DealerMAX Developers
Rate limits
Dealer Public API limits are fair-use controls for
protecting apimax and the shared PostgreSQL data plane. Dealer API
requests require a valid key; requests without a key return
401 Unauthorized and never return dealer data.
Dealer Public API
| Inventory listing/details | 60/minute per API key per endpoint for /dealer/{service}/listing and /dealer/{service}/details. |
|---|---|
| Content hub/search/listing/details | 60/minute per API key per endpoint for /dealer/content/hub, /dealer/content/search, /dealer/content/{content_type}/listing, and /dealer/content/{content_type}/details. |
| Unauthenticated requests | No anonymous data access. Missing or invalid credentials return 401 Unauthorized. Keyless attempts that reach the limiter are keyed by client IP as a protective fallback. |
Headers and 429 behavior
When a limit is exceeded, clients receive 429 Too Many Requests.
Respect the Retry-After header before retrying. Do not build
client throttling logic around RateLimit-Remaining or
X-RateLimit-* headers unless they are explicitly added to the
Dealer Public API contract.
Integration guidance
- Retry only safe
GETrequests. - Cache SSR/BFF responses server-side; use a minimum 60-second TTL for listing and content pages unless freshness requirements are stricter.
- Bulk exports should page slowly and avoid parallel fan-out across dealer endpoints.