Developers
Rate Limits
API v1 rate limits are enforced by token, organization, IP hash, and route family. Default limits are 300 read requests per minute per token and 60 write requests per minute per token. Support ticket creation also uses stricter support-specific abuse limits. Limits may vary by plan or abuse posture and can be tightened for abusive traffic.
Reads
GET and HEAD requests. Default: 300/min per token.
Writes
POST, PATCH, PUT, and DELETE requests. Default: 60/min per token.
Failed requests
Failed requests still count because they consume the same route capacity.
Idempotency replays
Replays still pass through the public API rate-limit guard.
Response Headers
FinkMesh-Request-IdSupport/audit correlation id.FinkMesh-API-VersionAPI contract version.FinkMesh-RateLimit-LimitLimit for the tightest active bucket.FinkMesh-RateLimit-RemainingRemaining requests in that bucket.FinkMesh-RateLimit-ResetUnix timestamp when the bucket resets.Retry-AfterSeconds to wait after a 429 response.429 Example
HTTP/1.1 429 Too Many Requests
Retry-After: 12
FinkMesh-RateLimit-Limit: 60
FinkMesh-RateLimit-Remaining: 0
FinkMesh-RateLimit-Reset: 1782950460
{
"error": {
"code": "RATE_LIMITED",
"message": "Rate limit exceeded.",
"requestId": "req_...",
"apiVersion": "2026-07-01",
"details": {
"retryAfter": 12
}
}
}Treat 429 responses as retriable. Use exponential backoff and wait at least the Retry-After value before repeating the same request.