API rate limits
Certorix API implements rate limiting to ensure fair usage and system stability.
Default limits
- Authenticated endpoints – 100 requests per minute per organization.
- Public endpoints – 30 requests per minute per IP address.
- MCP server – Same limits as authenticated API (100/min).
Rate limit headers
Every response includes headers to help you monitor your usage:
X-RateLimit-Limit– Maximum requests per minute.X-RateLimit-Remaining– Remaining requests in the current window.X-RateLimit-Reset– Unix timestamp when the limit resets.Retry-After– (on 429 responses) seconds to wait before retrying.
What counts toward the limit
All API requests count toward the limit, including successful requests and error responses (except 429 itself). Excluded: webhook deliveries and static asset requests.
Exceeding the limit
When you exceed 100 requests per minute, the API returns 429 Too Many Requests. Implement exponential backoff: wait 1 second, then 2, 4, 8 seconds before retrying.
Higher limits
Business plan subscribers can request higher rate limits (up to 500 requests/minute) by contacting support.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article