Rate limits
Requests are rate-limited per API key using a 60-second sliding window backed by Upstash Redis.
Per-plan ceilings
| Plan | API access | Req / minute | API keys (max) | Webhooks (max) |
|---|---|---|---|---|
| Free | test keys only | — | 0 | 0 |
| Pulse | test keys only | — | 0 | 0 |
| Intelligence | test keys only | — | 0 | 0 |
| Developer | yes (live) | 600 | 10 | 25 |
| Institutional | yes (live) | 3000 | 100 | 200 |
Test keys (iv_test_…) are capped at 30 req/min regardless of plan.
Response headers
Every /api/v1/* response includes:
http
X-RateLimit-Limit: 600 # ceiling for your key
X-RateLimit-Remaining: 583 # what's left in the current window
X-RateLimit-Reset: 1747260000 # ms timestamp when the window resetsWhen you exceed the limit
You get HTTP 429 with the standard error envelope:
json
{ "error": { "status": 429, "message": "rate limit exceeded" } }Recommended client behaviour: respect X-RateLimit-Reset with exponential backoff. Retry after the window resets.
Self-monitor
Hit the live usage endpoint to see your current consumption:
bash
curl -H "x-api-key: $KEY" \
"https://intelligence-beryl.vercel.app/api/v1/usage?window=24h"IP-based fallback
Requests without a valid key are throttled to 10 req/min per IP, then returned 401. This is a defence-in-depth measure to discourage brute-force key probing.