Rate limits

When you send an API key (x-api-key), requests are rate-limited per key to ensure fair usage.

Headers

• X-RateLimit-Limit — maximum requests allowed per window (e.g. 100 per minute).
• X-RateLimit-Remaining — requests remaining in the current window.

When you exceed the limit:

• HTTP 429 — Too Many Requests
• Retry-After — seconds until the window resets.

Response body uses the standard error shape with code: "RATE_LIMIT_EXCEEDED".

Configuration

The server sets the limit via RATE_LIMIT_PER_MINUTE (default 100). Only requests that include a valid API key are limited; unauthenticated requests are not counted toward any limit.