Todoist · Rate Limits

Todoist Rate Limits

Todoist's developer documentation acknowledges rate limits exist and references a "Request limits" section, but exact per-second/per-minute thresholds are not exposed in the public reference. The OAuth dynamic client registration and metadata document endpoints are explicitly described as rate limited per caller. The API returns standard 429/500/503 status codes. Per-account/per-token limits apply; consult the live docs or response headers for the authoritative numbers.

Todoist Rate Limits is the machine-readable rate-limit profile for Todoist on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 3 rate-limit definitions, measuring varies.

The profile also includes 3 backoff/retry policies defined and response codes documented for throttled, serverError, and serviceUnavailable.

Tagged areas include Productivity, Tasks, Task Management, Collaboration, and Rate Limiting.

3 Limits Throttle: 429
ProductivityTasksTask ManagementCollaborationRate Limiting

Limits

Sync & REST API request limits account
varies
see https://developer.todoist.com/api/v1 (Request limits section)
Documentation references a Request Limits section; exact RPS/RPM values not published in the public OpenAPI reference. Limits scope to the authenticated user/account.
OAuth dynamic client registration caller
varies
rate limited per caller
/oauth/register rejects too many registrations in a short period; retry later.
OAuth client metadata document fetch caller
varies
rate limited per caller
Too many metadata document fetches in a short period are rejected.

Policies

Standard 429 Handling
A 429 Too Many Requests response indicates the user has sent too many requests in a given amount of time; clients should back off before retrying.
Refresh Token Rotation
Refresh tokens are rotated on every successful refresh, with a 60-second grace window to distinguish legitimate retries from replay attempts.
Consult Response Headers
Because exact thresholds are not published, applications should observe rate-limit headers on responses and treat any 429 as authoritative for their account.

Sources