Rate Limits
SandBase enforces rate limits to ensure fair usage and platform stability. Limiting is applied as a 1-minute sliding window using two layers, and a request must pass both to be served:
- Per-key limit — an optional per-minute request cap on an individual API key. When unset, the key is only subject to the global limit.
- Global limit — a platform-wide per-minute request cap.
Limits
| Scope | Requests/min |
|---|---|
| Global default | TBD |
| Per-key override | Configurable (optional) |
Handling 429 Responses
When a limit is exceeded, the API aborts the request with HTTP 429. On the /v1/* API, the body is a flat error object:
{
"error": "API key rate limit exceeded"
}The message is "API key rate limit exceeded" when the per-key limit is hit, or "global rate limit exceeded" when the platform-wide limit is hit.
WARNING
The API does not currently emit Retry-After or X-RateLimit-* headers on 429 responses. Do not rely on these headers — they are not sent. Use client-side backoff instead.
Best Practices
- Implement exponential backoff — on a 429, wait with increasing delays before retrying.
- Batch where possible — combine multiple small requests into fewer larger ones.
- Smooth your request rate — spread bursts across the window rather than firing all at once.
Per-Key Limit
A per-key request cap can be set on an individual key (stored as rate_limit, requests per minute). When set, it is enforced independently of and in addition to the global limit.
INFO
Setting a per-key rate limit is not currently exposed through the public key-management API. Contact support if you need a custom per-key limit configured.