Rate Limits
Rate limits are like speed limits on the road. They prevent any one user from making too many requests too quickly, which could slow down the service for everyone. covosign allows a certain number of requests per minute, and if you go over, you have to wait. It's to keep things fair and fast for all users.
To ensure fair usage and stability, covosign implements rate limiting per API key and environment. Limits are enforced using a Redis-based sliding window mechanism to ensure consistent performance.
Rate limiting is implemented using a Redis-based sliding window. Each API request increments a counter (INCR operation) associated with your API key for the current minute. If the counter exceeds the limit, further requests are blocked until the next window begins.
Limits by Environment
Production
- 100 req/min Per API Key
- Prefix:
csk_live_*
Sandbox
- 100 req/min Per API Key (configurable via
SANDBOX_RATE_LIMIT) - Prefix:
csk_sandbox_*
Quota Validation: Quotas are strictly enforced during key creation. You will receive a specific error message if you attempt to create more keys than your plan allows.
Response Headers
Every API response includes headers to help you monitor your current usage.
Monitor these headers to adjust client throughput. Use backoff or queuing when remaining capacity is low.
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed per minute window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Rate Limit Exceeded
If you exceed the rate limit, the API will return a 429 status code. The response will include a Retry-After header indicating how many seconds to wait.
Best Practice: Implement exponential backoff, honor
Retry-After, and spread bursts to stay within limits.
429 Too Many Requests
Response includes a Retry-After header indicating seconds to wait before retrying.