Rate limits
Requests are limited to 100 per minute per API key (sliding window).
Every response carries the current state:
| Header | Meaning |
|---|
X-RateLimit-Limit | Max requests in the window |
X-RateLimit-Remaining | Requests left in the current window |
X-RateLimit-Reset | When the window resets (epoch ms) |
Retry-After | Seconds to wait (only on 429) |
429:
{ "error": "Rate limit exceeded" }
Error shape
Every error response is JSON with an error string (and, on unknown-type
404s, a suggestions array):
{ "error": "Unknown custom object type: order", "suggestions": ["orders"] }
Status codes
| Status | When |
|---|
200 | Success |
400 | Wrong Content-Type, malformed JSON, or schema validation failure |
401 | Missing or invalid API key |
404 | Unknown custom object type, or a relationship endpoint that doesn’t exist |
429 | Rate limit exceeded |
500 | Unexpected server error (internals are never leaked) |
Server errors return a generic message by design — they never echo stack
traces or payload contents.