m8tes.ai
Log in
Get started for free

Rate Limits

The API enforces a rate limit of 10,000 requests per minute per account. This limit applies to all /v2 endpoints and is shared across all API keys belonging to the same account.

Rate Limit Headers

Every API response includes headers to help you track your usage:

HeaderDescription
X-RateLimit-LimitMaximum requests allowed per minute
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp when the limit resets

Exceeding the Limit

When you exceed the rate limit, the API returns a 429 status code:

JSON


The response includes a Retry-After header indicating how many seconds to wait before retrying.


SDK Auto-Retry


The Python SDK automatically retries 429 responses with exponential backoff for idempotent methods (GET, PUT, DELETE). POST and PATCH requests are not retried to prevent duplicate side effects.


Python


Auth Endpoint Limits


Login, registration, and password reset endpoints have a separate IP-based limit of 10 requests per minute per IP address. This applies to:


    

  • POST /v1/auth/login
    • 

  • POST /v1/auth/register
    • 

  • POST /v1/auth/forgot-password
    • 

  • POST /v1/auth/reset-password
    • 

  • POST /v1/auth/verify-email
    • 



These endpoints do not require authentication, so rate limiting is keyed by IP rather than account. When exceeded, the response uses a different format:


JSON


Best Practices


    

  • Check headers: Monitor X-RateLimit-Remaining to avoid hitting the limit
    • 

  • Back off on 429: If you receive a 429, wait for the duration in Retry-After before retrying
    • 

  • Spread requests: Distribute requests evenly rather than sending bursts
    •