Rate Limits
The API enforces rate limits at two levels: per IP address (all requests) and per API key (authenticated requests). Both use a sliding window counter backed by Redis.
IP-based rate limiting
Every request is rate-limited by source IP, regardless of authentication.
| Scope | Limit |
|---|---|
| Per minute | 600 requests |
| Per day | 15,000 requests |
These limits apply per IP address. If multiple API keys share the same IP (e.g. corporate NAT), they share this budget.
API key rate limiting
Authenticated requests are additionally rate-limited per API key. These limits are configured per key and depend on your plan.
| Scope | Default | Description |
|---|---|---|
| Per minute | 60 requests | Sliding 60-second window |
| Per month | 3,000 requests | Resets monthly |
| Unique IPs | 20 | Maximum distinct IP addresses per key per month |
Your actual limits may differ from the defaults above depending on your plan.
Response headers
Every response includes rate limit headers so you can track your usage:
| Header | Description |
|---|---|
X-RateLimit-Limit |
Total requests allowed for the period |
X-RateLimit-Remaining |
Requests remaining in the period |
X-RateLimit-Reset |
Seconds until the period counter resets |
X-RateLimit-Limit-Minute |
Requests allowed per minute |
X-RateLimit-Remaining-Minute |
Requests remaining in the current minute |
X-RateLimit-Limit-IP |
Maximum unique IPs allowed for the key |
X-RateLimit-Remaining-IP |
Unique IPs remaining |
Error responses
When a rate limit is exceeded, the API returns 429 Too Many Requests with a JSON body:
{
"error": "rate_limit_exceeded",
"message": "Too many requests per minute. Check X-RateLimit-Limit-Minute and X-RateLimit-Remaining-Minute headers.",
"retry_after_seconds": 60
}
The Retry-After header is also set, indicating how many seconds to wait before retrying.
Possible rate limit errors
| Cause | Message hint | Retry after |
|---|---|---|
| Per-minute limit exceeded | Too many requests per minute |
60 seconds |
| Monthly limit exceeded | Monthly request limit exceeded |
Seconds until period reset |
| Too many unique IPs | Too many requests from different IP addresses |
Seconds until period reset |
Best practices
Monitor X-RateLimit-Remaining and X-RateLimit-Remaining-Minute headers to proactively throttle before hitting limits.
- Use exponential backoff — when you receive a
429, wait for theRetry-Afterduration before retrying. - Consolidate IPs — if you run distributed workers, be aware of the unique IP limit per key.
- Use POST multi-search — combine multiple queries into a single request where possible.