#Rate limits
Requests are rate limited per merchant (keyed by API key), so your limit is never affected by other merchants.
| Bucket | Limit |
|---|---|
| Standard endpoints | 100 requests / minute |
Payment creation (/v1/transactions, /v1/payment-intents, /v1/terminal/create-payment, /v1/checkout/sessions) |
60 requests / minute (in addition to the standard bucket) |
#Headers
Every /v1 response carries the current budget:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 97
When you exceed a limit you get 429 with a Retry-After header (seconds) and the canonical error envelope:
{ "error": { "type": "rate_limit_error", "message": "Too many requests. Please slow down and retry shortly." } }
#Handling 429
Back off for Retry-After seconds and retry — prefer exponential backoff. Because a 429 means the request was not processed, it's safe to retry with the same Idempotency-Key.
The inbound webhook endpoint is separately protected with a high per-IP limit; it does not affect your API budget.