Rate Limits

We impose the following rate limits on our API:

  • /v1/shield_offers: 200 requests per second
  • All other endpoints: 10 requests per second

Rate limits are enforced per store. Multiple clients utilizing multiple API keys across multiple SDKs will share the same rate limit.


Fixed window rate limits

We use fixed window limits that reset every second.

If a rate limit is reached, the API will respond with a 429 Too Many Requests HTTP status code.

Rate Limit Headers

Furthermore, if you hit our rate limits, the API response will also include the following headers to aid in your retry logic. Please do not retry before the X-RateLimit-Reset time. In order to avoid constantly running into the rate limit, please throttle your requests.

X-RateLimit-LimitNumber of requests consumed in the current time period.integer
X-RateLimit-RemainingNumber of requests remaining in the current time period.integer
X-RateLimit-ResetWhen the rate limit will rest, as a Unix timestamp.integer


X-RateLimit-Remaining will always be 0

Because we only include X-RateLimit headers when you've hit our rate limit, by design the value of X-RateLimit-Remaining will always be 0.

Custom Rate Limits

For enterprise customers, please reach out to us if you require higher rate limits.