π‘οΈ Access & Rate Limits
The API is available to every Compass account, and it is protected so that heavy or automated abuse cannot degrade it for everyone else.
Who can call the API
Any logged-in account can create a key (Settings > API) and call the free identity endpoint, GET /v1/me. On a free key, data calls return clearly-marked sample data ("sample": true) at 0 credits β synthetic but shaped exactly like live responses, so you can build your integration for free. To receive live data you need credits, which come from a paid plan starting at Starter ($49). See Pricing & Quotas.
Rate limits
Requests are rate limited per key. The limit is 120 requests per minute per key on every plan except Enterprise, which is capped at 5 requests per second. Normal integration traffic stays well inside this. If you exceed it, the API returns 429 Too Many Requests. When that happens:
- Back off and retry. Wait before retrying rather than sending the same burst again.
- Spread your calls. Even out scheduled jobs instead of firing them all at once.
- Cache what you can. Store records you have already pulled instead of re-fetching them.
Bot and abuse protection
In front of the API sit rate limiting, bot detection, and edge protection. These run automatically and are invisible to normal use. They exist to stop scraping and credential abuse, not to get in the way of real integrations. Authenticate with a valid key, stay within your rate limit, and you will not notice them.
Fair use
Free keys receive only synthetic samples, and live pulls are metered in credits, so there is no path to pull the real database for free. Bulk and high-volume needs are served by higher plans and, for the largest cases, by Enterprise terms. See Plans & Pricing.