Auth & access
Rate limiting
Per-tier request quotas, burst handling, and the headers your client should respect.
Tiers#
Quotas scale with your plan. Burst limits absorb short spikes (1–2 seconds) before the steady-state limit kicks in.
| Tier | Requests / minute | Burst |
|---|---|---|
| Sandbox | 60 | 100 |
| Starter (0–1,000 policies) | 300 | 500 |
| Growth (1,000–10,000 policies) | 1,000 | 2,000 |
| Enterprise (10,000+ policies) | Custom SLA | Custom |
Response headers#
Every response carries the rate-limit window state.
http
httpX-RateLimit-Limit: 300
X-RateLimit-Remaining: 296
X-RateLimit-Reset: 1717248720When throttled#
At the limit you'll receive 429 Too Many Requests with a Retry-After header. Honour it.
Backoff strategy
Use exponential backoff with jitter. The platform never punishes polite retries; it does throttle tight loops.