Rate Limits

Rate limits for the Carta APIs


We rate-limit access to our API to maintain our platform's stability. We include information about your usage in each response to help you monitor your usage and avoid "Too Many Requests" errors.

These are the current limits in place:

  • Up to 10 requests/second
  • Up to 300 requests/minute



Clients can burst to 10 requests/second, but are limited to 300 requests/minute.

Response headers

We return the following headers in every API response:

RateLimit-Limit: 10
RateLimit-Remaining: 9
RateLimit-Reset: 1
X-RateLimit-Limit-Second: 10
X-RateLimit-Remaining-Second: 9
X-RateLimit-Limit-Minute: 300
X-RateLimit-Remaining-Minute: 299
Header nameDescription
RateLimit-LimitThe maximum number of requests that can be made in a second.
RateLimit-RemainingThe remaining number of requests.
RateLimit-ResetThe number of seconds a client needs to wait before retrying.
X-RateLimit-Limit-SecondThe maximum number of requests that can be made in a second.
X-RateLimit-Remaining-SecondThe remaining number of requests per second.
X-RateLimit-Limit-MinuteThe maximum number of requests that can be made in a minute.
X-RateLimit-Remaining-MinuteThe remaining number of requests per minute.

If you exceed these limits, we will return a 429 Too Many Requests error.

{ "message": "API rate limit exceeded" }

Our recommendations for working with rate limits

  • Optimize your code to request only the data you need.
  • Analyze our response header metadata to monitor your usage.
  • Gracefully handle 429 status responses and build a retry mechanism with exponential backoff.