Certify+

Rate limits

Each API key is limited to 60 requests per rolling 60 seconds. Limits are per-key, not per-endpoint.

Headers

Every authenticated response includes:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 42
X-RateLimit-Reset: 1735689660

X-RateLimit-Reset is a Unix timestamp (seconds) marking the end of the current window.

429 responses

When you exceed the limit, you get:

HTTP/1.1 429 Too Many Requests
Retry-After: 27
Content-Type: application/json

{
  "error": {
    "code": "rate_limited",
    "message": "Too many requests. Slow down and try again."
  }
}

Wait Retry-After seconds before retrying. Implement exponential backoff with jitter if you're batching high volumes.

Best practices

  • Batch issuance. Use recipients: [...] (up to 500 per call) instead of looping recipient: singletons.
  • Cache reads. GET /templates and GET /templates/:id responses are stable — cache them in your integration.
  • Respect Retry-After. Hammering during rate-limit windows extends the block.

Need higher limits?

Reach out via contact with your use case and expected RPS.