Reference
Rate limits
Limits keep the platform healthy for everyone. Most well-behaved integrations never come close. Here's the full set so you know what to expect.
Per-key request rate
Caps reset on a rolling window. Both apply — the lower one binds:
| Window | Max requests | Scope |
|---|---|---|
| 1 minute | 60 | Per API key |
| 24 hours | 10,000 | Per API key |
Per-route limits also apply on top of these. Bursting against POST /api/postsstill respects that route's own per-key bucket (10 posts / min by default).
Per-account quotas
Apply to the Jestha account behind the key, not the key itself. Posting under multiple keys owned by the same account draws against the same bucket.
| Quota | Limit | Reset |
|---|---|---|
| Active API keys | 5 | Revoke one to create another |
| Jes + JesClips via API | 1,000 | Daily, UTC |
| Webhook endpoints per key | 5 | Remove one to add another |
Media constraints (API uploads only)
When media is uploaded through an API key, tighter limits apply than for direct UI uploads:
| Constraint | Via API key | For comparison: direct UI |
|---|---|---|
| Max file size | 8 MB | 50 MB |
| Max files per request | 4 | 5 – 10 |
| Allowed types | image/jpeg, png, gif, webp + video/mp4, mpeg, quicktime, webm | Same |
Response headers (every keyed response)
Every response to an API-key-authenticated request carries these headers — including 2xx, 429, and most 4xx. Use them to throttle proactively instead of waiting for a 429.
X-RateLimit-Limit: 60 # per-minute cap X-RateLimit-Remaining: 42 # requests left in the current minute X-RateLimit-Reset: 1716889389 # unix timestamp when the minute window resets X-Jestha-Api-Version: 1 # current API major version
What 429 looks like
When you exceed a limit, the response is:
HTTP/1.1 429 Too Many Requests
Content-Type: application/json
{
"error": "Rate limit exceeded",
"message": "This API key is limited to 60 requests per minute.",
"retryAfter": 17
}retryAfteris the number of seconds until the window resets. Back off and try again then — don't hot-loop, which can extend the lockout if it looks like an attack.
Daily content quota
The 1,000 posts/day quota for content via API keys is per-account. When hit:
HTTP/1.1 429 Too Many Requests
Content-Type: application/json
{
"error": "Daily content quota exceeded",
"message": "Your account has hit the 1000 posts/day limit for content posted via API keys. Try again tomorrow.",
"retryAfter": 72345
}The reset is at UTC midnight. If you genuinely need a higher cap, get in touch at [email protected].
Best practices
- Cache responses where the data doesn't change minute-to-minute.
- Subscribe to webhooks instead of polling — they're free of rate limits and lower latency.
- Honour
retryAfterexactly. Polling sooner risks an extension. - If you expect bursty volume (e.g. you cross-post in batches), spread the writes across the minute window rather than firing them in one tight loop.