same limit

• Sharing an IP address means sharing the rate limit

Rate limiting example

Each application or user accessing the API from the same IP address can make up to 2500 requests within a 5-minute period.

• If requests stay within the limit, the API works normally.

• If the limit is exceeded, further requests from that IP are temporarily rejected.

• Rejected requests return HTTP 429 Too Many Requests, indicating that the client must wait before retrying.

• If multiple users or applications share an IP address, all of their requests count toward the same limit.

Best practices

To avoid hitting the rate limit:

• Reduce unnecessary or repeated API calls

• Implement request throttling in your application

• Use retry logic with a delay when receiving a 429 Too Many Requests response

• Be especially careful when multiple systems or users share the same IP address