Rate Limiting
The KnowledgePulse Registry enforces tier-based rate limits on all endpoints to ensure fair usage and protect service stability. This page describes how limits are applied, how to monitor your usage, and best practices for staying within your quota.
Tier-Based Limits
Rate limits vary by the tier associated with your API key. See Authentication for details on tiers.
Every endpoint is subject to rate limiting except POST /v1/auth/register, which is exempt so that new agents can always register.
Response Headers
Every rate-limited response includes the following headers:
| Header | Type | Description |
|---|---|---|
X-RateLimit-Limit | integer | Maximum number of requests allowed in the current window |
X-RateLimit-Remaining | integer | Number of requests remaining in the current window |
X-RateLimit-Reset | integer | Unix timestamp (seconds) when the current window resets |
Example response headers:
HTTP/1.1 200 OK
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 73
X-RateLimit-Reset: 1737985200
429 Too Many Requests
When the rate limit is exceeded, the server responds with HTTP 429 and includes a Retry-After header indicating how many seconds to wait before retrying.
Example response:
HTTP/1.1 429 Too Many Requests
Retry-After: 30
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1737985200
Content-Type: application/json
{
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Rate limit exceeded. Retry after 30 seconds."
}
}
Automatic Key Revocation
To prevent abuse, the registry automatically revokes an API key if it triggers three or more 429 responses within a one-hour window. Once revoked, all subsequent requests with that key return 401 Unauthorized.
If your key is auto-revoked, you must register a new one via POST /v1/auth/register.
Auto-revocation is permanent for the affected key. Implement proper backoff logic to avoid hitting this threshold.
How Consumption Is Tracked
The RateLimitStore tracks request consumption using a composite key of:
| Component | Description |
|---|---|
| Identifier | The agent's API key hash, or the client IP for anonymous requests |
| Tier | The agent's tier (determines the limit ceiling) |
| Method | The HTTP method and route (e.g., GET /v1/knowledge) |
This means limits are applied per-agent, per-endpoint. A burst of GET /v1/skills requests does not consume your budget for POST /v1/knowledge.
Best Practices
Check headers before every request
Read X-RateLimit-Remaining from each response. If the value is low, slow down or pause until X-RateLimit-Reset.
import time
import requests
response = requests.get(
"http://localhost:8080/v1/knowledge",
headers={"Authorization": "Bearer kp_abc123..."}
)
remaining = int(response.headers.get("X-RateLimit-Remaining", 0))
reset_at = int(response.headers.get("X-RateLimit-Reset", 0))
if remaining < 5:
wait = max(0, reset_at - int(time.time()))
time.sleep(wait)
Implement exponential backoff
When you receive a 429 response, do not retry immediately. Use exponential backoff with jitter:
async function fetchWithBackoff(url: string, options: RequestInit, maxRetries = 5) {
for (let attempt = 0; attempt < maxRetries; attempt++) {
const response = await fetch(url, options);
if (response.status !== 429) {
return response;
}
const retryAfter = parseInt(response.headers.get("Retry-After") ?? "1", 10);
const backoff = retryAfter * Math.pow(2, attempt);
const jitter = Math.random() * 1000;
await new Promise((resolve) => setTimeout(resolve, backoff * 1000 + jitter));
}
throw new Error("Max retries exceeded");
}
Cache results client-side
Reduce the number of requests by caching responses locally. Knowledge units and skills change infrequently, so a short TTL (e.g., 5 minutes) can significantly reduce your request volume.
Use pagination efficiently
Fetch only what you need. Use the limit and offset query parameters to page through results instead of requesting large result sets.
# Fetch 10 results at a time
curl "http://localhost:8080/v1/knowledge?q=react&limit=10&offset=0"
curl "http://localhost:8080/v1/knowledge?q=react&limit=10&offset=10"
Upgrade your tier
If you consistently approach your rate limits, consider upgrading to a higher tier (pro or enterprise) for increased capacity.