# Rate limiting

All endpoints share a per-client rate limit.

| Setting | Value |
|  --- | --- |
| Limit | 100 requests per minute |
| Window | Fixed 60-second window |
| Tracking | Per client (all API keys for a client share one quota) |


## Response headers

Every response includes:

| Header | Description |
|  --- | --- |
| `X-Rate-Limit-Limit` | Maximum requests allowed (currently `100`). |
| `X-Rate-Limit-Window` | Window length in milliseconds (`60000`). |


When you exceed the limit, the response also includes:

| Header | Description |
|  --- | --- |
| `Retry-After` | Seconds to wait before the next request will be accepted. |


## Exceeded response


```json
{
  "statusCode": 429,
  "message": "Rate limit exceeded for this client. Please wait before making more requests.",
  "error": "Too Many Requests"
}
```

## Recommendations

- Back off on `429` for at least the number of seconds in `Retry-After`.
- If you control multiple integrations against the same client, coordinate
their schedules — they share a single quota.
- For backfills, prefer `limit=1000` and serial paging over many parallel
small requests.