docs · developer · api
Rate limits
reference
Per-plan request ceilings and the 429 response shape.
VeriCite enforces a per-plan, per-minute request ceiling across the API. When you cross it, the next request returns HTTP 429 with the error code RATE_LIMIT_EXCEEDED until the window resets.
Limits by plan
The ceiling is per minute, counted across all /api/v1 routes for your tenant. Your plan sets the default.
starter60 / min
Default for new tenants.
professional300 / min
Scale plan.
enterprise1000 / min
Contracted limit.
Tenant override wins — If a tenant-level limit is set for your workspace, it takes precedence over the plan default. With no override, the plan ceiling above applies.
The 429 response
Exceeding the ceiling returns HTTP 429 with a stable error code. Back off and retry once the per-minute window rolls over.
429 responsejson
{ "error": "RATE_LIMIT_EXCEEDED"}
Notes & caveats
Per-key rate_limit is ignored — Only the plan ceiling (with a tenant override, if set) is enforced. The per-key rate_limit column is stored but never applied — setting it does not change your effective limit. Plan and tenant are the only knobs that take effect.
Allowed domains are not request-path enforced — If you are auditing per-key controls: per-key allowed_origins and tenant allowed_domains are likewise stored but not enforced on the request path. Do not rely on them to gate API access.
Related
referenceAPI referenceThe shipped HTTP surface — chat, documents, config, webhooks. Auth via X-API-Key.
featureAPI keysCreate and rotate the pk_ and sk_ keys used by the API and widget.
Was this page helpful?