Rate Limits
API rate limiting and throttling
Rate Limit Policy
The Infracard API enforces rate limits to ensure stability. The default limit is 60 requests per minute per API key.
Rate Limit Headers
Every API response includes rate limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per window |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Handling 429 Responses
When you exceed the rate limit, the API returns 429 Too Many Requests:
{
"statusCode": 429,
"message": "ThrottlerException: Too Many Requests"
}Use the X-RateLimit-Reset header to determine when to retry:
const response = await fetch(url, options)
if (response.status === 429) {
const resetTime = Number(response.headers.get('X-RateLimit-Reset'))
const waitMs = (resetTime * 1000) - Date.now()
await new Promise((r) => setTimeout(r, Math.max(waitMs, 0)))
// Retry the request
}Best Practices
- Cache responses when possible to reduce API calls
- Use webhooks instead of polling for real-time updates
- Implement backoff to gracefully handle rate limit errors
- Monitor usage through rate limit headers to stay within limits