Skip to main content
The Developer API rate-limits requests using a moving-window strategy backed by Redis. Limits are applied per authenticated tenant + endpoint.

Limits

Endpoint typeMethodsLimit
ReadGET300 requests/min
WritePOST, PATCH60 requests/min
Specifically:
EndpointLimit
GET /developer/vouchers300/min
GET /developer/vouchers/{code}300/min
POST /developer/vouchers60/min
POST /developer/vouchers/{code}/redeem60/min
GET /developer/products300/min
GET /developer/products/{product_id}300/min
GET /developer/customers300/min
GET /developer/customers/{customer_id}300/min
POST /developer/customers60/min
PATCH /developer/customers/{customer_id}60/min

When you exceed a limit

A request that exceeds its limit returns 429 Too Many Requests with this body:
{
  "detail": "Rate limit exceeded. Too many requests."
}
The 429 response includes these headers:
HeaderMeaning
X-RateLimit-LimitThe configured request limit for the window
X-RateLimit-RemainingAlways 0 on a 429
X-RateLimit-ResetUnix timestamp (seconds) at which the window resets
Retry-AfterSeconds to wait before retrying
These rate limit headers are only returned on 429 responses. Successful 2xx responses currently do not carry X-RateLimit-* headers – clients should pace themselves based on their own counters or back off when they see a 429.

Retry strategy

On 429, wait for Retry-After seconds (or fall back to a few seconds of exponential backoff if the header is missing) and retry the same request. Voucher creation and customer creation are not automatically idempotent – if you retry a POST after a network timeout, use the Idempotency page to understand what is and isn’t deduplicated.