Rate Limits

We believe in being straight with developers about what's enforced today.

Current state

The REST API and MCP server do not apply a hard per-key request rate limit today. Authentication endpoints (sign-in, password reset) are throttled to 6 requests per minute.

That said, design your integration to be a good citizen:

• Batch where you can rather than firing one request per item in a tight loop.
• Back off on 5xx responses with exponential retry.
• Cache account and media lists instead of re-fetching them on every operation.

Coming soon

Per-key rate limits with standard X-RateLimit-* response headers are planned. When introduced, exceeding the limit will return 429 Too Many Requests with a Retry-After header. We'll announce the limits in the Changelog before enforcing them, so integrations can adapt.

Webhooks

Outbound webhooks (publish/fail notifications) are not available yet — today you poll GET /api/posts (or the MCP list_scheduled tool) for status. Webhooks are on the roadmap.