URL: /api/rate-limits

---
title: Rate limits
description: Per-key limits, headers, and how to recover from 429.
---

Rate limits are per API key (or per session for browser tokens), not per IP.

## Default limits

| Endpoint group | Limit | Burst |
| --- | --- | --- |
| Availability and search | 600 / minute | 60 / second |
| Read endpoints | 300 / minute | 30 / second |
| Write endpoints | 60 / minute | 10 / second |
| Bulk operations | 10 / minute | 2 / second |

Limits scale with your plan; if you need more, email [support@domaingenius.com.au](mailto:support@domaingenius.com.au).

## Headers on every response

```http
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 287
X-RateLimit-Reset: 1714560420
```

`X-RateLimit-Reset` is a Unix timestamp.

## When you hit a 429

```json
{ "detail": "Rate limit exceeded", "code": "RATE_LIMITED" }
```

The response carries `Retry-After` in seconds:

```http
HTTP/1.1 429 Too Many Requests
Retry-After: 12
```

Sleep for `Retry-After` and retry. Don't retry sooner — repeat 429s widen your backoff multiplier.

## Burst recovery

If you have a large batch (a CSV of 50,000 domains, say), send it through `POST /api/v1/domains/availability/bulk` rather than fanning out individual GETs. Bulk endpoints have their own pool and don't compete with your interactive traffic.