Rate Limits
Details on rate limiting policies for HTTP endpoints and the WebSocket gateway.
Info
All HTTP endpoints are rate limited per IP address to ensure fair usage and prevent abuse.
| Limit Type | Value |
|---|---|
| Requests per second | 10 |
| Burst capacity | 10 |
| Exceeding behavior | HTTP 429 (Too Many Requests) |
Rate Limit Headers
When rate limited, the response includes these headers:
| Header | Description |
|---|---|
Retry-After | Seconds to wait before retrying |
X-RateLimit-Limit | Maximum requests per second |
X-RateLimit-Remaining | Remaining requests (0 when limited) |
X-RateLimit-Reset | Unix timestamp when limit resets |
Example: Rate Limited Response
HTTP/1.1 429 Too Many Requests
Content-Type: application/json
Retry-After: 1
X-RateLimit-Limit: 10
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1703123456
{
"success": false,
"error": {
"code": "RATE_LIMITED",
"message": "Too Many Requests",
"status": 429,
"retryable": true,
"details": null
}
}WebSocket Gateway
Note
The WebSocket gateway does not have explicit rate limits, but requires proper heartbeat timing. Connections that miss heartbeats will be closed.
Implementation Details
- Rate limiting uses a token bucket algorithm.
- Per-IP limiters are cleaned up after 3 minutes of inactivity.
Last updated: