Rate limits
The HLD API enforces rate limits per API key to ensure reliability for all customers. Limits are applied on a rolling 60-second window.
Default limits
| Name | Type | Required | Description |
|---|---|---|---|
| Standard endpoints | 300 req/min | No | Applies to most GET and PATCH endpoints. |
| Write endpoints | 60 req/min | No | POST and DELETE endpoints. |
| Response actions | 10 req/min | No | Sentinel response action triggers. |
| Report generation | 5 req/min | No | Compliance report generation. |
| Webhook registration | 30 req/min | No | Creating and updating webhook endpoints. |
Rate limit headers
Every API response includes rate limit headers so you can track your current consumption.
http
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 247
X-RateLimit-Reset: 1748750460
Retry-After: 12Handling 429s
When you exceed the limit, the API returns 429 Too Many Requests. Implement exponential backoff — do not immediately retry.
typescript
async function apiRequest(url: string, attempt = 0): Promise<Response> {
const res = await fetch(url, {
headers: { Authorization: `Bearer ${process.env.HLD_API_KEY}` },
})
if (res.status === 429 && attempt < 5) {
const retryAfter = parseInt(res.headers.get('Retry-After') ?? '2', 10)
await new Promise(r => setTimeout(r, retryAfter * 1000 * Math.pow(2, attempt)))
return apiRequest(url, attempt + 1)
}
return res
}Tip:If you're building a high-volume integration (SOC automation, bulk device queries), contact HLD to discuss elevated rate limits on your account.