Quotas & Limits
This page explains how rate limiting and quota enforcement work for the Safe Infrastructure API.
Authentication
All sustained API usage requires authentication. Include your API key in the Authorization header:
_10curl -X GET "https://api.safe.global/tx-service/eth/api/v2/safes/0x..." \_10 -H "Authorization: Bearer YOUR_API_KEY"
Generate your API key at the developer dashboard ↗ (opens in a new tab). For step-by-step instructions, see API Keys & Authentication.
Unauthenticated access is available for exploration only, with lower limits (2 RPS, 5,000 monthly requests). Authenticated requests receive significantly higher rate limits and quotas.
Why authenticate?
- Higher rate limits: Authenticated requests receive significantly higher RPS allocations than unauthenticated requests.
- Quota tracking: Your usage is tracked per account, enabling clear visibility into consumption.
- Reliability: Authenticated traffic is prioritized and protected from noisy-neighbor effects.
API unit definition
All usage is measured in API units:
1 API unit = 1 HTTP request
Per-plan limits
| Plan | Sustained RPS | Monthly requests |
|---|---|---|
| Unauthenticated | 2 | 5,000 API requests |
| Builder (Free) | 5 | 50,000 API requests |
| Growth (€199/mo) | 15 | 1,000,000 API requests |
| Scale (€499/mo) | 50 | 3,000,000 API requests |
See Pricing & Plans for full plan details.
Enforcement behavior
Quota headers
Every API response includes headers that indicate your current quota status:
_10X-RateLimit-Limit | 50000_10X-RateLimit-Remaining | 49994_10X-RateLimit-Reset | 2591751 (seconds to reset)
- X-RateLimit-Limit: Your total monthly request allowance.
- X-RateLimit-Remaining: How many requests you have left in the current billing cycle.
- X-RateLimit-Reset: Seconds remaining until your quota resets.
These headers allow your application to monitor usage programmatically and take action before hitting limits.
When your monthly quota is reached
When your account reaches 100% of its monthly API unit quota, all subsequent requests are blocked with an HTTP 429 Too Many Requests response and a message indicating "Monthly quota exceeded."
Requests remain blocked until:
- Your billing cycle resets, or
- You upgrade your plan via the developer dashboard (opens in a new tab).
Example 429 response:
_10{_10 "detail": "Monthly quota exceeded."_10}
Account-level enforcement
Enforcement is applied at the account level, not per API key. This means:
- All API keys under a single account share the same quota and RPS allocation.
- Creating multiple API keys does not increase your limits.
- Usage from all keys is aggregated for enforcement purposes.
Anti-circumvention: Creating multiple accounts to circumvent rate limits or quotas violates the Safe Infrastructure terms of service. Accounts engaging in this behavior may be suspended.
Handling rate limit errors
When you receive an HTTP 429 response:
- Wait and retry with exponential back-off.
- Upgrade your plan if you consistently hit limits.
- Monitor your usage via the
X-RateLimit-Remainingresponse header.
Security best practices
- Store keys securely: Use environment variables or a secret manager. Never hard-code API keys.
- Rotate keys periodically: Generate new keys on a regular schedule and revoke old ones.
- Revoke compromised keys immediately: If a key is leaked, revoke it in the dashboard and generate a new one.
- Use separate keys per environment: Maintain different keys for development, staging, and production.