Rate Limits
The API enforces rate limits per org to ensure fair usage and platform stability.
Limits
| Window | Limit |
|---|---|
| Per second | 5 requests |
Applied per org across all data API endpoints. Exceeding the cap returns 429 Too Many Requests.
Rate Limit Headers
When a request is rate-limited, the response includes headers to help you retry:
| Header | Description |
|---|---|
Retry-After | Seconds to wait before retrying |
X-RateLimit-Limit-Second | Per-second limit (5) |
Example 429 Response
HTTP/1.1 429 Too Many RequestsRetry-After: 1X-RateLimit-Limit-Second: 5Content-Type: application/json
{"detail": "Rate limit exceeded. Please slow down."}Retry Strategy
Use exponential backoff with the Retry-After header:
import timeimport requests
def api_request(url, headers, max_retries=3): for attempt in range(max_retries): response = requests.get(url, headers=headers)
if response.status_code != 429: return response
retry_after = int(response.headers.get("Retry-After", 2 ** attempt)) print(f"Rate limited. Retrying in {retry_after}s...") time.sleep(retry_after)
return response # Return last response if all retries exhaustedasync function apiRequest(url: string, headers: HeadersInit, maxRetries = 3) { for (let attempt = 0; attempt < maxRetries; attempt++) { const response = await fetch(url, { headers });
if (response.status !== 429) return response;
const retryAfter = parseInt(response.headers.get("Retry-After") || String(2 ** attempt)); console.log(`Rate limited. Retrying in ${retryAfter}s...`); await new Promise(resolve => setTimeout(resolve, retryAfter * 1000)); }}# Simple retry with backofffor i in 1 2 3; do response=$(curl -s -w "\n%{http_code}" \ "https://be.graph8.com/api/v1/contacts" \ -H "Authorization: Bearer $API_KEY")
status=$(echo "$response" | tail -1)
if [ "$status" != "429" ]; then echo "$response" | head -n -1 break fi
echo "Rate limited, retrying in ${i}s..." sleep $idoneBest Practices
- Use pagination with high limits - fetch 200 items per page instead of making 200 individual requests.
- Pace at ~200ms between requests - a 200ms delay keeps you safely under 5 rps with headroom for jitter.
- Cache responses - if you fetch the same data repeatedly, cache it locally to reduce API calls.
- Use backoff, not tight loops - when rate-limited, always respect the
Retry-Afterheader instead of retrying immediately.