| Limit | Value | Window | Scope |
|---|---|---|---|
| Short-term rate limit | 100 requests | 60-second window | per Marketplace Partner ID |
| Hourly quota | 1,000 requests | 1-hour window | per Marketplace Partner ID |
target_id (Member Tenant ID) nor registering an additional OAuth client_id creates a separate budget.If you are building a public Marketplace app and expect more than a handful of Member installs, request a limit increase before general availability. See Requesting an increase below.
429 Too Many Requests:HTTP/1.1 429 Too Many Requests
Content-Type: application/json
Retry-After: 52
X-Quota-Limit: 1000
X-Quota-Remaining: 0{
"statusCode": 429,
"message": "Rate limit is exceeded. Try again in 52 seconds."
}Retry-After — present only on 429 responses. The number of seconds to wait before retrying. Always honor this value over the wait time embedded in the message.message — human-readable description of which limit was exceeded; also embeds the wait time in seconds.429 response is returned for both the short-term rate limit and the hourly quota; the Retry-After value distinguishes them (seconds for the rate limit, up to one hour for the quota).Retry-After seconds before retrying. Treat this as a minimum, not an exact wait.POST /v1/webhook) and call GET endpoints only when notified of a change.Retry-After.Retry-After reflects the time remaining until the next reset.2xx) responses4xx, except 429 itself)5xx)| Header | Description |
|---|---|
X-Quota-Limit | Total request budget for the current 1-hour window. |
X-Quota-Remaining | Requests remaining in the current window. Reaches 0 when the quota is exhausted. |
X-Quota-Limit: 100
X-Quota-Remaining: 84X-Quota-Remaining to throttle your client proactively — for example, slow down or pause batch work once it drops below ~10% of X-Quota-Limit. These headers are returned on every response (2xx, 4xx, and 5xx), not just on 429.Usage headers for the short-term rate limit (100/minute) are not currently exposed. You will only learn that you've hit it when you receive a 429with a small-numberRetry-After.
client_id of the affected OAuth app, if applicable)