Skip to main content
The DevHelm API enforces rate limits per organization using a sliding-window algorithm. Limits vary by plan and are shared across all API keys in the same organization.

Limits by plan

PlanRequests per minute
Free100
Starter1,000
Pro5,000
Team5,000
Business100,000
Enterprise100,000

Response headers

Every authenticated API response includes rate limit headers:
HeaderDescription
X-RateLimit-LimitMaximum requests allowed in the window
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp (seconds) when the window resets
HTTP/1.1 200 OK
X-RateLimit-Limit: 5000
X-RateLimit-Remaining: 4987
X-RateLimit-Reset: 1712956860

When rate limited

When you exceed the limit, the API returns 429 Too Many Requests with a Retry-After header: 
HTTP/1.1 429 Too Many Requests
Retry-After: 12
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1712956860

{
  "status": 429,
  "message": "Rate limit exceeded. Retry after 12.",
  "timestamp": 1712956848000
}

Retry strategy

async function fetchWithRetry(url: string, options: RequestInit, maxRetries = 3) {
  for (let attempt = 0; attempt < maxRetries; attempt++) {
    const response = await fetch(url, options);

    if (response.status === 429) {
      const retryAfter = parseInt(response.headers.get("Retry-After") || "5");
      await new Promise((r) => setTimeout(r, retryAfter * 1000));
      continue;
    }

    return response;
  }
  throw new Error("Max retries exceeded");
}

Best practices

Check the X-RateLimit-Remaining header in responses and throttle proactively when it gets low, rather than waiting for 429 errors.
Instead of polling for status changes, use platform webhooks to receive real-time event notifications.
For data that doesn’t change frequently (service catalog, monitor configurations), cache responses locally and refresh periodically.
Instead of creating monitors one at a time via API calls, define them in devhelm.yml and deploy in a single operation.

Unauthenticated rate limits

Public endpoints (service catalog, status data) have a separate IP-based rate limit of 60 requests per minute per IP address. This limit is independent of the organization-level limit.

Check your current limits

curl https://api.devhelm.io/api/v1/auth/me \
  -H "Authorization: Bearer $DEVHELM_API_TOKEN"
The response includes rate limit info for your API key: 
{
  "rateLimits": {
    "requestsPerMinute": 5000,
    "remaining": 4950,
    "windowMs": 60000
  }
}