Rate Limits
The Licentric API enforces rate limits to ensure fair usage and protect against abuse. Limits vary by endpoint tier.
Rate Limit Tiers
| Tier | Endpoints | Limit | Scope |
|---|---|---|---|
| VALIDATION | POST /licenses/validate-key | 60 req/min | Per IP address |
| ACTIVATION | POST /machines | 10 req/min | Per IP address |
| MANAGEMENT | All other API endpoints | 120 req/min | Per API key |
| PUBLIC | Public marketing pages | 300 req/min | Per IP address |
Response Headers
Every API response includes rate limit headers so your application can track usage proactively.
| Header | Description |
|---|---|
| X-RateLimit-Limit | Maximum number of requests allowed in the current window |
| X-RateLimit-Remaining | Number of requests remaining in the current window |
| X-RateLimit-Reset | Unix timestamp (seconds) when the current window resets |
| Retry-After | Seconds to wait before retrying (only present on 429 responses) |
Example Response Headers
Response Headers
HTTP/1.1 200 OK
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 117
X-RateLimit-Reset: 1736942400Rate Limited Response
When a rate limit is exceeded, the API returns HTTP 429 with a Retry-After header.
429Rate limit exceeded
json
{
"error": "Rate limit exceeded. Retry after 42 seconds.",
"code": "RATE_LIMITED",
"status": 429
}Handling Rate Limits
Implement exponential backoff with jitter in your client. Check the
Retry-After header for the exact wait time before retrying.