Rate limits
Rate limits are applied per API key using a sliding window. Each endpoint belongs to a tier that determines its quota.
Tiers
| Tier | Limit | Description |
|---|---|---|
| read | 1,000 / min | GET requests (list, retrieve). |
| write | 200 / min | POST, PATCH, DELETE (create, update, delete). |
| send | 100 / min | Sending email (POST /v1/messages, POST /v1/threads/:id/reply). |
| verification | 1 / min | Domain verification (POST /v1/domains/:id/verification). |
Response headers
Every authenticated response includes rate limit headers:
| Header | Description |
|---|---|
| X-RateLimit-Limit | Maximum requests allowed in the current window. |
| X-RateLimit-Remaining | Requests remaining in the current window. |
| X-RateLimit-Reset | Unix timestamp (seconds) when the window resets. |
| Retry-After | Seconds to wait before retrying. Present on 429 responses only. |
Handling 429 responses
When you exceed the limit, the API returns a 429 status with a Retry-After header containing the number of seconds to wait. Back off for that duration before retrying.