Skip to main content
Relay enforces rate limits to ensure platform reliability and fair usage across integrators. Default limits apply to all requests. Higher limits are available via API keys.

Default Rate Limits (No API Key)

The following limits apply when no API key is provided:
EndpointLimit
/quote50 requests per minute
/requests200 requests per minute
/transactions/status200 requests per minute
Other endpoints200 requests per minute

API Key Rate Limits

When using an API key, limits increase and are applied per key:
EndpointLimit
/quote10 requests per second
/requests10 requests per second
/transactions/status10 requests per second
Other endpoints200 requests per minute
API keys are recommended for server-side production integrations and higher-throughput use cases.

How to Request an API Key

Requirements:
  1. Must have Relay integrated in a public app.
  2. Must have enough activity to hit default API rate limits.
To request an API key (once requirements are met):
  1. Fill out the API key request form.
  2. The Relay team will review within 72 hours.
  3. If approved, we will email your unique API key.

How to Use an API Key

HTTP Requests

Pass the API key in the request headers: 
x-api-key: YOUR_API_KEY
This header should be included on all requests where higher rate limits are required.

SDK Usage

// It is recommended to only set the apiKey parameter when using the SDK server-side.
import {
  createClient,
  MAINNET_RELAY_API,
} from "@relayprotocol/relay-sdk";

createClient({
  baseApiUrl: MAINNET_RELAY_API,
  apiKey: "YOUR_API_KEY",
  ...
  //other parameters
});

Proxy API

If using the sdk on the client, create a proxy api which appends the key in the headers and then pass that endpoint into the baseApiUrl parameter. This prevents your key from being leaked while allowing you to set up the necessary protection in your proxy api. 
import {
  createClient,
  MAINNET_RELAY_API,
} from "@relayprotocol/relay-sdk";

createClient({
  baseApiUrl: "https://my-proxy.relay.link", //Replace with your proxy endpoint
  ...
  //other parameters
});

Keeping Your API Key Secure

Your API key is sensitive — treat it like a password. It is tied to your account, controls your rate limits, and all requests made with it are attributed to you.
If your API key is leaked, unauthorized parties could consume your rate limits or make requests on your behalf. Contact us immediately if you suspect your key has been compromised and we will rotate it for you.
Best practices:
  • Keep it server-side only — never expose it in client-side or frontend code. Use a proxy API if calling Relay from the browser.
  • Use environment variables — store your key in environment variables, not hardcoded in source code.
  • Don’t commit it to version control — add it to .gitignore or use a secrets manager.
  • Restrict access — only share the key with team members who need it.