Rate limits

Requests authenticated with an API key are limited to 300 requests per minute per key. Steady integrations never notice it. The limit exists so a runaway loop or an overly parallel backfill degrades gracefully instead of taking your automation down with it.

What hitting the limit looks like

When a key exceeds its budget, the API responds with status 429, the error code rate_limited, and a Retry-After header holding the number of seconds to wait:

HTTP/1.1 429 Too Many Requests
Retry-After: 12
 
{"error": {"code": "rate_limited", "message": "API key rate limit exceeded; retry after the number of seconds in the Retry-After header"}}

Handle it the boring way: sleep for the Retry-After value, then retry the same request. Retrying immediately just spends more of the same budget, so bursty work like CSV exports and submission backfills should watch for the header rather than racing through it.

The limit is per key. If a workload genuinely needs more headroom, split it across separate keys, one per service. That also keeps revocation and auditing clean.

This limit applies to API calls made with your key. Rate limits on form submissions are separate: they are configured per form in settings.rate_limit and apply to your visitors, not to you. See submission rate limits.

On this page