Get startedRate limits

Rate limits

Sliding-window RPM per key, `X-RateLimit-*` headers, and what to do at 429.

Every key has a requests-per-minute limit. The gateway enforces it with a Redis sliding window, so short bursts spread across a 60-second window pass — only sustained over-the-limit traffic gets blocked.

Defaults

PlanRPM per keyBurst tolerance
Beta (free)60Sliding 60s window
Pro (coming)600Sliding 60s window
EnterprisenegotiatedPer-deployment

A key's limit can be raised on request — email hello@clevermation.com with your expected traffic shape.

Response headers

Every response carries four headers so you can back off before hitting 429:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 12
X-RateLimit-Reset: 47
X-RateLimit-Enforced: true
HeaderMeaning
X-RateLimit-LimitThe current cap for this key (RPM)
X-RateLimit-RemainingRequests left in the current sliding window
X-RateLimit-ResetSeconds until the oldest request in the window ages out
X-RateLimit-Enforcedfalse if Redis was unreachable (fail-open)

At 429

{
  "error": {
    "message": "Rate limit exceeded (60 RPM)",
    "type": "rate_limit_exceeded",
    "code": "rate_limit_exceeded"
  }
}

The response also carries Retry-After: <seconds>. The @cleverrouter/sdk retries 429 automatically with exponential backoff and honours the Retry-After header — see Retry & timeout.

How the sliding window works

Each request stores its timestamp in a Redis sorted set keyed on <apiKeyId>. On every request, the gateway:

  1. Adds the new timestamp.
  2. Removes timestamps older than 60s.
  3. Counts remaining entries.
  4. Allows or denies based on the count vs the key's rateLimitRpm.

That means traffic spread out over 60 seconds is fine; 60 requests all at once is allowed but the 61st in the same window is blocked.

Fail-open behaviour

When Redis is down

If the gateway can't reach Redis, it returns X-RateLimit-Enforced: false and lets the request through. That's a deliberate trade-off: a few minutes of over-permissive traffic is preferable to a global outage on every customer because our cache layer hiccuped. Watch the header in your client and back off voluntarily when you see it.

What does not count

  • GET /v1/models — model registry reads are free.
  • Failed authentications (401) — they fail before the rate limiter.
  • 404 model_not_found — same.

That makes the model-list endpoint safe to poll from a UI without eating into your call budget.

  • Errors — every 4xx and 5xx the gateway returns.
  • Retry & timeout — how the SDK handles 429 automatically.
  • Pricing — Beta vs Pro vs Enterprise.