Rate limits and error handling

Refer to our list of error codes, rate limits, and ingestion limits for troubleshooting help.

Rate limits

Rate limits for specific endpoints can be found in the API reference for each endpoint.

All new API endpoints are rate limited on a per-account basis, and used a fixed-window rate limiting algorithm with two distinct windows: burst (short) and steady (long). All API traffic will be subject to these rate limits, and will receive HTTP 429 errors in event either a burst or steady rate limit is reached.

Unless otherwise documented, all API endpoints use one of the following rate limits:

  • S: 3/s burst; 60/m steady
  • M: 10/s burst; 150/m steady
  • L: 75/s burst; 700/m steady
  • XL: 350/s burst; 3500/m steady

All non-rate-limited (i.e. non 429) responses will contain the following HTTP response headers that indicate the state of the steady rate limit window to the client:

  • RateLimit–Limit: The number of requests allowed per time period
  • RateLimit-Remaining: The approximate number of requests remaining within a window
  • RateLimit-Reset: Number of seconds remaining before current window resets

Ingestion limits

Klaviyo's event tracking endpoints use ingestion limits to prevent processing delays and service interruptions to the event ingestion pipeline. If you are using a Klaviyo webhook, custom integration, or API implementation, it is important to be aware of the limits on the events you send into Klaviyo. The table below provides guidance on the maximum sizes for your payload and its fields.

Endpoints with ingestion limits:

  • /api/events
  • /client/events
  • legacy /api/track
Max payload size5 MB decompressed
Max number of event properties per data packet300
Max size of any field100 kB
Max number of items in arrays4000
Max levels of nested objects10
Timestamp of eventsBetween 2000 and “now”+1 year


Our API uses conventional HTTP response codes to indicate success or failure of an API request. Errors typically fall into three ranges:

  • 2xx - Success
  • 4xx - Error as a result of information provided as part of the request, such as a requested object that doesn't exist, an invalid setting, etc.
  • 5xx - Error due to Klaviyo

The response of all API errors contain a message parameter which has developer-facing information about why the request failed.

See the table below for a list of error codes and their corresponding descriptions:

200OKThe request completed successfully
400Bad RequestRequest is missing or has a bad parameter
400Not AuthorizedRequest is missing or has an invalid API key
401Not AuthorizedKey is valid, but account does not have permissions to perform this action
403ForbiddenRequest is missing or has an invalid API key
404Not FoundThe requested resource doesn't exist
429Rate LimitYou hit the rate limit for this endpoint (different endpoints have different rate limits)
500Server ErrorSomething is wrong on Klaviyo's end