> ## Documentation Index
> Fetch the complete documentation index at: https://docs.clickterm.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rate limits

> API rate limits, response headers, and best practices for staying within them.

The ClickTerm API applies rate limits to ensure fair usage and platform stability.

## Limits

| Endpoint type                               | Rate limit                                                                       | Billing                |
| ------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------- |
| `POST /clickwrap/verify`                    | 1,000 requests per hour (per app + IP). Also subject to your plan's event quota. | Counted toward billing |
| `GET` endpoints (clickwrap, customizations) | 1,000 requests per hour (per app + IP)                                           | Free                   |
| `GET` endpoints (events, certificates)      | No explicit rate limit                                                           | Free                   |
| SDK requests (`ClicktermDialog.show()`)     | No explicit rate limit                                                           | Free                   |

<Info>
  Only `POST /clickwrap/verify` calls count toward your billing. All other requests
  are free. See [clickterm.com/pricing](https://clickterm.com/pricing) for pricing details.
</Info>

## Rate limit responses

If you exceed the rate limit, the API returns:

```
HTTP 429 Too Many Requests
```

<Tip>
  Implement exponential backoff with a sensible initial delay (e.g. 1–5 seconds) for
  production integrations.
</Tip>

## Best practices

* **Cache consent status** — Call `GET /clickwraps/{endUserId}/status` once per session rather than before every action
* **Rate limit your own verification calls** — Add a Captcha or rate limiter before `POST /clickwrap/verify` to prevent abuse from end users
* **Don't poll for events** — Use the verification response directly rather than polling event details
* **Batch certificate downloads** — If archiving certificates, spread downloads over time rather than fetching all at once
* **Implement retry logic** — Use exponential backoff for 429 responses
