Rate Limits
Understand and work within Velocity API rate limits.
Limits by Auth Type
Rate limits are applied per authentication credential using a sliding window algorithm:
| Auth Type | Requests/Minute | Notes |
|---|---|---|
| API Key | 300 | Per key |
| OAuth Token | 300 | Per token |
| Session (web) | 100 | Per user session |
| Unauthenticated | 60 | Per IP address |
Rate Limit Headers
Every API response includes rate limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per window |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Exceeding the Limit
When you exceed the rate limit, the API returns a 429 Too Many Requests status with a Retry-After header indicating seconds to wait. Implement exponential backoff in your client:
async function fetchWithRetry(url, options, retries = 3) {
for (let i = 0; i < retries; i++) {
const res = await fetch(url, options);
if (res.status === 429) {
const retryAfter = parseInt(
res.headers.get('Retry-After') || '1'
);
await new Promise(r =>
setTimeout(r, retryAfter * 1000 * (i + 1))
);
continue;
}
return res;
}
throw new Error('Rate limit exceeded after retries');
}Best Practices
- Cache responses when possible to reduce API calls
- Use pagination to fetch data in smaller batches
- Batch related operations where the API supports it
- Monitor the
X-RateLimit-Remainingheader to pace requests - Use webhooks instead of polling for real-time updates
Higher Limits
Enterprise plans include higher rate limits and dedicated support for high-volume integrations. Contact support@velocity.dev for custom limit configurations.