API Rate Limits
FlowCMS enforces rate limiting to ensure platform stability, fair resource allocation, and optimal performance for all users. Limits are applied per API key and vary based on your subscription tier.
Limits by Subscription Tier
| Plan | Requests / Hour | Requests / Minute | Concurrent Connections |
|---|---|---|---|
| Starter | 1,000 | 60 | 5 |
| Professional | 50,000 | 1,000 | 50 |
| Enterprise | Custom / Unlimited | Custom / Unlimited | Custom / Unlimited |
FlowCMS uses a sliding time window for rate limiting. This means limits reset continuously rather than at fixed intervals, providing smoother throttling under heavy load.
Rate Limit Headers
Every API response includes headers indicating your current rate limit status. Monitor these to implement graceful throttling in your applications.
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 987
X-RateLimit-Reset: 1698765432
Retry-After: 45
Header Definitions
- X-RateLimit-Limit — The maximum number of requests allowed per minute for your tier.
- X-RateLimit-Remaining — The number of requests remaining in the current window.
- X-RateLimit-Reset — Unix timestamp when the rate limit window resets.
- Retry-After — Seconds until you can make new requests (only present on 429 responses).
Handling Rate Limit Exceeded (429)
When you exceed your allocated rate limit, FlowCMS returns an HTTP 429 Too Many Requests status code. The response body contains actionable details to help you implement backoff strategies.
{
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "You have exceeded your API rate limit. Please retry after 38 seconds.",
"retry_after": 38,
"docs_url": "https://docs.flowcms.io/rate-limits"
}
}
Implement exponential backoff with jitter when handling 429 responses. Do not retry immediately, as this may trigger temporary IP-level blocks or additional throttling.
Optimizing API Usage
Reduce unnecessary API calls and stay within your limits by following these best practices:
- Use cache-control headers and client-side caching for non-volatile content.
- Batch operations where possible using our /bulk endpoints.
- Leverage Webhooks instead of polling for real-time content updates.
- Request only the fields you need using the ?fields= query parameter.
- Use pagination efficiently to avoid loading excessive data in single requests.
Requesting Higher Limits
Do you have a high-traffic application or batch processing needs that exceed standard tier limits? We can accommodate custom rate limits for qualifying use cases.
To request a limit increase:
- Upgrade to the Professional or Enterprise tier.
- Contact your Account Manager or email sales@flowcms.io.
- Provide details about your expected traffic patterns, peak usage times, and use case.
Rate limit increases are evaluated case-by-case. Enterprise customers receive dedicated infrastructure scaling and custom SLAs upon approval.
Frequently Asked Questions
Do rate limits apply to all endpoints?
Yes. Rate limiting applies globally across all REST and GraphQL API endpoints for a given API key. Authentication endpoints have separate, stricter limits for security.
Are webhooks subject to rate limits?
No. Outbound webhooks operate on a separate delivery queue and are not counted against your API rate limits. However, webhook endpoints should respond within 3 seconds to avoid timeout retries.
Can I monitor my usage in real-time?
Yes. Visit your Dashboard → API Keys → Usage Analytics to view real-time request metrics, historical trends, and limit utilization charts.