Rate Limiting
Mitte enforces rate limits on the webhook ingestion endpoint to ensure fair usage and protect the platform from abuse.
How It Works
Every incoming webhook request to POST /api/v1/h/:slug is checked against two independent rate limiters running in parallel. If either limit is exceeded, the request is rejected with HTTP 429 Too Many Requests.
Per-Endpoint Limit
| Parameter | Value |
|---|---|
| Max Requests | 100 per endpoint slug |
| Window | 60 seconds (sliding) |
| Block Duration | 120 seconds after limit is exceeded |
Per-IP Limit
| Parameter | Value |
|---|---|
| Max Requests | 200 per source IP |
| Window | 60 seconds (sliding) |
| Block Duration | 120 seconds after limit is exceeded |
When both limiters are within bounds, the most restrictive result determines the rate limit headers in the response. When a limit is exceeded, the offending IP or endpoint is blocked for 120 seconds — during this period, all requests return 429 immediately.
Response Headers
Every successful webhook ingestion response (202 Accepted) includes the following rate limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | The maximum number of requests allowed in the current window. |
X-RateLimit-Remaining | The number of requests remaining in the current window. |
X-RateLimit-Reset | Unix timestamp (seconds) when the current window resets. |
When a request is rate-limited (429), an additional header is included:
| Header | Description |
|---|---|
Retry-After | Number of seconds to wait before retrying. |
Example Response Headers
HTTP/1.1 202 Accepted
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 73
X-RateLimit-Reset: 1739487600
Example Rate-Limited Response
HTTP/1.1 429 Too Many Requests
Retry-After: 120
Content-Type: application/json
{ "error": "Too many requests" }
Monthly Quotas
In addition to per-minute rate limits, Mitte enforces monthly request quotas based on your plan:
| Plan | Requests / Month |
|---|---|
| Free | 5,000 |
| Pro ($20/mo) | 250,000 |
When you reach 90% of your monthly quota, you'll receive a notification warning. Once the quota is fully exhausted, all subsequent webhook requests return 429 with the message "Monthly request limit reached". The quota resets on the 1st of each month.
Payload Size Limits
Mitte also enforces maximum payload size per request:
| Plan | Max Payload Size |
|---|---|
| Free | 128 KB |
| Pro | 1 MB |
Requests exceeding the payload limit receive HTTP 413 Payload Too Large.
Best Practices
1. Respect the Retry-After Header
When you receive a 429 response, always wait at least the number of seconds indicated by Retry-After before retrying. Retrying immediately will extend the block period.
2. Implement Exponential Backoff
For automated systems sending high volumes of webhooks, implement exponential backoff with jitter:
delay = min(base_delay * 2^attempt + random_jitter, max_delay)
3. Monitor Rate Limit Headers
Track X-RateLimit-Remaining in your responses. If it drops below 20%, consider throttling your request rate proactively rather than waiting for a hard block.
4. Distribute Load Across Endpoints
Since rate limits are per-endpoint, spreading webhooks across multiple endpoints can increase effective throughput (though you'll still be subject to IP-based limits).
5. Monitor Your Quota
Keep an eye on your monthly usage in the Billing dashboard or via the MCP get_plan_usage tool. Upgrade to Pro if you consistently approach the Free limit.