Rate Limits
Rate limits protect the API from abuse and ensure fair usage. Limits are applied per IP address or per wallet, depending on the endpoint.
Limits by endpoint group
Section titled “Limits by endpoint group”| Endpoint group | Limit | Window | Key |
|---|---|---|---|
Search (GET /domains/search) | 60 requests | 1 minute | IP address |
Registration & Renewal (POST /domains/register, POST /domains/renew) | 10 requests | 1 day | IP address |
DNS operations (GET/POST/PUT/DELETE /dns/*) | 100 requests | 1 hour | Wallet address |
Account (GET /account/*, POST /auth/revoke) | 30 requests | 1 minute | Wallet address |
Auth (GET /auth/nonce, POST /auth/verify, POST /auth/refresh) | 30 requests | 1 minute | IP address |
Response headers
Section titled “Response headers”All rate-limited endpoints include these headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed in the window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
When you’re rate limited
Section titled “When you’re rate limited”You’ll receive a 429 Too Many Requests response:
{ "error": "Too many requests", "message": "Rate limit exceeded. Try again in 45 seconds.", "code": "RATE_LIMITED"}Wait until the X-RateLimit-Reset timestamp before retrying.
Endpoints without rate limits
Section titled “Endpoints without rate limits”These endpoints have no rate limits:
GET /healthGET /.well-known/agent-card.jsonGET /domains/pricingGET /domains/pricing/{tld}GET /domains/status/{jobId}GET /domains/{domain}