Limits & Quotas
Every numeric limit Zeridion Flare enforces, on one page. Where a limit varies by plan, the per-tier value is shown. Where a limit is global (the same for every customer), the global value is shown.
For per-endpoint details, see the linked pages. For pricing-tier feature comparison, see the pricing page.
Request rate limits
Every authenticated request counts against a sliding 1-hour window. Exceeding the budget returns 429 rate_limit_exceeded with Retry-After and X-RateLimit-* response headers. See Rate Limits for the response shape.
| Plan | Requests per hour |
|---|---|
| Free | 1,000 |
| Starter | 10,000 |
| Pro | 100,000 |
| Business | 1,000,000 |
| Enterprise | Custom — contact sales |
The limit applies to all authenticated endpoints under /flare/v1/* and /platform/v1/*. Health probes (/flare/health/live, /flare/health/ready) are unmetered.
Daily job quota
The number of jobs you can create per UTC calendar day. Tracked separately from the request rate limit. Exceeding the cap returns 402 billing_state_blocked until the next UTC midnight.
| Plan | Jobs per day |
|---|---|
| Free | 1,000 |
| Starter | 10,000 |
| Pro | 100,000 |
| Business | 1,000,000 |
| Enterprise | Custom |
A job that retries does not consume additional quota — only the first enqueue counts.
Auth-endpoint rate limits
Anonymous endpoints under /platform/v1/auth/* (signup, login, verify, resend, forgot, reset) carry a stricter per-IP cap:
- 20 requests per 15-minute sliding window per IP — applies to every anonymous auth endpoint regardless of plan.
Login additionally tracks per-account failed-attempt counters to defend against credential stuffing:
- 10 failed attempts per 15-minute sliding window per account → returns
429 account_lockedwithRetry-After. Resets to 0 on the next successful login.
Signed inbound webhooks (Stripe, SendGrid) are exempt from the per-IP cap. See Authentication § Dashboard auth.
Export cooldowns
Export endpoints carry their own per-project cooldown, independent of the per-hour rate limit:
| Endpoint | Cooldown |
|---|---|
POST /flare/v1/jobs/export | 1 export per minute per project |
GET /platform/v1/projects/{id}/audit-log/export | 1 export per minute per project |
GET /platform/v1/account/export | 1 export per minute per user |
A second call inside the cooldown window returns 429 rate_limit_exceeded with Retry-After. The two project-level export buckets are tracked separately — a jobs-export call does not consume the audit-export budget.
The job export window is also capped at 90 days — requests with a wider date span return 400 range_too_large. See Jobs API § Export and Audit Log Export.
Payload caps
| Surface | Cap |
|---|---|
Job payload field (request body) | 64 KiB compressed JSON |
Audit-log metadata field | 4 KiB |
| Webhook delivery payload | 1 MiB |
| API request body (any endpoint) | 10 MiB |
Larger payloads should be stored externally (S3, Azure Blob) and the job carries the URL plus a signed pre-shared token.
Retention windows
| Resource | Retained for | Notes |
|---|---|---|
Job history (succeeded, failed, cancelled, dead_letter) | 30 days (Free / Starter), 90 days (Pro), 180 days (Business), Custom (Enterprise) | After retention expires, the job row is hard-deleted. |
| Idempotency replay records | 24 hours | After expiry the key is eligible for reuse. |
| Audit logs | 90 days (Free / Starter), 1 year (Pro / Business), 7 years (Enterprise SOC 2 / SOX) | Export via audit-log/export before expiry if you need longer retention. |
| Webhook delivery attempts | 30 days | The originating job survives retention; only the delivery-attempt record is pruned. |
| API key metadata (rotated/revoked keys) | 30-day grace, then hard-deleted | See Authentication § Key rotation. |
Resource caps
| Resource | Cap | Notes |
|---|---|---|
| Projects per account | 1 (Free), 3 (Starter), 25 (Pro), Unlimited (Business / Enterprise) | A project is the unit of isolation — separate API keys, separate quotas. |
| API keys per project | 10 active | Rotated keys keep a 24-hour grace window before they fully expire. |
| Project members | 1 (Free), 5 (Starter), 25 (Pro), Unlimited (Business / Enterprise) | Roles: owner, admin, member, viewer. |
| Recurring schedules per project | 50 (Free), 200 (Starter), 1,000 (Pro / Business), Unlimited (Enterprise) | A schedule occupies one slot regardless of how often it fires. |
| Queues per project | Unlimited | Queues are string-named and created lazily on first use. |
| Max queue depth | 100,000 jobs | Newly-enqueued jobs beyond the cap return 429 queue_full. |
| Webhook subscriptions per project | 25 | Each subscription receives every matching event. |
| Continuation chain depth | 10 levels | A job continuation chain (parent → child → grandchild) is capped at 10 hops. |
Worker concurrency
Worker concurrency is set by the worker process itself — the API does not impose a cap. A single worker can lease as many jobs as its declared max_concurrency allows. The platform allows up to 500 concurrent worker registrations per project before returning 429 worker_limit_exceeded on /workers/register.
Webhook delivery retries
When your webhook receiver returns a 5xx response or fails to respond within 10 seconds per attempt:
- Up to 5 retry attempts with exponential backoff (1s → 2s → 4s → 8s → 16s, with jitter).
- Total wall-clock time per delivery is approximately 50 seconds before the delivery is marked
failed. - 4xx responses are not retried — the delivery is marked
failedimmediately.
See Webhooks for the full delivery contract and signing scheme.
See also
- Rate Limits — exact rate-limit response headers and 429 semantics
- Billing — plan tiers, billing-state transitions, 402 conditions
- FAQ — common questions about quotas, retention, and what counts against the limit
- Support & SLA — how to request a quota increase