Rate limits

The Brex API employs rate limits as a safeguard against abuse and to ensure API stability. Per Client ID and Brex account, we allow:

• Up to 1,000 requests in 60 seconds.
• Up to 1,000 transfers in 24 hours.
• Up to 100 international wires in 24 hours.
• Up to 5,000 cards created in 24 hours.

Exceeding a rate limit will result in an HTTP 429 (too many requests) response. Rate limits may be reduced further to prevent abuse or ensure system reliability. Brex may reduce limits to prevent abuse or ensure system reliability. If you require higher rate limits for a high volume application, please contact support.

Handling rate limits gracefully

If you encounter rate limits, there may be a workaround depending on your circumstance.

If your rate limiting is due to frequent polling of certain endpoints, you may be able to leverage webhooks to instead receive real time notifications of important events. If we do not yet support a webhook that you require, let us know.

If webhooks are not a viable option to reduce call volume, you can watch for 429 status codes and implement a retry mechanism. We recommend using an exponential backoff schedule with some randomness to avoid the thundering herd problem.

Another option is to throttle traffic to Brex more broadly per Client ID rather than for individual requests. A token bucket algorithm implemented per Client ID and optionally also against a specific type of rate limit (as listed at the top of this page) may help you mitigate or avoid the effect of rate limits on your application.