Rate Limiting

Mail.td uses Redis-backed sliding-window limiters at two layers.

Per-IP QPS

Unauthenticated and authenticated free endpoints share a per-IP ceiling:

Scope	Limit
`/api/*` (unauthenticated)	8 req / second per IP
Free plan (authenticated)	4 req / second per user (or per IP if anonymous)
Pro plan (authenticated)	10 req / second per user

Bursts beyond the window return:

{"error": "rate_limit_exceeded"}

HTTP 429 Too Many Requests.

Pro monthly ops quota

Every Pro request (except /api/user/me and billing endpoints) counts against a monthly operations quota. When the quota is exhausted, write endpoints return:

{"error": "quota_exceeded"}

HTTP 429 Too Many Requests. Inbound mail delivery is not affected — your mailboxes keep receiving mail; only the API is gated.

Check your remaining quota at any time:

curl https://api.mail.td/api/user/me \
  -H "Authorization: Bearer <pro-api-token>"

Response includes ops_used and ops_limit fields.

Account creation cap

To prevent abuse, anonymous account creation has a stricter per-IP cap on top of the public QPS limit. If you hit it you'll see rate_limit_exceeded — back off for a minute and retry, or sign in and create mailboxes under a Pro token to remove the cap.

Per-IP QPS​

Pro monthly ops quota​

Account creation cap​

Per-IP QPS

Pro monthly ops quota

Account creation cap