Rate Limits
UTM API enforces rate limits to ensure fair usage and platform stability.
Rate Limit Overview
| Endpoint Category | Limit | Window |
|---|---|---|
Authentication (/api/v1/auth/*) | 5 requests | per minute |
Desktop Sync (/api/v1/desktop/sync/*) | 60 requests | per minute |
Signal Ingest (/api/v1/signals/ingest) | 100 requests | per minute |
| All other endpoints | 100 requests | per minute |
Rate Limit Headers
All API responses include rate limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed in the window |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Example Response Headers
HTTP/1.1 200 OK
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1709856000
Rate Limit Exceeded
When you exceed the rate limit, you'll receive a 429 Too Many Requests response:
{
"error": "Rate limit exceeded",
"code": "RATE_LIMIT_EXCEEDED",
"retryAfter": 45,
"message": "Too many requests. Please wait 45 seconds before retrying."
}
The retryAfter field indicates the number of seconds to wait before making another request.
Best Practices
Implement Exponential Backoff
When receiving a 429 response, use exponential backoff:
async function makeRequestWithRetry(url, options, maxRetries = 3) {
for (let attempt = 0; attempt < maxRetries; attempt++) {
const response = await fetch(url, options);
if (response.status === 429) {
const retryAfter = response.headers.get('Retry-After') || Math.pow(2, attempt);
await new Promise(resolve => setTimeout(resolve, retryAfter * 1000));
continue;
}
return response;
}
throw new Error('Max retries exceeded');
}
Batch Requests When Possible
Instead of making multiple individual requests, use batch endpoints where available.
Cache Responses
Cache read-only data (like account info) to reduce API calls.
Monitor Rate Limit Headers
Track X-RateLimit-Remaining to proactively slow down before hitting limits.
Subscription Tiers
Rate limits may vary by subscription tier. Contact support for higher limits if needed.
| Tier | Signal Ingest Limit | General API Limit |
|---|---|---|
| Free | 100/min | 100/min |
| Pro | 500/min | 500/min |
| Enterprise | Custom | Custom |