Rate limits
Two layers, enforced before auth. The partner surface rate-limits in two places, both before the server parses your credentials — so a flood of bad keys can't starve legitimate traffic.
At a glance
| Limit | Value |
|---|---|
| Per-IP | 60 / 60s |
| Default per-key | 100 / min |
Retry-After | 60 s |
Per-IP throttle
60 requests per 60 seconds, across all endpoints, evaluated by source IP. Bursts above
that receive 429 rate-limit-exceeded with Retry-After: 60.
Per-key budget
Configurable when your key is issued — defaults to 100 req/min. Counted against your key's request audit log over the last 60 s. Idempotency replays do not increment.
Respecting limits
- Always honor
Retry-After. The value is always 60. - Add jitter to any backoff loop — clients that retry in lockstep starve each other.
- If you legitimately need more headroom, file a request with expected volume in the Request key form.
Soft signals
The server currently does not emit X-RateLimit-* headers. If you
need client-side visibility, track your request volume in the
dashboard audit viewer.