Skip to main content
Quick Reference for AI Agents & Developers
  • Core Operations (login, create/delete user, create/join group): 10,000 requests/min cumulative
  • Standard Operations (all other): 20,000 requests/min cumulative
  • Rate-limited responses return HTTP 429 with Retry-After and X-Rate-Limit-Reset headers
  • Monitor usage via X-Rate-Limit and X-Rate-Limit-Remaining response headers

CometChat REST API Rate Limits

The rate limits below are for general applications. Rate limits can be adjusted on a per need basis, depending on your use-case and plan. The rate limits are cumulative. For example: If the rate limit for core operations is 100 requests per minute, then you can either login a user, add user to a group, remove a user from a group, etc for total 100 requests per minute.
  1. Core Operations: Core operations are rate limited to 10,000 requests per minute. Core operations include user login, create/delete user, create/join group cumulatively.
  2. Standard Operations: Standard operations are rate limited to 20,000 requests per minute. Standard operations include all other operations cumulatively.

What happens when rate limit is reached ?

The request isn’t processed and a response is sent containing a 429 response code. Along with the response code there will be couple of headers sent which specifies the time in seconds that you must wait before you can try request again. Retry-After: 15 X-Rate-Limit-Reset: 1625143246

Is there any endpoint that returns rate limit of all resources ?

No, we don’t provide a rate-limit endpoint. However, we do provide the following response headers that you can use to confirm the app’s current rate limit and monitor the number of requests remaining in the current minute: X-Rate-Limit: 700 X-Rate-Limit-Remaining: 699

Handling Rate-Limited Responses

When your application receives a 429 response, you should wait before retrying. Here’s a recommended approach using exponential backoff: 
async function callWithRetry(apiCall, maxRetries = 3) {
  for (let attempt = 0; attempt < maxRetries; attempt++) {
    try {
      return await apiCall();
    } catch (error) {
      if (error.code === "ERR_TOO_MANY_REQUESTS" && attempt < maxRetries - 1) {
        const waitTime = Math.pow(2, attempt) * 1000; // 1s, 2s, 4s
        console.log(`Rate limited. Retrying in ${waitTime / 1000}s...`);
        await new Promise((resolve) => setTimeout(resolve, waitTime));
      } else {
        throw error;
      }
    }
  }
}

// Usage
const users = await callWithRetry(() =>
  new CometChat.UsersRequestBuilder().setLimit(30).build().fetchNext()
);

Best Practices

If you need to perform many operations (e.g., sending messages to multiple users), space them out over time rather than firing them all at once. Use a queue or throttle mechanism to stay within the per-minute limits.
Check the X-Rate-Limit-Remaining header in REST API responses to proactively slow down before hitting the limit. This is more efficient than waiting for 429 errors.
Core operations (login, create/delete user, create/join group) share a lower cumulative limit of 10,000/min. Standard operations have a higher 20,000/min limit. Plan your architecture accordingly — avoid frequent login/logout cycles.

Next Steps

Setup SDK

Install and configure the CometChat JavaScript SDK

Key Concepts

Learn the core concepts behind CometChat