Skip to main content

Rate Limits

The Medplum API uses a number of safeguards against bursts of incoming traffic to help maximize its stability. Users who send many requests in quick succession might see HTTP error responses with status code 429 Too Many Requests.

Default Rate Limits

CategoryFree tierPaid tier
Auth (/auth/*, /oauth2/*)60 request per IP per minute60 request per IP per minute
Others6,000 requests per IP per minute60,000 requests per IP per minute

All rate limits are calculated per IP address over a one minute window.

Rate limits can be increased for paid plans. Please contact us for more information.

HTTP Headers

All API calls affected by rate limits will include the following headers:

  • X-Ratelimit-Limit: The maximum number of requests that the consumer is permitted to make in a one minute window.
  • X-Ratelimit-Remaining: The number of requests remaining in the current rate limit window.
  • X-Ratelimit-Reset: The time at which the current rate limit window resets in UTC epoch seconds.
X-Ratelimit-Limit: 600
X-Ratelimit-Remaining: 599
X-Ratelimit-Reset: 1713810464