API - Rate Limiting

All API endpoints are secured with rate limiting as defined by IETF.

Headers

RateLimit-Policy

RateLimit-Policy: "<policy-id>";q=\<quota>;w=\<window>;pk=<partition-key>

• <policy-id>: Identifier for the rate limit policy.

• <quota>: Maximum number of requests allowed in the specified window.

• <window>: Time window in seconds for the quota.

• <partition-key>: Key used to partition rate limits

RateLimit

RateLimit: "<policy-id>";r=\<remaining>;t=\<reset>;pk=<partition-key>

• <policy-id>: Identifier for the rate limit policy.

• <remaining>: Number of requests remaining in the current window.

• <reset>: Time in seconds until the rate limit resets.

• <partition-key>: Key used to partition rate limits

Retry-After

Retry-After: <seconds>

• <seconds>: Time in seconds to wait before making new requests after rate limit is exceeded.

Responses

All responses will include RateLimit-Policy and RateLimit headers. If rate limit is exceeded, the response will also include a Retry-After header and return HTTP status code 429 Too Many Requests. Client must respect the Retry-After duration before making new requests.