Rate Limits

The UpHunt API enforces per-key rate limits to protect Upwork integrity and keep the platform responsive for everyone.

Limits by endpoint

Endpoint	Limit	Notes
`POST /apply`	60/min, 1,000/day	One credit burned only on success.
`GET /status`	300/min	Poll freely — cheap and idempotent.
`GET /applied-jobs`	60/min	Cache results on your side where possible.
`POST /generate-proposal`	30/min, 500/day	High reasoning effort counts the same.
`GET /external/freelancers`	30/min	Cache for at least 5 minutes.
`GET /api/jobs/by-ciphertext`	60/min	Authenticated read; no credit cost. Cache results.
`GET /api/clients/:companyId/jobs`	60/min	Authenticated read; no credit cost. Cache results.

Limits are per API key. If you run multiple environments (staging / production), generate a separate key per environment so their quotas don't share.

The old /api/v1/* Bearer ("Data API") key system and its shared 10,000/billing-period quota have been retired. The data reads now use your x-api-key and aren't separately metered against a monthly quota. The /api/v1/* and /api/v2/* paths still resolve — they forward to the unversioned /api/* endpoints.

Response headers

Every response includes three headers you can use to pace yourself:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 47
X-RateLimit-Reset: 1732204800

X-RateLimit-Limit — the ceiling for the current window.
X-RateLimit-Remaining — requests left in the window.
X-RateLimit-Reset — Unix seconds when the window rolls over.

When you hit 0 remaining, subsequent requests return 429 with a Retry-After header (seconds).

Handling 429

Blindly retrying on 429 will keep you rate-limited. Always respect Retry-After or back off exponentially with jitter.

Node.js — token-bucket-lite

let tokens = 60
let nextRefill = Date.now() + 60_000
 
async function apply(body: unknown) {
  if (tokens <= 0) {
    await new Promise(r => setTimeout(r, Math.max(nextRefill - Date.now(), 0)))
    tokens = 60
    nextRefill = Date.now() + 60_000
  }
  tokens--
 
  const res = await fetch('https://uphunt.io/api/auto-apply-v2/apply', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json', 'x-api-key': process.env.UPHUNT_API_KEY! },
    body: JSON.stringify(body),
  })
 
  if (res.status === 429) {
    const retryAfter = Number(res.headers.get('retry-after')) || 30
    await new Promise(r => setTimeout(r, retryAfter * 1000))
    return apply(body)
  }
 
  return res.json()
}

Requesting higher limits

Shipping high-volume agency traffic? Contact support from the Dashboard — we can raise limits on a case-by-case basis for verified accounts.

Limits by endpoint

Response headers

Handling 429

Requesting higher limits

On this page