Rate limits
Requests authenticated with an API key are limited to 300 requests per minute per key. Steady integrations never notice it. The limit exists so a runaway loop or an overly parallel backfill degrades gracefully instead of taking your automation down with it.
What hitting the limit looks like
When a key exceeds its budget, the API responds with status 429, the error
code rate_limited, and a Retry-After header holding the number of
seconds to wait:
HTTP/1.1 429 Too Many Requests
Retry-After: 12
{"error": {"code": "rate_limited", "message": "API key rate limit exceeded; retry after the number of seconds in the Retry-After header"}}Handle it the boring way: sleep for the Retry-After value, then retry the
same request. Retrying immediately just spends more of the same budget, so
bursty work like CSV exports and submission backfills should watch for the
header rather than racing through it.
The limit is per key. If a workload genuinely needs more headroom, split it across separate keys, one per service. That also keeps revocation and auditing clean.
This limit applies to API calls made with your key. Rate limits on form
submissions are separate: they are configured per form in
settings.rate_limit and apply to your visitors, not to you. See
submission rate limits.