Skip to main content

Rate Limiting

All Torvus Security API endpoints are rate-limited to ensure fair usage and system stability. Rate limits vary by plan and endpoint type.

Rate Limit Headers

Every API response includes rate limit headers:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1696857600
HeaderDescription
X-RateLimit-LimitMaximum requests allowed in current window
X-RateLimit-RemainingRequests remaining in current window
X-RateLimit-ResetUnix timestamp when limit resets

Rate Limits by Plan

PlanRequests/MinuteRequests/HourRequests/Day
Free601,00010,000
Professional30010,000100,000
Business1,00050,000500,000
EnterpriseCustomCustomCustom

Rate Limits by Endpoint Type

Endpoint TypeFreeProfessionalBusiness
Read (GET)60/min300/min1,000/min
Write (POST/PATCH)20/min100/min500/min
Delete10/min50/min200/min
Uploads5/min20/min100/min

Handling Rate Limits

When Rate Limited (429 Response)

{
  "error": {
    "code": "rate_limit_exceeded",
    "message": "Rate limit exceeded",
    "retry_after": 60
  }
}

Recommended Actions:

  1. Wait for retry_after seconds
  2. Implement exponential backoff
  3. Cache responses when possible
  4. Batch requests

Example: Exponential Backoff

async function apiRequest(url, options, retries = 3) {
  try {
    const response = await fetch(url, options);

    if (response.status === 429) {
      const retryAfter = response.headers.get('Retry-After') || 60;

      if (retries > 0) {
        await new Promise(resolve => setTimeout(resolve, retryAfter * 1000));
        return apiRequest(url, options, retries - 1);
      }
    }

    return response;
  } catch (error) {
    throw error;
  }
}

Best Practices

  1. Monitor Headers: Check X-RateLimit-Remaining before making requests
  2. Implement Caching: Cache GET responses for frequently accessed data
  3. Batch Operations: Use bulk endpoints when available
  4. Use Webhooks: Subscribe to webhooks instead of polling
  5. Upgrade Plan: Contact sales for higher limits

Last Updated: October 8, 2025