Permissions Add tags to users Creating permissions Developer quickstart Rate limits Webhooks Build Available events Verify webhook

Rate limits

The Morta API enforces rate limits so the service stays fast and available for every customer. If your integration goes over a limit, requests are temporarily rejected with a 429 response until the limit window resets.

Global limit

The Morta API accepts up to 10 requests per second. This limit applies across all endpoints combined — not per endpoint.

Authentication limits

A few authentication endpoints have stricter hourly limits per email address to protect accounts from abuse:

Endpoint	Method	Limit per email
`/v1/user/authenticate`	POST	20 per hour
`/v1/user/send-verification-email`	POST	5 per hour
`/v1/user/send-password-reset-email`	POST	5 per hour
`/v1/identities/allowed-methods`	GET	30 per hour

These limits are intentionally low — they exist to slow down brute-force login attempts and account-recovery abuse, and should be well above anything a legitimate integration needs.

Rate limit headers

Every API response includes these headers so you can see where you stand:

Header	Description
`X-RateLimit-Limit`	The maximum number of requests allowed in the current window.
`X-RateLimit-Remaining`	The number of requests remaining in the current window.
`X-RateLimit-Reset`	The UTC epoch time (in seconds) when the current window resets.
`Retry-After`	On a `429` response, the number of seconds to wait before retrying.

When you hit a limit

When a request exceeds a limit, the API returns HTTP 429 Too Many Requests with a JSON body:

{
  "code": "too_many_requests",
  "detail": {
    "message": "10 per 1 second"
  }
}

The message field indicates which limit was triggered.

Handling rate limits in your integration

Watch X-RateLimit-Remaining and slow down before it reaches 0.
On a 429, wait for the number of seconds in Retry-After before retrying. Retrying immediately in a loop will only extend the block.
Use exponential backoff with jitter for retries.
Prefer bulk endpoints over many individual requests where available.
If your integration legitimately needs a higher limit, contact support@morta.io. Customers on the Scale Up plan have higher rate limits than customers on Professional or Team plans.