Skip to main content
Each API key is independently rate-limited.

Limits

WindowDefault
Burst60 requests per minute
Daily10,000 requests per 24 hours
These limits apply per API key, not per organisation — so a key issued to Zapier and a key issued to your internal cron each get their own budget.

When you hit the limit

You receive 429 rate_limited with a Retry-After header: 
HTTP/1.1 429 Too Many Requests
Retry-After: 12
Content-Type: application/json

{
  "error": {
    "code": "rate_limited",
    "message": "Rate limit exceeded. Slow down and retry shortly.",
    "details": { "limit": 60, "window_seconds": 60 }
  }
}

Honouring Retry-After

Wait at least Retry-After seconds before retrying. A simple backoff loop: 
async function withRateLimit(fn) {
  for (let attempt = 0; attempt < 5; attempt++) {
    const res = await fn();
    if (res.status !== 429) return res;
    const wait = Number(res.headers.get('Retry-After') ?? 5);
    await new Promise((r) => setTimeout(r, wait * 1000));
  }
  throw new Error('Rate limited repeatedly');
}

Need higher limits?

Most integrations sit far below the default. If you have a legitimate need for a higher ceiling — bulk migrations, high-volume nightly sync — contact support@instantcompliance.ai with a description of the workload.

Best practices

  • Batch via cursor pagination instead of N parallel calls.
  • Use updated_since so polling pulls only changed records.
  • Spread cron jobs. Pick a random minute offset so all customers don’t poll on the same :00.
  • Cache reads in your own CRM. Hit our API for refreshes, not for every page load.