Rate Limits - Cr3dentials

The API enforces rate limits to keep access fast and reliable for every partner. Limits cap how many requests you can make in a time window; exceeding one returns a temporary 429 until the window resets.

Limits

Global limit: 120 requests per 60 seconds per API key.
Session creation and bulk operations have additional per-endpoint limits.

Your exact limits can vary with your plan and key configuration.

Response headers

Every response includes your current rate-limit status:

X-RateLimit-Limit: 120
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1625097600

Header	Meaning
`X-RateLimit-Limit`	Maximum requests allowed in the current window.
`X-RateLimit-Remaining`	Requests left in the current window.
`X-RateLimit-Reset`	Unix timestamp when the window resets.

When you’re limited

A throttled request returns 429 Too Many Requests:

{
  "statusCode": 429,
  "message": "Too Many Requests"
}

Implement exponential backoff with jitter. Start around 1s and double on each retry (1s, 2s, 4s, 8s) up to a sensible ceiling. Read X-RateLimit-Reset to wait exactly until the window resets instead of guessing.

Best practices

Cache platform lists and other rarely-changing data instead of refetching.

Prefer webhooks over polling to cut request volume.

Watch X-RateLimit-Remaining and slow down before you hit zero.

Webhooks Cr3dentials SDK

⌘I

​Limits

​Response headers

​When you’re limited

​Best practices

Limits

Response headers

When you’re limited

Best practices