Rate limits protect the API and the underlying bank providers. When you exceed a limit, the API responds with 429 Too Many Requests and a JSON message. Where applicable, the response includes a Retry-After header (seconds until you can retry).Limits#
| What | Limit |
|---|
| General API requests | 100 requests per minute per user |
Manual account sync (POST /finance/accounts/{id}/sync) | Per account and data type; a 429 means that data was synced recently, and the message says roughly how long to wait |
| Transfer and rule undo/retry endpoints | 6 requests per minute |
Webhook test deliveries (POST /webhooks/{id}/test) | 5 requests per minute |
| Destination connection refresh | 1 request per minute per connection |
Bank data itself is refreshed on a schedule that depends on your plan and each connection's configuration, so polling the API faster than your sync frequency will not surface new data any sooner. For real-time reactions, use Webhooks instead of polling.Handling 429 responses#
Back off and retry after the Retry-After interval (or with exponential backoff if the header is absent).
Spread bulk work over time rather than bursting; with pagination at 100 items per page and 100 requests per minute, you can move a lot of data well within the limits.
Cache data you have already fetched. Transactions and balances only change when a sync runs.
Modified at 2026-07-11 12:31:34