Rate Limits
Understand how Circadify limits sandbox request rates and bounds production volume with the monthly scan quota.
Circadify does not impose a per-developer request-rate limit on production traffic. Instead, two distinct mechanisms govern usage: a best-effort request-rate limit on the sandbox, and a monthly scan quota on production. Which one applies is determined by your API key prefix.
The API does not emit X-RateLimit-* or Retry-After headers. There is no published per-key request-per-hour limit and no auth lockout.
Sandbox rate limit
Sandbox (ck_test_) traffic to POST /sdk/session/start is rate-limited on a best-effort basis to keep the free tier healthy. When the limit is tripped, the API returns 429 Too Many Requests:
{
"error": "RATE_LIMIT_EXCEEDED",
"message": "Rate limit exceeded",
"retryable": true
}jsonThis limit only applies to sandbox keys. It is retryable — back off briefly and try again. No Retry-After header is returned, so use your own exponential backoff.
Production scan quota
Production (ck_live_) scan volume is governed by your plan's monthly scan quota rather than a request-rate limit. Each successful scan counts against the quota. When the quota is exhausted, POST /sdk/session/start returns 429 Too Many Requests:
{
"error": "QUOTA_EXCEEDED",
"message": "Monthly scan quota exceeded",
"retryable": false
}jsonBecause this is not retryable, retrying within the same month will keep returning QUOTA_EXCEEDED. Track your consumption on the Usage page in the developer portal, where your current month's scan count and remaining quota are shown.
Best Practices
- Use a
ck_test_key for development and CI — sandbox scans return simulated vitals, never count against your quota, and are never billed. - Implement backoff — never retry immediately on a 429 response; use exponential backoff for
retryableerrors. - Cache results — once you retrieve session results, store them on your side. Don't poll repeatedly for the same session.
- Monitor your quota — check the Usage page regularly so a busy month doesn't surface as a surprise
QUOTA_EXCEEDED.
Next Steps
- Errors — Full error reference
- Sessions — Session endpoints
- REST API Overview — API basics