Per-tier quotas (requests / minute)
| Endpoint class | Free | Pro | Ultra | Entreprise |
|---|---|---|---|---|
| read (GET) | 100 | 600 | 3 000 | 12 000 |
| write (POST/PATCH/PUT/DELETE) | 30 | 300 | 1 500 | 6 000 |
| expensive (audit list, exports) | 10 | 60 | 300 | 3 000 |
Quotas are counted per workspace, not per API key. Rotating or adding keys does not unlock more capacity — upgrade your plan, or split traffic across workspaces.
Response headers
| Header | Meaning |
|---|---|
| X-RateLimit-Limit | Quota for your tier + endpoint class. |
| X-RateLimit-Remaining | Requests left in the current 60-second window. |
| X-RateLimit-Reset | Epoch seconds when the next minute bucket starts. |
| X-RateLimit-Policy | RFC 8941-style: 300;w=60. |
| Retry-After | Only on 429 responses. Seconds until next acceptable request. |
Handling 429s
The official SDKs already retry on 429 with exponential backoff (5 attempts by default). If you handcraft requests, honour Retry-After and do not retry faster than that.
Burst tolerance
Internally each minute is a separate bucket and we sum the last 60 seconds. That tolerates short bursts at the boundary (you can hit roughly 2x your quota over a 1s window straddling two minutes) but capped on a true 60-second total.