Rate limits & quotas¶
Hosted API quotas¶
| Tier | Solve quota | Access path |
|---|---|---|
| Anonymous playground | Small private-beta quota | Call the endpoint directly |
| Evaluation key issuance | Limited to protect the beta service | POST /api/v1/request-key |
| Evaluation key | Larger private-beta evaluation window | Issue via POST /api/v1/request-key |
| Starter | Request-based beta terms | Provisioned hosted access |
| Pro | Request-based beta terms | Provisioned hosted access |
| Scale | Request-based beta terms | Provisioned hosted access |
Exact numbers are intentionally not published while the service is pre-production. The hosted API still enforces quotas and returns a structured 429 response when a period is exhausted.
Checking keyed usage¶
For evaluation and paid hosted keys, call GET /api/v1/usage as documented in Authentication.
What happens when you exceed the limit¶
Hosted quota exhaustion returns HTTP 429 with a JSON error envelope:
{
"ok": false,
"contractVersion": "v1",
"error": {
"code": "rate_limit_exceeded",
"message": "Current plan quota has been exhausted for this period",
"plan": "free",
"limitKind": "daily",
"limit": "private-beta-limit",
"period": "2026-04-30"
}
}The body tells you which period was exhausted. The public contract does not currently publish a Retry-After header.
POST /api/v1/request-key has a separate issuance quota for new keys. Reusing an already issued email remains idempotent and does not consume this issuance quota.
Client identity behind proxies¶
The HTTP runtime uses the direct socket address by default and ignores CF-Connecting-IP / X-Forwarded-For unless it is started with --trust-proxy-headers. Hosted deployments that sit behind Cloudflare or another controlled reverse proxy enable that flag explicitly.
Dedicated deployments¶
The quotas on this page describe the hosted service only. Dedicated deployments are provisioned separately and can apply a deployment-specific access policy.