Todoist · Rate Limits
Todoist Rate Limits
Todoist's developer documentation acknowledges rate limits exist and references a "Request limits" section, but exact per-second/per-minute thresholds are not exposed in the public reference. The OAuth dynamic client registration and metadata document endpoints are explicitly described as rate limited per caller. The API returns standard 429/500/503 status codes. Per-account/per-token limits apply; consult the live docs or response headers for the authoritative numbers.
3 Limits
Throttle: 429
ProductivityTasksTask ManagementCollaborationRate Limiting
Limits
Sync & REST API request limits account
see https://developer.todoist.com/api/v1 (Request limits section)
Documentation references a Request Limits section; exact RPS/RPM values not published in the public OpenAPI reference. Limits scope to the authenticated user/account.
OAuth dynamic client registration caller
rate limited per caller
/oauth/register rejects too many registrations in a short period; retry later.
OAuth client metadata document fetch caller
rate limited per caller
Too many metadata document fetches in a short period are rejected.
Policies
Standard 429 Handling
A 429 Too Many Requests response indicates the user has sent too many requests in a given amount of time; clients should back off before retrying.
Refresh Token Rotation
Refresh tokens are rotated on every successful refresh, with a 60-second grace window to distinguish legitimate retries from replay attempts.
Consult Response Headers
Because exact thresholds are not published, applications should observe rate-limit headers on responses and treat any 429 as authoritative for their account.