Rate Limits & Usage
To maintain system stability and ensure equitable access to our resources, the API Platform enforces rate limits. These limits are applied on a per-project basis. Detailed limits for specific endpoints can be found in the API Reference.
Rate Limiting Algorithm
The API Platform uses a Fixed Window Counter algorithm with burst protection.
Each endpoint enforces two limits simultaneously:
- Main Window: The total number of requests allowed over a longer time period.
- Burst Window: A stricter, shorter-lived limit that prevents sending all requests in a rapid spike.
Both limits are tracked independently. A request is only allowed if neither limit has been exceeded.
How it works
Let's assume the API GET /v1/example has the following limits:
- Main Window: 10 requests per 60 seconds
- Burst Window: 5 requests per 10 seconds
| Time | Action | Main Counter | Burst Counter | Result |
|---|---|---|---|---|
| 0:00:01 | Request 1 | 1/10 | 1/5 | Allowed |
| 0:00:02 | Request 2 | 2/10 | 2/5 | Allowed |
| 0:00:03 | Request 3 | 3/10 | 3/5 | Allowed |
| 0:00:04 | Request 4 | 4/10 | 4/5 | Allowed |
| 0:00:05 | Request 5 | 5/10 | 5/5 | Allowed |
| 0:00:06 | Request 6 | — | — | 429 — Burst limit reached |
| 0:00:10 | Burst window resets | 5/10 | 0/5 | — |
| 0:00:11 | Request 6 | 6/10 | 1/5 | Allowed |
| ... | Requests 7–10 | 10/10 | 5/5 | Allowed |
| 0:00:20 | Request 11 | — | — | 429 — Main limit reached |
| 0:00:20 | Burst window resets | 10/10 | 0/5 | — |
| 0:00:21 | Request 11 | — | — | 429 — Main limit still reached |
| 0:01:00 | Main window resets | 0/10 | 0/5 | Requests allowed again |
Why burst protection?
Without burst limits, a client could send all 10 requests in the first second and then be blocked for the remaining 59 seconds. Burst protection smooths out traffic by capping how many requests can arrive in a short period, which helps maintain system stability for all users.
Scoping: Project Codes
Rate limits are strictly enforced at the Project Code level. This means your usage in one project does not affect the quota of another.
| Request Made | Project Code | API Endpoint | Result |
|---|---|---|---|
| Request 1 | PRJ152772 | /v1/example | Allowed (1/5 used) |
| Request 2 | PRJ152772 | /v1/example | Allowed (2/5 used) |
| Request 1 | PRJ9999 | /v1/example | Allowed (1/5 used — separate counter) |
Note: If you have multiple services running under different Project Codes, they each maintain their own independent counters.
Frequently Asked Questions
What do I do if I get rate limited?
You must wait until the time window resets. We recommend implementing an exponential backoff retry mechanism in your code to handle 429 status codes gracefully.
Which limit will I hit first?
It depends on your traffic pattern. If you send requests in rapid bursts, you'll hit the burst limit first. If you spread requests evenly but exceed the total, you'll hit the main window limit. Both are enforced simultaneously.