Rate Limits

The Privy API enforces rate limits to ensure fair usage and reliable performance for all accounts.

Default limits

Window	Limit
Per minute	60 requests
Per day	10,000 requests

Limits are applied per account (not per token). All tokens for the same account share the same rate limit budget.

Every API response includes headers showing your current rate limit status:

Header	Description
`X-RateLimit-Limit-Minute`	Maximum requests allowed per minute
`X-RateLimit-Remaining-Minute`	Requests remaining in the current minute window
`X-RateLimit-Reset-Minute`	Unix timestamp when the minute window resets
`X-RateLimit-Limit-Day`	Maximum requests allowed per day
`X-RateLimit-Remaining-Day`	Requests remaining in the current day window
`X-RateLimit-Reset-Day`	Unix timestamp when the day window resets
`Retry-After`	Seconds to wait before retrying (only present on `429` responses)

When you exceed the limit, the API returns a 429 status code with a rate_limited error:

{
  "error": {
    "code": "rate_limited",
    "message": "Rate limit exceeded"
  }
}

Use the Retry-After header to determine how long to wait before retrying.

Check the headers. Monitor X-RateLimit-Remaining-Minute to stay within limits proactively.
Use filters. Narrow your GET /v1/contacts requests with filters like email or email_permission to reduce the number of calls needed.
Cache responses. Avoid making the same request repeatedly when the data hasn’t changed.
Implement backoff. If you receive a 429, wait the number of seconds specified in Retry-After before retrying. For repeated failures, use exponential backoff.

Need higher limits? Contact support@privy.com to discuss your use case.