Best practices
Guidance for building integrations that stay fast, predictable, and friendly to the platform. None of this is enforced as a hard limit today — but following it keeps your integration out of the way of throttling and other defensive measures.
- Authentication
- How to send credentials, where to keep them, and when to rotate.
- Traffic shape
- How much load to send, batched vs. fan-out, polling cadences.
- Retries and errors
- Which responses to retry, with what backoff, and how to handle writes safely.
- Schema and versioning
- How to stay compatible as we add fields and version endpoints.
- Identify yourself
- Identifying your integration so we can reach you before throttling becomes necessary.
A note on enforcement
We do not publish specific rate-limit thresholds — limits vary by endpoint and are subject to change. We reserve the right to throttle or block integrations that place undue strain on the platform, but the purpose of this page is to make that outcome unnecessary.
All integrations must include a descriptive User-Agent header on every request. Use a value that clearly identifies your application and, where applicable, your organization — for example, AcmeCRM/2.3 (ops@acme.example). Generic or missing User-Agent strings may be treated as unidentified traffic and throttled or blocked accordingly.
If you are unsure whether your integration is within reasonable bounds, reach out before you ship. We would rather help you get it right early than have to intervene later.