Rate Limits

Understand API request limits, credit usage, and how to handle throttling gracefully.

Current limits

Area	Limit	What it means
API key requests	60 requests / minute and 5,000 requests / day	Default quota for authenticated API keys.
`/api/batch`	Up to 500 emails / request	Submit batches within the per-request email limit.
Anonymous checker	5 checks / day / IP address	Applies to the public checker when no account API key is used.
Verification volume	Available account credits	Credits govern how many verifications can be run.
Bulk CSV uploads	Credits required for every email in the file	Uploads require enough credits for the number of emails being verified.

Request quotas and credits are separate controls. API keys default to 60 requests per minute and 5,000 requests per day. Those quotas control how quickly an authenticated integration can call the API. Account credits control how many verifications can be run.

For high-volume list work, /api/batch accepts up to 500 emails in one request. Bulk CSV uploads are governed by credits rather than by request count: the account must have enough credits for the number of emails in the uploaded file before the verification job can run.

The public anonymous checker is limited to 5 checks per day per IP address. For account balance rules, see Credits & Usage. For large imports, use Bulk Verification; for integration behavior, review Error Handling, Quick Start, and pricing.

Rate limit response

When an API key exceeds its request quota, the API returns a 429 Too Many Requests response. The response includes Retry-After so the client knows how long to wait before retrying.

json

{
  "error": "Too Many Requests",
  "message": "Rate limit exceeded. Please retry after the indicated delay.",
  "status_code": 429,
  "retry_after": 15
}

Retry-After header

The Retry-After response header indicates how many seconds to wait before retrying an API-key request that exceeded quota:

http

HTTP/1.1 429 Too Many Requests
Retry-After: 15
Content-Type: application/json

Handling rate limits in code

Read the header first, wait for the indicated number of seconds, and then retry. If the header is missing, use a conservative fallback delay.

python

import requests, time

def verify_with_retry(email, api_key, max_retries=3):
    for attempt in range(max_retries):
        response = requests.post(
            "https://verimails.com/api/verify/single",
            headers={"Authorization": f"Bearer {api_key}"},
            json={"email": email}
        )

        if response.status_code == 200:
            return response.json()

        if response.status_code == 429:
            retry_after = int(response.headers.get("Retry-After", 15))
            print(f"Rate limited. Waiting {retry_after}s...")
            time.sleep(retry_after)
            continue

        response.raise_for_status()

    raise Exception("Max retries exceeded")

Best practices

Keep authenticated API integrations below 60 requests per minute and 5,000 requests per day unless your account has different limits.
Keep /api/batch payloads at 500 emails or fewer.
Always respect the Retry-After header when an API-key request receives a 429.
Check available credits before starting a large verification run.
Use Bulk Verification for CSV lists and make sure the account has enough credits for the number of emails in the file.