Rate Limits
API keys are subject to rate limiting to ensure fair usage and platform stability.
How It Works
Rate limiting uses a sliding window algorithm. Each API key has its own independent limit tracked per minute.
| Setting | Value |
|---|---|
| Default limit | 60 requests/minute |
| Maximum limit | 10,000 requests/minute |
| Window type | Sliding window |
| Scope | Per API key |
The rate limit for each key is set at creation time via the rateLimitRpm parameter.
Rate Limit Headers
Every API response includes rate limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Your rate limit (requests per minute) |
X-RateLimit-Remaining | Remaining requests in current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Example response headers:
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 297
X-RateLimit-Reset: 1716026460
Exceeding the Limit
When you exceed your rate limit, the API returns:
429 Too Many Requests
{
"error": {
"code": "rate_limit_exceeded",
"message": "Rate limit exceeded. Try again in 15 seconds."
}
}
The Retry-After header indicates how many seconds to wait:
Retry-After: 15
Best Practices
- Respect
Retry-After— Implement exponential backoff, but honor theRetry-Afterheader when present - Cache responses — Cache analysis results to avoid redundant requests
- Monitor usage — Track your consumption from the API Keys section in your dashboard
- Request appropriate limits — Set
rateLimitRpmbased on your actual needs when creating keys
JWT Authentication
Requests authenticated with JWT tokens (browser sessions) are not subject to rate limiting. Rate limits only apply to API key requests.