Rate Limits - Flozy

The API enforces two independent rate limits:

Limit	Scope	Window
100 req / 10 s	Per API key	Rolling 10 s

Response headers

Every authenticated response includes:

Header	Description
`X-RateLimit-Limit`	Maximum requests allowed in the window
`X-RateLimit-Remaining`	Requests remaining in the current window
`X-RateLimit-Reset`	Unix timestamp when the window resets

Handling 429

When you exceed the limit the API returns 429 Too Many Requests:

{
  "http_code": 429,
  "status": "failed",
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Rate limit exceeded. Try again after the reset time."
  }
}

Use the X-RateLimit-Reset header to determine when to retry.

async function fetchWithRetry(url, options, retries = 3) {
  const res = await fetch(url, options);

  if (res.status === 429 && retries > 0) {
    const reset = res.headers.get('X-RateLimit-Reset');
    const waitMs = reset ? (Number(reset) * 1000 - Date.now()) : 1000;
    await new Promise(r => setTimeout(r, Math.max(waitMs, 0)));
    return fetchWithRetry(url, options, retries - 1);
  }

  return res;
}

Authentication Error Codes

​Response headers

​Handling 429

Response headers

Handling 429