We're adding additional rate limit protection to our Forms Submissions APIs. This new rate limit would only apply after the current standard rate limits are reached.

What's changing?

Form submissions to our authenticated submission endpoint follow our standard rate limits, and submissions to the unauthenticated endpoint have a limit of 50 requests per 10 seconds. We're adding a new form of rate limiting that won't take effect until after these standard limits are already reached.

Once a system hits the standard rate limit, it will get HTTP 429 error responses until the limit resets. If a system continues to make requests after the limit is reached and reaches ten 429 error responses in a single second, the system making the requests will be blocked from making requests for a minute. After a minute, that block will automatically be removed, and the system will be able to make requests again.

This new limit differs from our standard limit in a few ways. First, this new limit is based on IP address and not on the HubId. This should mean that an individual visitor submitting a form from your website that submits the data directly to HubSpot (using AJAX for example) should not be affected by this, but a server processing submission data and sending that to HubSpot could hit this limit if the standard rate limit is not handled correctly.

Second, the error message for this rate limit error differs from the standard 429 response. Instead of the standard 429 JSON response, the response will be content-type: 'text/plain; charset=UTF-8', and the body of the response will be error code: 1015

When is this changing?

This new rate limit will go into effect on August 8th.

Please let us know if you have any questions by joining the discussion in our community.