Rate Limits
The MTG Rack API enforces rate limits to ensure fair usage and protect service stability. Limits apply per API key or OAuth2 access token.
Request Limits
Every API key is subject to two rate limit tiers:
- 60 requests per minute — a sliding window that resets continuously
- 10,000 requests per day — resets at midnight UTC
Both limits are tracked independently. Hitting either limit will cause subsequent requests to be rejected until the window resets.
Rate Limit Headers
Every API response includes headers so you can monitor your usage programmatically:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 42
X-RateLimit-Reset: 1700000000
X-RateLimit-Day-Limit: 10000
X-RateLimit-Day-Remaining: 9813X-RateLimit-Limit— max requests allowed in the current per-minute windowX-RateLimit-Remaining— requests remaining in the current per-minute windowX-RateLimit-Reset— Unix timestamp when the per-minute window resetsX-RateLimit-Day-Limit— max requests allowed per dayX-RateLimit-Day-Remaining— requests remaining today
Handling 429 Responses
When you exceed either limit, the API returns a 429 Too Many Requests response with a Retry-After header indicating how many seconds to wait before retrying:
HTTP/1.1 429 Too Many Requests
Retry-After: 12
Content-Type: application/json
{
"error": {
"code": "rate_limit_exceeded",
"message": "Per-minute rate limit exceeded. Retry after 12 seconds.",
"status": 429
}
}Best Practice
X-RateLimit-Remaining header proactively and slow down before hitting zero, rather than waiting for 429 errors.Webhook Delivery Limits
Webhook subscriptions have a separate daily delivery cap of 1,000 deliveries per day per subscription. This limit resets at midnight UTC. If your integration handles high-volume events (e.g., bulk imports), take advantage of event batching — events within a 5-second window are aggregated into a single delivery, helping you stay well under the cap.