Getting started
Rate Limits
Understanding API rate limits by plan
The API enforces rate limits at two levels to protect service quality.
Per-Plan Limits
Rate limits are based on your subscription plan:
| Plan | Requests/min | Requests/day |
|---|---|---|
| Pro | 120 | 10,000 |
| Business | 300 | 50,000 |
API access requires a Pro plan or higher. Free plan users cannot create API tokens.
Heavy Endpoint Limits
Some resource-intensive endpoints have a stricter limit of 1 request per minute:
POST /import/*-- importing bookmarksPOST /export/*-- exporting your libraryDELETE /bookmarks/trash-- emptying trashGET /bookmarks/duplicates-- finding duplicate bookmarksGET /smart-folders/:id/bookmarks-- evaluating smart folder rules
Rate Limit Headers
Every API response includes rate limit information:
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 87
X-RateLimit-Reset: 1712234567| Header | Description |
|---|---|
X-RateLimit-Limit | Your plan's per-minute limit |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp (seconds) when the window resets |
Rate Limit Exceeded
When you exceed the limit, you'll receive a 429 response:
{
"error": {
"code": "RATE_LIMITED",
"message": "Rate limit exceeded"
},
"meta": { "requestId": "req_a1b2c3d4e5f6a1b2" }
}Best practice: check X-RateLimit-Remaining and back off before hitting 0. When you receive a 429, wait until the X-RateLimit-Reset timestamp before retrying.
IP-Based Protection
An additional IP-level rate limit applies before authentication:
- 60 requests per minute per IP address, burst of 20
- 5 failed auth attempts in 5 minutes triggers a 15-minute IP block (403)
IP blocking returns:
{
"error": "IP temporarily blocked due to repeated authentication failures",
"meta": { "requestId": "req_..." }
}