> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enkryptify.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rate limits

> Request limits, headers and how to handle 429 responses.

The Enkryptify API rate-limits requests to keep the platform fast and reliable for everyone. If you stay within the limits, you should not see any throttling under normal use.

## Default limit

The global limit is **200 requests per minute** per client IP across all `/v1` endpoints.

The token exchange endpoint (`POST /v1/auth/exchange`) has an additional **10 requests per minute per token**. Cache the resulting JWT. Do not exchange on every call.

## Response headers

Every response from `/v1` includes the standard rate-limit headers so you can monitor your usage:

| Header                | Meaning                                                    |
| --------------------- | ---------------------------------------------------------- |
| `RateLimit-Limit`     | The total number of requests allowed in the current window |
| `RateLimit-Remaining` | The number of requests left in the current window          |
| `RateLimit-Reset`     | Seconds until the window resets                            |

## Handling `429 Too Many Requests`

When you hit the limit, the API returns `429 Too Many Requests`:

```json theme={"dark"}
{ "message": "Rate limit exceeded" }
```

The `Retry-After` header tells you how many seconds to wait before retrying. Use exponential backoff with jitter and always respect `Retry-After`.

## Tips

* **Cache JWTs.** If you use the exchange flow, store the JWT for its full 15-minute lifetime instead of exchanging on every request.
* **Batch where possible.** If you need many secrets, fetch them in one `GET /secrets` call rather than one call per key.
* **Use the SDK.** The [Enkryptify SDK](https://github.com/Enkryptify/sdk) caches secrets locally and handles JWT exchange automatically.
* **Contact us for higher limits.** If you have a legitimate use case that exceeds these limits, [reach out](mailto:founders@enkryptify.com).
