Skip to main content
The API is designed for deterministic, source-backed workflows. Client code should use bounded timeouts, conservative retries, and idempotency keys on mutating requests.

Production Rate Limits

Esheria applies two independent controls:
  1. An IP-level pre-authentication abuse limit (3,000 requests/minute by default).
  2. An authenticated workspace limit from the active plan, shared by all API and OAuth tokens in that workspace.
Production readiness requires the shared Redis limiter through API_REDIS_URL. Customers behind the same NAT share only the high pre-auth IP guard; after authentication, their paid limit is isolated by workspace. Responses include X-RateLimit-Limit, X-RateLimit-Remaining, and Retry-After when blocked. The CLI uses:
You can override per command:

Pagination

List endpoints use limit and offset.

Failure Modes

Production Notes

If Redis is unavailable, readiness fails and production billing rate checks fail closed. Restore Redis before accepting customer traffic; development may still use the bounded in-process limiter.