The API enforces rate limits to keep the platform stable for everyone. When you exceed a limit, the request is rejected with HTTP 429 and you should back off before retrying.

Limits

ScopeLimit
Per API key1,000 requests per hour
Per IP address2,000 requests per hour
Both limits apply simultaneously — exceeding either returns 429.

The 429 response

A throttled request returns HTTP 429 with the standard error envelope and a Retry-After header indicating how many seconds to wait before retrying.
Response
HTTP/1.1 429 Too Many Requests
Retry-After: 30
Content-Type: application/json

{
  "error": {
    "code": "rate_limit_exceeded",
    "message": "Rate limit exceeded"
  }
}
1

Respect Retry-After first

If the response carries a Retry-After header, wait at least that many seconds before the next attempt.
2

Otherwise use exponential backoff

When no header is present, back off exponentially — for example 1s, 2s, 4s, 8s — with a small random jitter to avoid synchronised retries.
3

Cap retries

Stop after a few attempts and surface the failure rather than retrying forever.
Node
async function withBackoff(makeRequest, maxAttempts = 5) {
  for (let attempt = 0; attempt < maxAttempts; attempt++) {
    const res = await makeRequest();
    if (res.status !== 429) return res;

    const retryAfter = Number(res.headers.get("Retry-After"));
    const backoff = Number.isFinite(retryAfter) && retryAfter > 0
      ? retryAfter * 1000
      : Math.min(2 ** attempt * 1000, 30_000);
    const jitter = Math.random() * 250;
    await new Promise((r) => setTimeout(r, backoff + jitter));
  }
  throw new Error("Rate limit: exhausted retries");
}

Staying under the limit

Cache read-only data

Cache slow-changing reads (accounts, payees) instead of polling them on every request.

Prefer webhooks over polling

Subscribe to events for state changes rather than repeatedly fetching status.

Page efficiently

Use a sensible limit so you fetch large lists in fewer requests.

Use idempotency for retries

Idempotency keys make money-moving retries safe after a backoff.