# Rate Limiting

Requests are throttled per organization to ensure fair usage and system stability.

## Rate Limits

**Default Limit**: 100 requests per hour
Rate limits are configurable per organization. Contact your administrator if you need higher limits.

- Rate limits are enforced per API key
- The limit resets every hour (rolling window)
- Both successful and failed requests count toward your limit


## Rate Limit Headers

Every API response includes headers showing your current rate limit status:

| Header | Description |
|  --- | --- |
| `X-RateLimit-Limit` | Maximum requests allowed per hour |
| `X-RateLimit-Remaining` | Requests remaining in current window |
| `X-RateLimit-Reset` | Unix timestamp when the limit resets |


**Example:**


```http
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 87
X-RateLimit-Reset: 1672531200
```

## When Rate Limited

When you exceed your rate limit, the API returns `429 Too Many Requests`:


```json
{
  "success": false,
  "errors": {
    "__all__": ["Rate limit exceeded. Please try again later."]
  }
}
```

The response includes a `Retry-After` header indicating how many seconds to wait.

## Best Practices

**Optimize Your Usage**:

- Monitor `X-RateLimit-Remaining` header
- Implement exponential backoff for retries
- Cache responses for master data (accounts, items, etc.)
- Distribute requests evenly throughout the hour


## Increasing Your Limit

If you need higher rate limits:

1. Analyze your current usage patterns
2. Optimize to reduce unnecessary requests
3. Contact your administrator with justification
4. Consider using multiple API keys for different services


**Next:** [Learn about Pagination →](/pagination)