API Limits & Usage Policies
To ensure platform stability and protect against fraudulent activity such as SMS pumping, we enforce the following rate limits. Understanding these limits helps you build resilient integrations.
✦ No credit card required · Free plan available · Setup in 5 minutes
WhatsApp API Limits — Coming Soon
Our WhatsApp API is currently in active development. Comprehensive documentation covering per-endpoint rate limits, message throughput tiers, burst allowances, and webhook delivery guarantees is being finalized and will be published here shortly.
In the meantime, here's what we can share:
- Throughput tiers are managed by Meta and scale automatically based on your phone number's quality rating: Tier 1 (1,000 contacts/day), Tier 2 (10,000), Tier 3 (100,000), and Tier 4 (unlimited).
- Template messaging follows Meta's business policy — all templates must be pre-approved before sending.
- Session messaging is only allowed within 24 hours of the last inbound message from the user.
For current limit specifics or to request early access, please contact our team — we're happy to walk you through the details.
API Limits — Frequently Asked Questions
What happens when I hit the rate limit?
You receive a 429 (Too Many Requests) HTTP response. The response includes a Retry-After header indicating the number of seconds to wait before retrying. Implement exponential backoff in your integration to handle this gracefully. For broadcast operations, our engine manages Meta's throughput limits automatically on your behalf.
Why is there a limit of 3 OTPs per number per 5 minutes?
This limit exists to protect against SMS pumping fraud — a scheme where bad actors use automated bots to flood phone numbers with OTP requests, generating fake carrier revenue at your expense. Without this limit, a single API key could cost you thousands of dollars in fraudulent charges overnight. The 3 OTP / 5 minute window is aligned with industry best practices and covers legitimate retry scenarios (initial send + 2 user retries) without enabling abuse.
Can I request higher SMS API limits for my account?
Yes. If your verified use case justifies higher throughput — for example, bulk OTP dispatch for enterprise-scale user onboarding — contact our support team with your use case details, expected volume, and account information. Custom limits are available on Enterprise plans.
When will WhatsApp API rate limits be published?
Our WhatsApp API is actively in development. We are finalizing the technical specifications and comprehensive documentation for all endpoints. Detailed limits — including per-endpoint rate limits, conversation throughput tiers, and webhook delivery SLAs — will be published here as soon as the API reaches general availability. Contact us if you need current details or wish to join our early access program.
What is an idempotency key and why should I use it?
An idempotency key is a unique identifier you pass with each API request (via the X-Idempotency-Key header). If your network request fails and you retry, our API will recognize the same key and return the original response instead of sending a duplicate SMS. This prevents users from receiving multiple OTPs due to network timeouts, and protects you from being billed twice for the same message. We recommend using a combination of your userId and a timestamp as the key.
Need Higher Limits or Early WhatsApp Access?
Our team can walk you through current capabilities, custom limit arrangements, and WhatsApp API early access.