Rate Limiting
Request limits for the Rezzy Public API
We rate limit the public API to keep things stable for everyone. As we grow, we may increase these limits. Limits are checked in order: API key first, then account.
If any layer trips, you get a 429. The response tells you when you can retry - same format no matter which layer limited you.
How It Works
Every request passes through two layers of rate limiting in sequence. If any layer says no, you get a 429.
- API key - Applied on every request. Limits vary by plan.
- Account - Applied when your key maps to a valid user account.
Limits by Tier
| Layer | Free tier | Pro tier | Window |
|---|---|---|---|
| API key | 10 requests | 20 requests | 60 s |
| Account | 60 requests | 60 requests | 60 s |
The X-RateLimit-Remaining and X-RateLimit-Reset values you see in responses come from the last layer that was checked.
Checking How Much You Have Left
On successful responses we include:
| Header | Description |
|---|---|
X-RateLimit-Remaining | Requests left in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Read these headers proactively so you know how much headroom you have before hitting a limit.
When You Hit the Limit
- Status: 429 Too Many Requests
- Headers:
Retry-After(seconds until reset),X-RateLimit-Remaining: 0,X-RateLimit-Reset(Unix timestamp) - Body: Standard error envelope
Use Retry-After for a simple delay, for example sleep(retry_after). Use X-RateLimit-Reset if you want to display "resets at..." or compare against your system clock. The retry_after value in the JSON body mirrors the Retry-After header.
What a 429 Response Looks Like
Headers
| Header | Value / Meaning |
|---|---|
Retry-After | Seconds until the rate limit window resets. Use for sleep(retry_after) or as a retry delay. |
X-RateLimit-Remaining | 0 |
X-RateLimit-Reset | Unix timestamp when the limit resets. Compare to your clock or display as "resets at...". |
Content-Type | application/json |
Body
{
"success": false,
"message": "Too many requests. Please try again later.",
"data": {
"error_code": "RATE_LIMIT_EXCEEDED",
"details": {
"retry_after": 45
}
}
}Example: 429 Response
HTTP/1.1 429 Too Many Requests
Retry-After: 52
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1734567890
Content-Type: application/json
{
"success": false,
"message": "Too many requests. Please try again later.",
"data": {
"error_code": "RATE_LIMIT_EXCEEDED",
"details": {
"retry_after": 52
}
}
}Regardless of which layer tripped the limit, the response structure is always identical - same headers, same body shape.