Skip to main content

Limits & Quotas

Every numeric limit Zeridion Flare enforces, on one page. Where a limit varies by plan, the per-tier value is shown. Where a limit is global (the same for every customer), the global value is shown.

For per-endpoint details, see the linked pages. For pricing-tier feature comparison, see the pricing page.


Request rate limits

Every authenticated request counts against a sliding 1-hour window. Exceeding the budget returns 429 rate_limit_exceeded with Retry-After and X-RateLimit-* response headers. See Rate Limits for the response shape.

PlanRequests per hour
Free1,000
Starter5,000
Pro50,000
Business500,000
EnterpriseCustom — contact sales

The limit applies to all authenticated endpoints under /flare/v1/* and /platform/v1/*. Health probes (/flare/health/live, /flare/health/ready) are unmetered.


Monthly job allowance

The number of jobs you can create per billing period — your subscription's billing period on paid plans, the calendar month (UTC) on Free. Tracked separately from the request rate limit. When the allowance is exhausted, new job creates return 429 monthly_allowance_exceeded until the period resets — unless opt-in overage is enabled for the project, in which case jobs keep running and the extra volume is metered at your plan's per-10k rate. If you set a spend cap, creates return 429 spend_cap_reached once the cap is reached.

PlanJobs per monthOpt-in overage
Free50,000
Starter300,000$1.50 / 10k jobs
Pro3,000,000$1.00 / 10k jobs
Business30,000,000$0.50 / 10k jobs
EnterpriseCustomCustom

A job that retries does not consume additional allowance — only the first enqueue counts. Track usage via the X-Quota-* response headers on job creation; X-Quota-Reset carries the Unix timestamp of the period end. See Billing → Plans for the full plan comparison and overage details.


Auth-endpoint rate limits

Anonymous endpoints under /platform/v1/auth/* (signup, login, verify, resend, forgot, reset) carry a stricter per-IP cap:

  • 20 requests per 15-minute sliding window per IP — applies to every anonymous auth endpoint regardless of plan.

Login additionally tracks per-account failed-attempt counters to defend against credential stuffing:

  • 10 failed attempts per 15-minute sliding window per account → returns 429 account_locked with Retry-After. Resets to 0 on the next successful login.

Signed inbound webhooks (Stripe, SendGrid) are exempt from the per-IP cap. See Authentication § Dashboard auth.


Export cooldowns

Export endpoints carry their own per-project cooldown, independent of the per-hour rate limit:

EndpointCooldown
POST /flare/v1/jobs/export1 export per minute per project
GET /platform/v1/projects/{id}/audit-log/export1 export per minute per project
GET /platform/v1/account/export1 export per minute per user

A second call inside the cooldown window returns 429 rate_limit_exceeded with Retry-After: 60 (the full cooldown window, as a conservative upper bound). The two project-level export buckets are tracked separately — a jobs-export call does not consume the audit-export budget.

The job export window is also capped at 90 days — requests with a wider date span return 400 range_too_large. See Jobs API § Export and Audit Log Export.


Payload caps

SurfaceCap
Job payload field (request body)64 KiB compressed JSON
Audit-log metadata field4 KiB
Webhook delivery payload1 MiB
API request body (any endpoint)10 MiB

Larger payloads should be stored externally (S3, Azure Blob) and the job carries the URL plus a signed pre-shared token.


Retention windows

ResourceRetained forNotes
Job history (succeeded, failed, cancelled, dead_letter)30 days (Free / Starter), 90 days (Pro), 180 days (Business), Custom (Enterprise)After retention expires, the job row is hard-deleted.
Idempotency replay records24 hoursAfter expiry the key is eligible for reuse.
Audit logs90 days (Free / Starter), 1 year (Pro / Business), 7 years (Enterprise SOC 2 / SOX)Export via audit-log/export before expiry if you need longer retention.
Webhook delivery attempts30 daysThe originating job survives retention; only the delivery-attempt record is pruned.
API key metadata (rotated/revoked keys)30-day grace, then hard-deletedSee Authentication § Key rotation.

Resource caps

ResourceCapNotes
Projects per account1 (Free), 3 (Starter), 25 (Pro), Unlimited (Business / Enterprise)A project is the unit of isolation — separate API keys, separate quotas.
API keys per project10 activeRotated keys keep a 24-hour grace window before they fully expire.
Project members1 (Free), 5 (Starter), 25 (Pro), Unlimited (Business / Enterprise)Roles: owner, admin, member, viewer.
Recurring schedules per project50 (Free), 200 (Starter), 1,000 (Pro / Business), Unlimited (Enterprise)A schedule occupies one slot regardless of how often it fires.
Queues per projectUnlimitedQueues are string-named and created lazily on first use.
Max queue depth100,000 jobsNewly-enqueued jobs beyond the cap return 429 queue_full.
Webhook subscriptions per project25Each subscription receives every matching event.
Continuation chain depth10 levelsA job continuation chain (parent → child → grandchild) is capped at 10 hops.

Worker concurrency

Worker concurrency is set by the worker process itself — the API does not impose a cap. A single worker can lease as many jobs as its declared max_concurrency allows. The platform allows up to 500 concurrent worker registrations per project before returning 429 worker_limit_exceeded on /workers/register.


Webhook delivery retries

When your webhook receiver returns a 5xx response or fails to respond within 10 seconds per attempt:

  • Up to 5 delivery attempts total (the initial attempt plus 4 retries) on a fixed backoff schedule: 5 s → 30 s → 5 min → 1 h between attempts.
  • Total wall-clock time per delivery is roughly an hour (worst case ≈ 66 minutes including per-attempt timeouts) before the delivery is marked failed.
  • 4xx responses are not retried — the delivery is marked failed immediately.

See Webhooks for the full delivery contract and signing scheme.


See also

  • Rate Limits — exact rate-limit response headers and 429 semantics
  • Billing — plan tiers, billing-state transitions, 402 conditions
  • FAQ — common questions about quotas, retention, and what counts against the limit
  • Support & SLA — how to request a quota increase