Recommended Client Defaults
Production Rate Limits
Esheria applies two independent controls:- An IP-level pre-authentication abuse limit (3,000 requests/minute by default).
- An authenticated workspace limit from the active plan, shared by all API and OAuth tokens in that workspace.
Production readiness requires the shared Redis limiter through
API_REDIS_URL. Customers behind the same NAT share only the high pre-auth IP
guard; after authentication, their paid limit is isolated by workspace.
Responses include X-RateLimit-Limit, X-RateLimit-Remaining, and
Retry-After when blocked.
The CLI uses:
Pagination
List endpoints uselimit and offset.