IP-based rate limiting
Every request is rate-limited by source IP, regardless of authentication.| Scope | Limit |
|---|---|
| Per minute | 600 requests |
| Per day | 15,000 requests |
API key rate limiting
Authenticated requests are additionally rate-limited per API key. These limits are configured per key and depend on your plan.| Scope | Default | Description |
|---|---|---|
| Per minute | 60 requests | Sliding 60-second window |
| Per month | 3,000 requests | Resets monthly |
| Unique IPs | 20 | Maximum distinct IP addresses per key per month |
Response headers
Every response includes rate-limit headers so you can track your usage:| Header | Description |
|---|---|
X-RateLimit-Limit | Total requests allowed for the period |
X-RateLimit-Remaining | Requests remaining in the period |
X-RateLimit-Reset | Seconds until the period counter resets |
X-RateLimit-Limit-Minute | Requests allowed per minute |
X-RateLimit-Remaining-Minute | Requests remaining in the current minute |
X-RateLimit-Limit-IP | Maximum unique IPs allowed for the key |
X-RateLimit-Remaining-IP | Unique IPs remaining |
Error responses
When a rate limit is exceeded, the API returns429 Too Many Requests with a JSON body:
Retry-After header is also set, indicating how many seconds to wait before retrying.
Possible rate-limit errors
| Cause | Message hint | Retry after |
|---|---|---|
| Per-minute limit exceeded | Too many requests per minute | 60 seconds |
| Monthly limit exceeded | Monthly request limit exceeded | Seconds until period reset |
| Too many unique IPs | Too many requests from different IP addresses | Seconds until period reset |
Best practices
MonitorX-RateLimit-Remaining and X-RateLimit-Remaining-Minute headers to proactively throttle before hitting limits.
- Use exponential backoff — when you receive a
429, wait for theRetry-Afterduration before retrying. - Consolidate IPs — if you run distributed workers, be aware of the unique IP limit per key.
- Use POST multi-search — combine multiple queries into a single request where possible.