Developers

Rate Limits

API v1 rate limits are enforced by token, organization, IP hash, and route family. Default limits are 300 read requests per minute per token and 60 write requests per minute per token. Support ticket creation also uses stricter support-specific abuse limits. Limits may vary by plan or abuse posture and can be tightened for abusive traffic.

Reads

GET and HEAD requests. Default: 300/min per token.

Writes

POST, PATCH, PUT, and DELETE requests. Default: 60/min per token.

Failed requests

Failed requests still count because they consume the same route capacity.

Idempotency replays

Replays still pass through the public API rate-limit guard.

Response Headers

FinkMesh-Request-IdSupport/audit correlation id.
FinkMesh-API-VersionAPI contract version.
FinkMesh-RateLimit-LimitLimit for the tightest active bucket.
FinkMesh-RateLimit-RemainingRemaining requests in that bucket.
FinkMesh-RateLimit-ResetUnix timestamp when the bucket resets.
Retry-AfterSeconds to wait after a 429 response.

429 Example

HTTP/1.1 429 Too Many Requests
Retry-After: 12
FinkMesh-RateLimit-Limit: 60
FinkMesh-RateLimit-Remaining: 0
FinkMesh-RateLimit-Reset: 1782950460

{
  "error": {
    "code": "RATE_LIMITED",
    "message": "Rate limit exceeded.",
    "requestId": "req_...",
    "apiVersion": "2026-07-01",
    "details": {
      "retryAfter": 12
    }
  }
}

Treat 429 responses as retriable. Use exponential backoff and wait at least the Retry-After value before repeating the same request.