Rate limits
The API enforces two layers of throttling:
1. Per-minute rate limit
Section titled “1. Per-minute rate limit”A sliding window per API key. Anonymous requests fall back to a per-IP bucket.
| Tier | Requests / minute |
|---|---|
| free | 30 |
| pro | 600 |
| enterprise | 6 000 |
| anonymous | 30 |
Exceeding triggers 429 RATE_LIMITED:
{ "code": "RATE_LIMITED", "message": "Too many requests. Slow down or upgrade your plan."}The Retry-After header advertises the suggested wait. Backoff and retry.
2. Monthly quota (on-chain attestations)
Section titled “2. Monthly quota (on-chain attestations)”Counted per item, including each item in a batch. Resets at the first day of each calendar month UTC.
| Tier | On-chain / month | Off-chain / month |
|---|---|---|
| free | 20 | unlimited |
| pro | 2 000 | unlimited |
| enterprise | unlimited | unlimited |
Exceeding returns 429 QUOTA_EXCEEDED with the reset timestamp. See Authentication.
Off-chain is the high-volume escape hatch
Section titled “Off-chain is the high-volume escape hatch”If you’re sending hundreds of attestations per minute, switch to mode: "offchain". The signed envelope is unmetered at every tier, costs zero gas, and can be brought on-chain selectively later. See SDK → Off-chain.
Anti-abuse
Section titled “Anti-abuse”- Failed authentications count against the per-IP anonymous bucket: a wrong-key flood is rate-limited just like an anonymous one.
- Monthly quotas count attempted on-chain operations regardless of whether the chain accepted them. A batch that reverts costs you the items it was going to attest. Validate carefully before batching.