Rate Limits
API requests are rate limited to ensure fair usage and platform stability.
Default Limits
| Resource | Limit | Window |
|---|---|---|
| REST API (per API key) | 100 requests | 1 minute |
| GraphQL (per API key) | 50 requests | 1 minute |
| Device heartbeat | 10 requests | 1 minute |
| Device access-check | 30 requests | 1 minute |
| Webhook delivery | 1000 events | 1 hour |
Rate Limit Headers
Every API response includes rate limit information in the headers:
Rate limit headershttp
X-RateLimit-Limit: 100 # Max requests per window
X-RateLimit-Remaining: 95 # Remaining requests in window
X-RateLimit-Reset: 1708100060 # Unix timestamp when window resetsExceeding the Limit
When you exceed the rate limit, the API returns a 429 Too Many Requests response. The Retry-After header tells you how many seconds to wait.
429 Responsejson
{
"error": "rate_limit_exceeded",
"message": "Rate limit exceeded. Please retry after 15 seconds.",
"retry_after": 15
}Best Practices
- Cache responses — Avoid re-fetching data that hasn't changed. Use ETags or
If-Modified-Sinceheaders when available. - Use webhooks — Instead of polling for changes, subscribe to webhooks to get real-time notifications.
- Implement exponential backoff — When you receive a 429, wait for the
Retry-Afterperiod before retrying. - Batch operations — Where possible, use bulk endpoints instead of making individual requests.
- Monitor your usage — Check the rate limit headers in responses to stay within limits proactively.