# Rate Limits

The TokenBot API implements rate limiting to ensure fair usage and platform stability.

## Default Limits

| Plan       | Requests per minute | Requests per day |
| ---------- | ------------------- | ---------------- |
| Free       | 60                  | 1,000            |
| Pro        | 300                 | 10,000           |
| Enterprise | 1,000               | Unlimited        |

## Rate Limit Headers

Every response includes rate limit information:

```
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1706745600
```

## Rate Limit Exceeded

HTTP `429 Too Many Requests`:

```json
{
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Too many requests. Please retry after 45 seconds.",
    "retryAfter": 45
  }
}
```

## Best Practices

1. **Cache responses** when possible
2. **Use webhooks** for real-time updates instead of polling
3. **Implement exponential backoff** for retries
4. **Batch operations** where the API supports it

## WAF Protection

The API is protected by AWS WAF with:

* Geo-blocking (RU, CN, KP, IR)
* AWS Managed Rules
* Rate limiting (2000 requests per 5 minutes per IP)

## Increasing Your Limits

Contact us at <api@tokenbot.com> to discuss higher rate limits.