The Enkryptify API rate-limits requests to keep the platform fast and reliable for everyone. If you stay within the limits, you should not see any throttling under normal use.Documentation Index
Fetch the complete documentation index at: https://docs.enkryptify.com/llms.txt
Use this file to discover all available pages before exploring further.
Default limit
The global limit is 200 requests per minute per client IP across all/v1 endpoints.
The token exchange endpoint (POST /v1/auth/exchange) has an additional 10 requests per minute per token. Cache the resulting JWT. Do not exchange on every call.
Response headers
Every response from/v1 includes the standard rate-limit headers so you can monitor your usage:
| Header | Meaning |
|---|---|
RateLimit-Limit | The total number of requests allowed in the current window |
RateLimit-Remaining | The number of requests left in the current window |
RateLimit-Reset | Seconds until the window resets |
Handling 429 Too Many Requests
When you hit the limit, the API returns 429 Too Many Requests:
Retry-After header tells you how many seconds to wait before retrying. Use exponential backoff with jitter and always respect Retry-After.
Tips
- Cache JWTs. If you use the exchange flow, store the JWT for its full 15-minute lifetime instead of exchanging on every request.
- Batch where possible. If you need many secrets, fetch them in one
GET /secretscall rather than one call per key. - Use the SDK. The Enkryptify SDK caches secrets locally and handles JWT exchange automatically.
- Contact us for higher limits. If you have a legitimate use case that exceeds these limits, reach out.