Limits & Quotas
Every numeric limit Zeridion Flare enforces, on one page. Where a limit varies by plan, the per-tier value is shown. Where a limit is global (the same for every customer), the global value is shown.
For per-endpoint details, see the linked pages. For pricing-tier feature comparison, see the pricing page.
Request rate limits
Every authenticated request counts against a sliding 1-hour window. Exceeding the budget returns 429 rate_limit_exceeded with Retry-After and X-RateLimit-* response headers. See Rate Limits for the response shape.
| Plan | Requests per hour |
|---|---|
| Free | 1,000 |
| Starter | 5,000 |
| Pro | 50,000 |
| Business | 500,000 |
| Enterprise | Custom — contact sales |
The limit applies to all authenticated endpoints under /flare/v1/* and /platform/v1/*. Health probes (/flare/health/live, /flare/health/ready) are unmetered.
Monthly job allowance
The number of jobs you can create per billing period — your subscription's billing period on paid plans, the calendar month (UTC) on Free. Tracked separately from the request rate limit. When the allowance is exhausted, new job creates return 429 monthly_allowance_exceeded until the period resets — unless opt-in overage is enabled for the project, in which case jobs keep running and the extra volume is metered at your plan's per-10k rate. If you set a spend cap, creates return 429 spend_cap_reached once the cap is reached.
| Plan | Jobs per month | Opt-in overage |
|---|---|---|
| Free | 50,000 | — |
| Starter | 300,000 | $1.50 / 10k jobs |
| Pro | 3,000,000 | $1.00 / 10k jobs |
| Business | 30,000,000 | $0.50 / 10k jobs |
| Enterprise | Custom | Custom |
A job that retries does not consume additional allowance — only the first enqueue counts. Track usage via the X-Quota-* response headers on job creation; X-Quota-Reset carries the Unix timestamp of the period end. See Billing → Plans for the full plan comparison and overage details.
Auth-endpoint rate limits
Anonymous endpoints under /platform/v1/auth/* (signup, login, verify, resend, forgot, reset) carry a stricter per-IP cap:
- 20 requests per 15-minute sliding window per IP — applies to every anonymous auth endpoint regardless of plan.
Login additionally tracks per-account failed-attempt counters to defend against credential stuffing:
- 10 failed attempts per 15-minute sliding window per account → returns
429 account_lockedwithRetry-After. Resets to 0 on the next successful login.
Signed inbound webhooks (Stripe, SendGrid) are exempt from the per-IP cap. See Authentication § Dashboard auth.
Export cooldowns
Export endpoints carry their own per-project cooldown, independent of the per-hour rate limit:
| Endpoint | Cooldown |
|---|---|
POST /flare/v1/jobs/export | 1 export per minute per project |
GET /platform/v1/projects/{id}/audit-log/export | 1 export per minute per project |
GET /platform/v1/account/export | 1 export per minute per user |
A second call inside the cooldown window returns 429 rate_limit_exceeded with Retry-After: 60 (the full cooldown window, as a conservative upper bound). The two project-level export buckets are tracked separately — a jobs-export call does not consume the audit-export budget.
The job export window is also capped at 90 days — requests with a wider date span return 400 range_too_large. See Jobs API § Export and Audit Log Export.
Payload caps
| Surface | Cap |
|---|---|
Job payload field (request body) | 64 KiB compressed JSON |
Audit-log metadata field | 4 KiB |
| Webhook delivery payload | 1 MiB |
| API request body (any endpoint) | 10 MiB |
Larger payloads should be stored externally (S3, Azure Blob) and the job carries the URL plus a signed pre-shared token.
Retention windows
| Resource | Retained for | Notes |
|---|---|---|
Job history (succeeded, failed, cancelled, dead_letter) | 30 days (Free / Starter), 90 days (Pro), 180 days (Business), Custom (Enterprise) | After retention expires, the job row is hard-deleted. |
| Idempotency replay records | 24 hours | After expiry the key is eligible for reuse. |
| Audit logs | 90 days (Free / Starter), 1 year (Pro / Business), 7 years (Enterprise SOC 2 / SOX) | Export via audit-log/export before expiry if you need longer retention. |
| Webhook delivery attempts | 30 days | The originating job survives retention; only the delivery-attempt record is pruned. |
| API key metadata (rotated/revoked keys) | 30-day grace, then hard-deleted | See Authentication § Key rotation. |
Resource caps
| Resource | Cap | Notes |
|---|---|---|
| Projects per account | 1 (Free), 3 (Starter), 25 (Pro), Unlimited (Business / Enterprise) | A project is the unit of isolation — separate API keys, separate quotas. |
| API keys per project | 10 active | Rotated keys keep a 24-hour grace window before they fully expire. |
| Project members | 1 (Free), 5 (Starter), 25 (Pro), Unlimited (Business / Enterprise) | Roles: owner, admin, member, viewer. |
| Recurring schedules per project | 50 (Free), 200 (Starter), 1,000 (Pro / Business), Unlimited (Enterprise) | A schedule occupies one slot regardless of how often it fires. |
| Queues per project | Unlimited | Queues are string-named and created lazily on first use. |
| Max queue depth | 100,000 jobs | Newly-enqueued jobs beyond the cap return 429 queue_full. |
| Webhook subscriptions per project | 25 | Each subscription receives every matching event. |
| Continuation chain depth | 10 levels | A job continuation chain (parent → child → grandchild) is capped at 10 hops. |
Worker concurrency
Worker concurrency is set by the worker process itself — the API does not impose a cap. A single worker can lease as many jobs as its declared max_concurrency allows. The platform allows up to 500 concurrent worker registrations per project before returning 429 worker_limit_exceeded on /workers/register.
Webhook delivery retries
When your webhook receiver returns a 5xx response or fails to respond within 10 seconds per attempt:
- Up to 5 delivery attempts total (the initial attempt plus 4 retries) on a fixed backoff schedule: 5 s → 30 s → 5 min → 1 h between attempts.
- Total wall-clock time per delivery is roughly an hour (worst case ≈ 66 minutes including per-attempt timeouts) before the delivery is marked
failed. - 4xx responses are not retried — the delivery is marked
failedimmediately.
See Webhooks for the full delivery contract and signing scheme.
See also
- Rate Limits — exact rate-limit response headers and 429 semantics
- Billing — plan tiers, billing-state transitions, 402 conditions
- FAQ — common questions about quotas, retention, and what counts against the limit
- Support & SLA — how to request a quota increase