Rate Limiting
All API requests are rate-limited using a sliding-window algorithm. Limits are enforced per-tenant for authenticated requests and per-IP for unauthenticated requests.
Limits by tier
| Tier | Writes/min | Reads/min |
|---|---|---|
| Free | 60 | 300 |
| Pro | 300 | 1,500 |
| Enterprise | 1,200 | 6,000 |
Reads are GET, HEAD, and OPTIONS requests. Writes are POST, PUT, PATCH, and DELETE requests. Each bucket is tracked independently.
Response headers
Every API response includes rate limit information:
HTTP/1.1 200 OK
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 297
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed in the current window |
X-RateLimit-Remaining | Requests remaining in the current window |
When rate limited
When you exceed the limit, you'll receive a 429 Too Many Requests response with additional headers:
HTTP/1.1 429 Too Many Requests
Retry-After: 12
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1712234567
Content-Type: application/json
{
"detail": "Rate limit exceeded. Please retry after the indicated period.",
"retry_after": 12
}
| Header | Description |
|---|---|
Retry-After | Seconds until the next request will be accepted |
X-RateLimit-Reset | Unix timestamp when the rate limit resets |
Best practices
Respect Retry-After
When you receive a 429, wait the number of seconds indicated by Retry-After before retrying. Do not retry immediately.
Implement exponential backoff
For automated clients, use exponential backoff with jitter:
import time
import random
def request_with_backoff(make_request, max_retries=5):
for attempt in range(max_retries):
response = make_request()
if response.status_code != 429:
return response
retry_after = int(response.headers.get("Retry-After", 5))
jitter = random.uniform(0, retry_after * 0.1)
time.sleep(retry_after + jitter)
raise Exception("Max retries exceeded")
Batch operations
Use the batch ingestion endpoint (POST /ingest) to send up to 1,000 readings in a single request instead of individual calls.
Monitor your usage
Check X-RateLimit-Remaining headers proactively. If remaining count is low, throttle your client before hitting the limit.
Upgrade your tier
If you consistently need higher limits:
| Tier | Monthly writes | Monthly reads |
|---|---|---|
| Free | ~2.6M | ~13M |
| Pro | ~13M | ~65M |
| Enterprise | ~52M | ~260M |
Login throttling
Login, MFA, and registration endpoints have separate brute-force protection:
| Parameter | Value |
|---|---|
| Window | 10 minutes |
| Max failures | 10 per account/IP |
| Lockout | 15 minutes |
This is separate from the general rate limiter and resets on successful authentication.