Skip to content

Rate Limits

ContextLimitScope
REST API (authenticated)60 requests/minutePer API key
MCP (unauthenticated)20 requests/minutePer IP address

Your per-key rate limit is visible in the GET /v1/account response under api_keys[].rate_limit.

Every API key-authenticated response includes rate limit headers:

HeaderDescription
X-RateLimit-LimitMaximum requests allowed in the current window
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp (seconds) when the window resets

You’ll receive a 429 Too Many Requests response:

{
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Rate limit exceeded",
"details": {
"retry_after_seconds": 45
},
"suggestion": "Retry after 45 seconds. Check X-RateLimit-Reset header for exact reset time."
}
}

See the full error format in the Error Codes reference.

  • Check headers proactively. Monitor X-RateLimit-Remaining and slow down before hitting the limit rather than reacting to 429 errors.
  • Use exponential backoff. When you receive a 429, wait for retry_after_seconds before retrying. If you get repeated 429s, increase the wait time exponentially.
  • Batch where possible. A single search across multiple jurisdictions is one request, not one per jurisdiction.
  • Cache results. Entity lookups (GET /v1/entity/:id) are free and don’t count against your rate limit. Use them to retrieve previously verified entities instead of re-verifying.

If your use case requires more than 60 requests/minute, contact us at support@bizverify.co to discuss custom rate limits.