Skip to main content
LimitGuard enforces rate limits to ensure fair access and API stability. Limits differ by authentication mode and subscription tier. x402 callers are exempt from request-count limits — cost is the throttle.

Rate Limits by Tier

TierRequests / MinuteRequests / MonthAuth Method
Sandbox10 / min per IPUnlimitedX-LimitGuard-Mode: sandbox or lg_test_ key
x402 (no key)No limitNo limitX-PAYMENT header (pay per call)
Free60 / min500 / molg_live_ API key — free tier
Starter300 / minTBDlg_live_ API key — starter tier
Pro1,000 / minTBDlg_live_ API key — pro tier
EnterpriseCustomCustomlg_live_ API key — contact sales
Monthly quotas reset on the first day of each calendar month (UTC). Minute-level limits use a rolling window, not a fixed clock boundary.

Middleware Execution Order

Rate limiting runs early in the stack — before sandbox bypass and x402 payment verification: 
Request → Logging → Security → Size Limit → Rate Limit → Tenant → Sandbox → x402 → Router
This means a sandbox request that exceeds 10 req/min is rejected at the Rate Limit step, before the sandbox middleware ever runs.

HTTP 429 — Rate Limit Exceeded

When a rate limit is hit, the API returns HTTP 429 Too Many Requests with a Retry-After header and a JSON error body.

Response Headers

HeaderTypeDescription
X-RateLimit-LimitintegerMaximum requests allowed in the current window
X-RateLimit-RemainingintegerRequests remaining in the current window
X-RateLimit-ResetUnix timestampWhen the current window resets (UTC epoch seconds)
Retry-AfterintegerSeconds to wait before retrying

Example: Sandbox Limit Exceeded

HTTP/1.1 429 Too Many Requests
Retry-After: 60
X-RateLimit-Limit: 10
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1708434060
Content-Type: application/json

{
  "error": "Sandbox rate limit exceeded (10 req/min). Use a real API key for higher limits."
}

Example: Free Tier Monthly Quota Exhausted

HTTP/1.1 429 Too Many Requests
Retry-After: 1296000
X-RateLimit-Limit: 500
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1709251200
Content-Type: application/json

{
  "error": "Monthly quota exhausted (500 requests). Quota resets 2026-03-01T00:00:00Z. Upgrade your plan or switch to x402 pay-per-call."
}
Always read the Retry-After header rather than hard-coding a wait time. Monthly quota exhaustion returns a Retry-After value in days, not seconds.

x402 Has No Rate Limits

Callers using the x402 USDC micropayment protocol are not subject to request-count or per-minute rate limits. Each successful payment authorizes exactly one API call — the payment itself acts as the throttle.
If you are building an AI agent that may need to make bursts of requests, x402 is the right choice. You pay per call and are never blocked by quota exhaustion. See the x402 Protocol guide for implementation details.

Cost-Based Throttling vs. Count-Based Throttling

MechanismAPI Key Tiersx402
Per-minute limitYesNo
Monthly quotaYesNo
Cost per callNoYes
Quota exhaustion riskYesNo
Suitable for AI agent burstsNoYes

Best Practices

1. Always Respect Retry-After

Never retry before Retry-After seconds have elapsed. Retrying too early wastes your remaining quota and triggers the same 429 immediately.

2. Implement Exponential Backoff

For transient errors (5xx) use exponential backoff. For 429 specifically, always use the exact Retry-After value — do not apply additional multipliers on top of it.

3. Monitor X-RateLimit-Remaining

Poll X-RateLimit-Remaining on each response to detect approaching limits before they are hit. Shed load or switch to x402 before reaching zero.

4. Never Load Test Production

Use sandbox mode (X-LimitGuard-Mode: sandbox) for load testing. The 10 req/min sandbox limit exists to prevent accidental load on real data sources.

Code Examples: Handling 429 with Retry Logic

#!/usr/bin/env bash
# Retry with Retry-After backoff — handles both rate limit types

API_KEY="lg_live_xxxxxxxxxxxxxxxxxxxx"
MAX_ATTEMPTS=5

attempt=1
while [ $attempt -le $MAX_ATTEMPTS ]; do
  response=$(curl -s -w "\n%{http_code}" -X POST https://api.limitguard.ai/v1/entity/check \
    -H "X-API-Key: $API_KEY" \
    -H "Content-Type: application/json" \
    -d '{"entity_name": "Acme Corp BV", "country": "NL"}')

  http_code=$(echo "$response" | tail -n1)
  body=$(echo "$response" | head -n-1)

  if [ "$http_code" -eq 200 ]; then
    echo "$body"
    exit 0
  elif [ "$http_code" -eq 429 ]; then
    retry_after=$(curl -s -I -X POST https://api.limitguard.ai/v1/entity/check \
      -H "X-API-Key: $API_KEY" \
      -H "Content-Type: application/json" \
      -d '{"entity_name": "Acme Corp BV", "country": "NL"}' \
      | grep -i "retry-after" | awk '{print $2}' | tr -d '\r')
    retry_after=${retry_after:-60}
    echo "Rate limited. Waiting ${retry_after}s before retry ${attempt}/${MAX_ATTEMPTS}..." >&2
    sleep "$retry_after"
  else
    echo "Error $http_code: $body" >&2
    exit 1
  fi

  attempt=$((attempt + 1))
done

echo "Exhausted $MAX_ATTEMPTS attempts." >&2
exit 1

Upgrading Your Tier

If you are consistently hitting rate limits on a subscription key, you have two options:

Upgrade Your Plan

Move from Free to Starter, Pro, or Enterprise for higher per-minute and monthly limits.

Switch to x402

Pay per call with USDC. No quotas, no monthly limits — scales to any volume instantly.
To create or upgrade a key: 
curl -X POST https://api.limitguard.ai/v1/keys/create \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "tier": "pro"}'
Available tiers: free, starter, pro, enterprise.