Understanding rate limit headers
4 min read Updated January 20, 2026
Overview
Every ComplianceGrid API response includes rate limit headers that tell you exactly where you stand relative to your quota. Understanding these headers is essential for building resilient integrations.
Rate Limit Headers
Every response includes three headers:
X-RateLimit-Limit— Your maximum requests per window (e.g.,1000)X-RateLimit-Remaining— Requests remaining in the current windowX-RateLimit-Reset— Unix timestamp when the window resets
Example Response Headers
HTTP/1.1 200 OK X-RateLimit-Limit: 1000 X-RateLimit-Remaining: 847 X-RateLimit-Reset: 1706313600 Content-Type: application/json
Sandbox vs. Production Limits
| Environment | Rate Limit | Monthly Quota |
|---|---|---|
| Sandbox | 60 req/min | 10,000/month |
| Self-Serve | 300 req/min | Unlimited (metered) |
| Enterprise | Custom | Custom |
Handling Rate Limits in Code
javascript
async function callWithBackoff(url, options, maxRetries = 3) {
for (let i = 0; i < maxRetries; i++) {
const res = await fetch(url, options);
if (res.status !== 429) return res;
const resetAt = res.headers.get('X-RateLimit-Reset');
const waitMs = (Number(resetAt) * 1000) - Date.now();
await new Promise(r => setTimeout(r, Math.max(waitMs, 1000)));
}
throw new Error('Rate limit exceeded after retries');
}Best Practices
- Implement exponential backoff for 429 responses
- Cache responses where data doesn't change frequently (e.g., HS code lookups)
- Use batch endpoints when available to reduce call count
- Monitor
X-RateLimit-Remainingand slow down proactively before hitting 0
Was this article helpful?