429 Too Many Requests, along with a response header: X-User-Hour-Limit-Remaining. The
value in the response header represents the number of seconds until the rate limit resets.
For example, suppose the POST /users endpoint has a rate limit of 100 calls per 1 hour. If more than 100 requests are made within the
given hour, any subsequent requests would fail and return the error indicated above.
Since rate limiting is applied tenant-wide, all tokens share the same rate limit.
Rate limits
| Name | Reset time remaining header | Limit | Duration | Endpoints |
|---|---|---|---|---|
| Modify users rate limit | X-User-Hour-Limit-Remaining | 100 | 1 hour | - Create user - Update user - Resend activation email |
Platform-level rate limits
Additional rate limits are applied at the platform level on a per-IP address basis to protect against potential abuse or client-side software incidents, and are set high enough that customers should not encounter them in regular use. Platform-level rate limits will return the HTTP status429 with no X-User-Hour-Limit-Remaining header, and requests can be retried after approximately 30 seconds.