# Rate limits Form Plume API keys allow 300 requests per minute. Learn how the 429 response and Retry-After header work and how API limits differ from submission limits. Requests authenticated with an [API key](/docs/api/authentication) are limited to **300 requests per minute per key**. Steady integrations never notice it. The limit exists so a runaway loop or an overly parallel backfill degrades gracefully instead of taking your automation down with it. ## What hitting the limit looks like When a key exceeds its budget, the API responds with status 429, the error code `rate_limited`, and a `Retry-After` header holding the number of seconds to wait: ```text HTTP/1.1 429 Too Many Requests Retry-After: 12 {"error": {"code": "rate_limited", "message": "API key rate limit exceeded; retry after the number of seconds in the Retry-After header"}} ``` Handle it the boring way: sleep for the `Retry-After` value, then retry the same request. Retrying immediately just spends more of the same budget, so bursty work like CSV exports and submission backfills should watch for the header rather than racing through it. The limit is per key. If a workload genuinely needs more headroom, split it across separate keys, one per service. That also keeps revocation and auditing clean. > This limit applies to API calls made with your key. Rate limits on form > submissions are separate: they are configured per form in > `settings.rate_limit` and apply to your visitors, not to you. See > [submission rate limits](/docs/spam-protection/rate-limits).