Rate Limits

Last updated March 23, 2026

All approved email identities share the same default limits. API keys issued to the same email address draw from the same quota pool. This page explains what the limits are, what happens when you exceed them, and how to stay within them.

Limits

LimitValueScope

Rate limit60 requests / minPer email identity

Daily limit1,000 requests / dayPer email identity

Max limit param100 records / requestPer request

Limits are applied per approved email identity, not per individual API key. If multiple keys were issued to the same email address, they share the same rate limit and daily limit. The rate limit resets every 60 seconds and the daily limit resets at midnight UTC.

Response headers

SynthLink rate-limit metadata is expressed through three HTTP headers.RateLimit-Policy describes the active windows and quotas.RateLimit reports the remaining allowance and time until reset for each window. Retry-After tells the client how long to wait before retrying when the request is throttled.

HTTP response headers

RateLimit-Policy: "minute";q=60;w=60, "day";q=1000;w=86400
RateLimit: "minute";r=42;t=12, "day";r=913;t=43120
Retry-After: 12

HeaderMeaning

RateLimit-PolicyDeclares the server-side policy. In the example above, the API allows 60 requests per 60-second window and 1,000 requests per 86,400-second window.

RateLimitReports the current state of those windows. In the example above, 42 requests remain in the minute window with 12 seconds until reset, and 913 requests remain in the day window with 43,120 seconds until reset.

Retry-AfterReturned when the client must wait before sending another request. The value is expressed in seconds.

Parameter meanings are consistent across windows: q is the total quota,w is the window length in seconds, r is the remaining request count, and t is the number of seconds until that window resets.

429 Too Many Requests

When you exceed either limit, the API returns a 429 Too Many Requests response. The response body includes an error field and a retry_after field indicating how many seconds to wait before retrying. Clients should also read the Retry-After response header and the current RateLimit values.

429 response body

{
  "error": "Too Many Requests",
  "retry_after": 12
}

Handling 429 responses

The recommended approach is to read the retry_after value and wait that many seconds before retrying. If the field is absent, fall back to exponential backoff starting at 1 second.

fetch — retry with backoff

async function fetchWithRetry(url: string, options: RequestInit, retries = 3) {
  for (let i = 0; i < retries; i++) {
    const res = await fetch(url, options);

    if (res.status !== 429) return res;

    const body = await res.json().catch(() => ({}));
    const wait = (body.retry_after ?? Math.pow(2, i)) * 1000;

    await new Promise((r) => setTimeout(r, wait));
  }

  throw new Error("Max retries exceeded");
}

python — retry with backoff

import httpx, time

def fetch_with_retry(url: str, headers: dict, params: dict, retries: int = 3):
    for i in range(retries):
        resp = httpx.get(url, headers=headers, params=params)

        if resp.status_code != 429:
            return resp

        retry_after = resp.json().get("retry_after", 2 ** i)
        time.sleep(retry_after)

    raise Exception("Max retries exceeded")

Staying within limits

A few patterns help you stay well within the default limits.

Cache responses
SynthLink data updates on a schedule — there's no need to fetch the same endpoint more than once per update interval. Cache responses server-side and revalidate on a timer.
Use a smaller limit param
Request only as many records as your UI needs. Fetching 100 records when you display 10 wastes quota and slows your response time.
Avoid polling
Don't repeatedly call the API to check for new data. Instead, schedule fetches to align with the source update interval.

Note:If your use case requires higher limits, contact support@synth-link.com with a description of your use case.

Was this helpful?

Authentication

Sources