Loading...
Loading...
OmegaEngine · API Contract
Sliding-window limits protect the platform and your budget. Every API response reports the current window in x-ratelimit headers, and 429s tell you exactly when to retry.
Every /api/*response carries the standard trio. Successful responses report the platform-wide limiter's window; a 429 from a specific endpoint reports that endpoint's window.
| Header | Meaning |
|---|---|
x-ratelimit-limit | Maximum requests allowed in the current window. |
x-ratelimit-remaining | Requests you have left in the current window. |
x-ratelimit-reset | Unix timestamp (seconds) when the window resets. |
Retry-After | Seconds until you may retry — sent on 429 responses. |
HTTP/1.1 429 Too Many Requests
x-ratelimit-limit: 120
x-ratelimit-remaining: 0
x-ratelimit-reset: 1783520640
retry-after: 42
{ "ok": false, "error": "RATE_LIMITED", "message": "Too many requests. Please slow down.", "retryAfter": 42 }Before any route-specific limit, every API request passes a global edge limiter: 120 requests per minute per IP across all /api/* routes (sliding window, enforced in Redis across all instances). Self-hosted deployments can tune this with OMEGA_GLOBAL_RATE_LIMIT.
Core endpoints add their own windows on top of the platform limit. All windows are 60 seconds, sliding. API-key limits apply per key; IP limits apply per source address.
| Endpoint | Per IP | Per API key |
|---|---|---|
POST /api/authorize | 120 / min | 240 / min |
POST /api/authorize/session/step | 180 / min | 360 / min |
POST /api/v2/judge | 60 / min | 120 / min |
POST /api/gateway | 100 / min | Plan-based — see below |
Other endpoints carry route-specific limits sized to their cost; the headers above always tell you the window you are in. If you need more sustained throughput than a published limit, contact us — raises are handled per deployment, not by silently lifting the shared limits.
The LLM gateway is the one surface with a per-plan rate split. The per-key limit depends on your organization's plan:
| Plan | Gateway requests per API key |
|---|---|
| Free | 60 / min |
| Paid plans (Developer, Pro, Business, Enterprise) | 500 / min |
Rate limits are about instantaneous throughput. Monthly decision quotas and overage pricing are a separate, plan-based entitlement — see Pricing & Limits.
async function callWithBackoff(fn: () => Promise<Response>, maxRetries = 3) {
for (let attempt = 0; attempt <= maxRetries; attempt++) {
const res = await fn();
if (res.status !== 429) return res;
const retryAfter = Number(res.headers.get("retry-after") ?? "1");
await new Promise((r) => setTimeout(r, retryAfter * 1000 * (attempt + 1)));
}
throw new Error("Rate limited after retries");
}Respect Retry-After rather than retrying immediately — the window is sliding, so hammering a 429 keeps you rate-limited longer.