Skip to main content
This page is the shared overview for both APIs. For LENS (v2) specifics — exact windows, every response header, and the full error reference — see Rate limits in the v2 API.
TIC rate-limits every request to protect the service from abuse and keep response times fast for everyone. When you hit a limit, the API responds with HTTP 429 and tells you exactly when you can retry via the Retry-After header.

How limits are enforced

Both APIs enforce rate limits at two levels, using sliding windows:
LevelPurpose
Per IP addressApplied to every request regardless of authentication. Protects the platform from anonymous flooding.
Per API keyApplied on top of IP limits for authenticated requests. Your plan determines the quotas.
Defaults are below. Actual quotas depend on your plan.
LevelPer minutePer dayPer monthUnique IPs (per key)
Per IP (both APIs)60015,000
Per API key (both APIs)603,00020
For LENS (v2) specifics including all response headers and error messages, see Rate limits in the v2 API Reference.

Response headers

Every response includes rate-limit headers so you can track your usage and throttle proactively.
HeaderMeaning
X-RateLimit-LimitQuota for the current period
X-RateLimit-RemainingRequests remaining in the period
X-RateLimit-ResetSeconds until the period resets
X-RateLimit-Limit-MinutePer-minute quota
X-RateLimit-Remaining-MinuteRequests remaining in the current minute
X-RateLimit-Limit-IPMaximum unique source IPs allowed for the key
X-RateLimit-Remaining-IPUnique IPs remaining
Retry-AfterSeconds to wait before retrying (set when 429)

429 response body

When you’re throttled, you receive an HTTP 429 with a JSON body describing which window tripped and when it resets. 
{
  "status": 429,
  "detail": "Too many requests, buy more or upgrade your subscription, check header X-RateLimit-Reset. Will reset at 2024-11-17 07:10:53.",
  "urlForDocumentation": "https://docs.tic.io/throttling"
}
Always read Retry-After (or X-RateLimit-Reset) and back off. Do not retry in a tight loop. A well-behaved client reads these headers on every response and adapts pre-emptively.

IP-based limits

Each API key is capped at a number of unique source IPs per month (default: 20). This protects you if a key is leaked — an attacker’s IP would count against the limit. The downstream IP is read from X-Real-IP or X-Forwarded-For. If you run behind a load balancer or a pool of NAT’d outbound IPs, size your quota accordingly.

Best practices

  • Use exponential backoff when you get a 429.
  • Monitor X-RateLimit-Remaining-Minute to throttle proactively rather than reactively.
  • Consolidate traffic through few IPs to stay under the unique-IP cap.
  • Prefer POST multi-search where available to combine queries into fewer requests.