Rate limits

Requests are limited per API key with a sliding 60-second window. The default is 60 requests/minute; an organization admin can set anything from 1 to 300 per key. Limits are isolated — throttling one key never affects another.

Headers

Every authenticated response carries the current state:

HTTP/1.1 200 OK
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 41
X-RateLimit-Reset: 1765532460

X-RateLimit-Limit — the key's per-minute allowance.
X-RateLimit-Remaining — requests left in the current window.
X-RateLimit-Reset — Unix timestamp when capacity next frees up.

When you hit the limit

HTTP/1.1 429 Too Many Requests
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1765532460

{ "error": { "code": "rate_limited",
             "message": "Rate limit exceeded. Check the X-RateLimit-* headers and retry later.",
             "details": null } }

Back off until X-RateLimit-Reset and retry. Because the window slides, capacity returns gradually rather than all at once — a simple sleep(reset - now) before retrying is always safe.

Batch-style imports should prefer fewer, larger reads (cursor pagination supports per_page up to 100) over many small requests.