Understanding Zoho CRM API Limits

Zoho CRM enforces API limits based on the purchased user licenses and add-on credits, and this is to ensure availability to all users and prevent abuse of its APIs. The following limits are applicable to Zoho CRM REST APIs.

• API Credits Limits: Each edition (Free, Standard, Professional, etc.) comes with a set number of API credits per rolling 24-hour window. For example, Enterprise/Zoho One offers a baseline of 50,000 plus 1,000 per user license, with a cap up to 5,000,000 credits including add-one credits. You can refer to our help documentation on API limits for more details.
• Concurrency Limits: Concurrency is the number of parallel API calls that are active at one time instance. Apps are capped at concurrent requests based on CRM edition: Free (5), Standard (10), Professional (15), Enterprise (20), Ultimate (25).
• Sub-Concurrency Limits: Some resource-intensive APIs have their own concurrency limits (typically 10 concurrent requests): bulk updates, queries, lead conversion, mail, etc. Exceeding these returns a TOO_MANY_REQUESTS error.
• Limits per Call: Different APIs have specific limits for the number of resources that can be inserted/updated. For example for insert, update, or upsert records, you can pass up to 100 records in one API call. Refer to the individual help documentation for any such limits.
  

Tips:

• Monitor Usage: Use Zoho’s dashboard to track API credits in real time. Set alerts if you are approaching limits. Alternatively, keep an eye on the header X-API-CREDITS-REMAINING which denotes the remaining credits that will be present in the response when your API usage exceeds 50 percent or the daily available credit limit. Also, you can customize your usage notification to receive an email alert.
• Batch Operations: Prefer bulk inserts/updates (up to 100 records/call) to reduce wasteful requests. Use composite APIs when multiple APIs need to be executed. 
• Space Out Calls: When integrating, use logical intervals and avoid call bursts to prevent concurrency /subconcurrency limit getting applied. We have covered this in more detail in our previous Kaizen post : How to effectively handle API calls to optimize API credits?
  

Limits in Zoho CRM GraphQL APIs

Like our REST APIs, our GraphQL API calls also consume credits based on the type and number of resources queried. Maximum allowed credits per call is 10 credits.

Complexity for each query is calculated based on the type and number of resources requested, and maximum allowed complexity is 1,000 per query. 

Depth refers to the number of nesting layers of a field. Depth up to seven for metadata and three for records is allowed.

You can refer to our GraphQL API documentation on Credits, Complexity, and Depth for more details.

Handling Errors

 Zoho CRM REST APIs return 200 status codes for every successful API call. Each API error has these sections:

• Status Code 
• Error Code 
• Message 

Different sections of an error response

Here "resource_path_index": 0 in the response indicates which segment of the URL path contains the error, counting after the API version.

Common Errors

• 400 Bad Request:  
• INVALID_MODULE
• Cause: Incorrect module name (e.g., "Lead" vs "Leads").
• Fix: Use exact API names from Setup > Developer Space > APIs.
  
• INVALID_DATA
• Cause: Malformed JSON/wrong data type.
• Fix: Validate field formats.
• DUPLICATE_DATA
• Cause: Unique field value exists elsewhere.
• Fix: Disable "Do not allow duplicates" or change value.
• MANDATORY_NOT_FOUND
• Cause: Missing required field (e.g., Last_Name in Contacts while trying to insert a new record in Contacts module).
• Fix: Include all mandatory fields in the request.
•  401 Unauthorized: 
• AUTHENTICATION_FAILED
• Cause: Wrong domain URL .
• Fix: Use the correct domain-specific URL.
• INVALID_TOKEN:
• Cause: Expired OAuth token is used for making API call.
• Fix: Refresh access token using the refresh token.
• 403 Forbidden: 
• NO_PERMISSION
• Cause: User lacks permission for the resource.
• Fix: Obtain necessary permission to access the resource.
•  404 Not Found: 
• INVALID_URL_PATTERN
• Cause: URL syntax error.
• Fix: Verify endpoint structure in API docs.
•  429 Too Many Requests: 
• TOO_MANY_REQUESTS
• Cause: Number of API requests for the 24 hour period is exceeded or the concurrency/sub-concurrency limit of the user for the app is exceeded.
• Fix: Make calls in accordance with the limits.
• 207 Multi-Status: 
• In some cases when the API is partially successful, 207 status code is returned.
  

Tips

• Mandatory Fields: Provide all mandatory fields in the response body.
• OAuth Issues: Ensure correct scopes.
• Inspect Every Response Body: Parse responses even if the HTTP status code returned is 2XX. 
• Validate Data Before Calling: Ensure your request matches the expected format. Clean data before submission to prevent 400-range errors (e.g., MANDATORY_NOT_FOUND, DUPLICATE_DATA).
• Token Issues: Respond to INVALID_TOKEN with a token refresh workflow.

Error Status Code in GraphQL APIs 

Zoho CRM GraphQL APIs return errors in 200 and 400 status codes depending on error type. 200 HTTP status codes are returned in two cases. 

(a) Issue in the input when validated against the schema .

(b) Runtime errors due to credits, depth, and so on.

Refer to the Status Codes and Responses page in GraphQL for more information.

We hope you found this post useful. We will be back next week to answer another query we received.

Let us know if you have any questions in the comments or drop us an email at support@zohocrm.com.

Previous Kaizen : Answering Your Questions | Testing and Using REST APIs in Widgets| Kaizen Directory: Home