Rate limits
OneAnalytics applies two layers of rate-limiting to every API request:
- Burst — a token bucket (1-minute fill window) that absorbs spikes.
- Sustained — a sliding-window counter (1-hour window) that caps long-running throughput.
A request is rejected with 429 when either limit is hit.
Headers
Every response (success or failure) carries:
X-RateLimit-Limit-Burst: 120 # bucket capacity
X-RateLimit-Remaining-Burst: 83
X-RateLimit-Reset-Burst: 2026-04-16T09:43:00Z
X-RateLimit-Limit-Sustained: 10000 # requests per hour
X-RateLimit-Remaining-Sustained: 8472
X-RateLimit-Reset-Sustained: 2026-04-16T10:00:00ZOn 429, Retry-After: <seconds> indicates the shortest wait that will let your next request through.
Default limits
| Plan | Burst (req / 60 s) | Sustained (req / hour) |
|---|---|---|
| Starter | 60 | 2 000 |
| Growth | 180 | 20 000 |
| Scale | 600 | 100 000 |
| Custom | (negotiated) | (negotiated) |
Counts are per (tenant, endpoint-class). Endpoint classes: read, write, export, ai. So a heavy export run does not starve your read budget.
Client recipe
import time, httpx
def call(method, url, **kw):
while True:
r = httpx.request(method, url, **kw)
if r.status_code != 429:
return r
delay = int(r.headers.get("Retry-After", "2"))
time.sleep(delay + random.uniform(0, 0.5)) # jitterOur TypeScript and Python SDKs implement this with exponential backoff and jitter baked in.
Bursting
The token bucket starts full and refills at capacity / 60 per second. So a burst of capacity in one second is allowed, followed by a steady state at capacity / 60 per second until refilled.
AI endpoints
POST /v1/ai/ask has its own limit because LLM calls cost us per-token:
- 30 questions per minute per user (burst)
- 500 questions per hour per workspace (sustained)
Streaming responses count as one request, not per token.
Query endpoints
POST /v1/datasets/{id}/query counts normally, but also enforces a concurrency cap: 8 concurrent queries per workspace on Growth, 32 on Scale. Over the cap, requests return 429 rate-limit/query-concurrency with Retry-After: 1.
Webhook delivery
Outbound webhooks have their own retry schedule (see Webhooks) — your endpoint should handle duplicate delivery idempotently.
Getting more
Hit a ceiling repeatedly? Contact support. We raise limits for legitimate use with a brief chat; there's no "Enterprise add-on" gating.