API Rate Limits by Service (2025)
Every API enforces rate limits to prevent abuse and ensure fair usage. Exceeding these limits results in HTTP 429 "Too Many Requests" errors and can temporarily block your application. This reference covers rate limits for popular APIs including social media, payment processors, AI services, and cloud platforms — helping you design robust integrations that stay within bounds.
When You Need This Table
- Planning API integrations and choosing providers
- Debugging 429 errors in production applications
- Designing caching strategies to reduce API calls
- Comparing API services for high-volume use cases
- Building rate limiting into your own APIs
Popular API Rate Limits
| API Service | Requests | Time Window | Notes |
|---|---|---|---|
| Twitter/X API (Free) | 1,500 | 15 min | Tweet read only; posting requires paid tier |
| Twitter/X API (Basic) | 10,000 | Month | $100/month; posting included |
| GitHub API (Authenticated) | 5,000 | Hour | Per user; unauthenticated is 60/hour |
| OpenAI API (GPT-4) | 10,000 | Minute | Token-based; varies by model and tier |
| Stripe API | 100 | Second | Read operations; 25/s for write operations |
| Google Maps API | 50 | Second | Varies by service (Places, Directions, etc.) |
| Twilio API | 100 | Second | Varies by endpoint; SMS has per-number limits |
| Slack API | 50+ | Minute | Varies by method; Web API has tiered limits |
| Discord API | 50 | Second | Global rate limit; per-route limits also apply |
| Shopify API (Admin) | 2 | Second | Burst of 40; bucket refills at 2/s |
| SendGrid API | 600 | Minute | Varies by plan; email sending has daily limits |
| AWS API Gateway | 10,000 | Second | Regional limit; can request increase |
Common Rate Limit Headers
| Header | Description |
|---|---|
| X-RateLimit-Limit | Maximum requests allowed in the window |
| X-RateLimit-Remaining | Requests remaining in current window |
| X-RateLimit-Reset | Unix timestamp when the window resets |
| Retry-After | Seconds to wait before retrying (on 429) |
Handling Rate Limits
- Implement exponential backoff on 429 errors
- Cache API responses when data doesn't change often
- Use webhooks instead of polling where available
- Batch requests when the API supports it
Best Practices
- Monitor rate limit headers in every response
- Log rate limit warnings before hitting the limit
- Use separate API keys for different services
- Implement circuit breakers for critical paths
Understanding Rate Limiting Strategies
APIs use different rate limiting algorithms. The most common are fixed window (resets at specific intervals), sliding window (rolling time period), and token bucket (refills at a steady rate). Shopify uses token bucket, which allows bursts up to 40 requests but refills at only 2 per second.
When you receive a 429 error, check the Retry-After header to know exactly when to retry. Implementing exponential backoff — waiting 1s, then 2s, then 4s — prevents overwhelming the API with retry requests. Most libraries like axios-retry handle this automatically.
For high-volume applications, consider caching strategies that reduce API calls. Redis caching with appropriate TTLs can dramatically reduce your request count. Also explore webhooks — instead of polling an API every minute for updates, webhooks push changes to your server in real-time.
How to Handle Rate Limiting in Your Applications
When designing integrations with APIs, it's crucial to implement rate-limit-aware code. Use exponential backoff algorithms to automatically retry failed requests when hitting 429 errors. Most APIs return the Retry-After header which specifies how long to wait before retrying. For critical operations, consider caching frequent responses or batching requests to stay within limits. Some services like Stripe and GitHub allow you to monitor real-time usage through their dashboards, helping you proactively adjust your API consumption. Always check the X-RateLimit-Remaining header in responses to track your remaining quota and avoid sudden failures.
Comparing Free vs Paid API Tiers
Many APIs like Twitter/X and GitHub offer different rate limits depending on your plan. The Twitter/X free tier allows 1,500 requests every 15 minutes but restricts posting capabilities. Their $100/month Basic plan increases limits to 10,000 per month with full posting permissions. Similarly, GitHub's unauthenticated rate limit is just 60 requests/hour but jumps to 5,000/hour when authenticated. When choosing a plan, calculate your application's required request volume and factor in burst capacity needs. Some APIs like OpenAI use token-based limits rather than request counts, requiring different monitoring approaches.
Troubleshooting Common Rate Limit Issues
If you're hitting unexpected rate limits, first verify your API key/credentials are correctly scoped. Some APIs apply limits per-project or per-user. Check the API's documentation for any regional restrictions or IP-based limits. For services like AWS API Gateway, you may need to request a quota increase through their console. When debugging 429 errors, log the Retry-After header value and use it to implement proper delays. Consider using a library like Axios with built-in retry logic to handle rate limiting automatically. For webhooks and background processes, design your system to gracefully handle temporary API unavailability.