Rate limits
Sliding-window RPM per key, `X-RateLimit-*` headers, and what to do at 429.
Every key has a requests-per-minute limit. The gateway enforces it with a Redis sliding window, so short bursts spread across a 60-second window pass — only sustained over-the-limit traffic gets blocked.
Defaults
| Plan | RPM per key | Burst tolerance |
|---|---|---|
| Beta (free) | 60 | Sliding 60s window |
| Pro (coming) | 600 | Sliding 60s window |
| Enterprise | negotiated | Per-deployment |
A key's limit can be raised on request — email hello@clevermation.com with your expected traffic shape.
Response headers
Every response carries four headers so you can back off before hitting
429:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 12
X-RateLimit-Reset: 47
X-RateLimit-Enforced: true| Header | Meaning |
|---|---|
X-RateLimit-Limit | The current cap for this key (RPM) |
X-RateLimit-Remaining | Requests left in the current sliding window |
X-RateLimit-Reset | Seconds until the oldest request in the window ages out |
X-RateLimit-Enforced | false if Redis was unreachable (fail-open) |
At 429
{
"error": {
"message": "Rate limit exceeded (60 RPM)",
"type": "rate_limit_exceeded",
"code": "rate_limit_exceeded"
}
}The response also carries Retry-After: <seconds>. The
@cleverrouter/sdk retries 429 automatically with exponential
backoff and honours the Retry-After header — see Retry &
timeout.
How the sliding window works
Each request stores its timestamp in a Redis sorted set keyed on
<apiKeyId>. On every request, the gateway:
- Adds the new timestamp.
- Removes timestamps older than 60s.
- Counts remaining entries.
- Allows or denies based on the count vs the key's
rateLimitRpm.
That means traffic spread out over 60 seconds is fine; 60 requests all at once is allowed but the 61st in the same window is blocked.
Fail-open behaviour
When Redis is down
If the gateway can't reach Redis, it returns
X-RateLimit-Enforced: false and lets the request through. That's
a deliberate trade-off: a few minutes of over-permissive traffic is
preferable to a global outage on every customer because our cache
layer hiccuped. Watch the header in your client and back off
voluntarily when you see it.
What does not count
GET /v1/models— model registry reads are free.- Failed authentications (
401) — they fail before the rate limiter. 404 model_not_found— same.
That makes the model-list endpoint safe to poll from a UI without eating into your call budget.
Related
- Errors — every
4xxand5xxthe gateway returns. - Retry & timeout — how the SDK
handles
429automatically. - Pricing — Beta vs Pro vs Enterprise.