Rate Limiting
The Pixee PIM API enforces per-endpoint rate limits to ensure fair usage and platform stability. Limits are tracked in Redis and persist across API instances.
Rate limit tiers
Endpoints are grouped into tiers by category, each with its own limit and sliding window.
Auth
| Tier | Limit | Endpoints |
|---|---|---|
AUTH_LOGIN | 5 / 15 min | POST /auth/login |
AUTH_PASSWORD_RESET | 3 / hour | POST /auth/forgot-password |
AUTH_REFRESH | 30 / min | POST /auth/refresh |
AUTH_LOGIN uses a 15-minute window — not 1 minute. After 5 failed login
attempts the endpoint is blocked for the remainder of that window.
Read
| Tier | Limit | Endpoints |
|---|---|---|
READ_PUBLIC | 2 000 / min | Health checks, public routes |
READ_STANDARD | 1 000 / min | GET endpoints (products, imports, etc.) |
READ_ADMIN | 200 / min | Admin endpoints |
READ_SENSITIVE | 50 / min | Analytics, KPIs, reports |
Write
| Tier | Limit | Endpoints |
|---|---|---|
WRITE_STANDARD | 100 / min | POST / PUT / PATCH / DELETE |
WRITE_CONFIG | 30 / min | Configuration endpoints |
WRITE_UPLOAD | 30 / min | File upload endpoints |
WRITE_USER_MGMT | 20 / min | User management |
Bulk
| Tier | Limit | Endpoints |
|---|---|---|
BULK_UPDATE | 30 / min | Bulk attribute updates |
BULK_EXPORT | 20 / min | Export batch jobs |
BULK_CREATE | 20 / min | Bulk product creation |
BULK_IMPORT | 10 / min | Import batch jobs |
BULK_DELETE | 10 / min | Bulk deletes |
AI
| Tier | Limit | Endpoints |
|---|---|---|
AI_SINGLE | 10 / min | Individual AI enrichment |
AI_BATCH | 5 / min | Batch AI enrichment |
Export & utilities
| Tier | Limit | Endpoints |
|---|---|---|
PROGRESS_POLL | 600 / min | Job progress polling |
HEALTH_CHECK | 600 / min | Health endpoints |
EXPORT_DOWNLOAD | 100 / min | File downloads |
EXPORT_STANDARD | 50 / min | Standard export jobs |
EXPORT_STREAM | 10 / min | Streaming exports |
Rate limit headers
X-RateLimit-* headers are injected only on authenticated endpoints accessed via API key. They are not present on every response.
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed in the current window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Example response headers (API key endpoints)
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 987
X-RateLimit-Reset: 1747220460
Handling rate limit errors
When you exceed the limit, the API returns 429 Too Many Requests:
429 Response
{
"error": "rate_limit_exceeded",
"message": "Rate limit exceeded",
"detail": "5 per 15 minutes",
"retry_after": "Please wait before making more requests"
}
The retry_after field is a human-readable string, not an integer.
To determine the exact wait time, parse the detail field (e.g. "5 per 15 minutes")
or implement exponential backoff (see below).
Retry strategy
We recommend exponential backoff with jitter:
Exponential backoff (Python)
import time
import random
import httpx
def call_with_backoff(url, headers, max_retries=5):
for attempt in range(max_retries):
response = httpx.get(url, headers=headers)
if response.status_code == 429:
wait = (2 ** attempt) + random.uniform(0, 1)
time.sleep(wait)
continue
return response
raise Exception("Max retries exceeded")
For bulk operations (imports, exports, batch AI enrichment), schedule jobs during
off-peak hours. BULK_IMPORT, BULK_DELETE, and AI_BATCH have the strictest
limits (5–10 requests per minute).