Requests are rate-limited per partner, per endpoint class, per scope, using a token bucket. Read endpoints share a generous budget; mutating endpoints (a later phase) are tighter.
Endpoint classPer secondPer minute
read (all current endpoints)601,000
mutation (later phase)10100
The limiter is checked before authentication, so repeated unauthenticated attempts still consume your budget — a deliberate abuse guard.

Handling 429

When you exceed the budget you get partner_rate_limited with HTTP 429 and a retry_after_seconds hint: 
{
  "error": {
    "code": "partner_rate_limited",
    "message": "rate limit exceeded",
    "retry_after_seconds": 0.42
  }
}
Back off for at least retry_after_seconds and retry the same request (reads are idempotent and carry only the Bearer header, so you can simply resend). Prefer the paginated GET /fleet over polling individual crew where you can — one fleet page covers your whole vessel roster in a single call.