Skip to main content
Rate Limited Per API Key Shared IP Protection
Dock applies rate limits to all endpoints to protect platform stability and ensure fair usage across all integrations.

Daily quota

Each API key has a daily request allowance for standard API usage.

Burst protection

Some endpoints also enforce short cooldowns to reduce spam and abusive retry loops.

​
Standard limits

​
dailyLimit
number
required
Maximum number of standard API requests allowed per API key each day.
​
perSecondLimit
string
required
Standard per-second pacing limit. Some endpoints may also apply an additional cooldown.
​
cooldownBehavior
string
Certain routes may enforce a 2-second cooldown between requests.
500 requests per API key, per day.
1 request per second.
Some endpoints apply a 2-second cooldown for additional abuse prevention.

​
429 rate limit response

When a limit is exceeded, Dock returns 429 Too Many Requests.
​
status
number
required
HTTP status code returned by the API.
​
error
string
required
Human-readable explanation of which limit was exceeded.
​
timestamp
string
required
ISO 8601 timestamp for when the rate-limited response was generated.
​
version
string
required
Dock API version that handled the request.
​
retryAfter
number
required
Number of seconds to wait before retrying.
​
requestsRemaining
number
required
Remaining requests in the standard API-key bucket.
​
ipRequestsRemaining
number
Remaining requests in the shared-IP bucket when shared-IP enforcement is active.
429 Too Many Requests
{
  "status": 429,
  "error": "Too Many Requests: Daily request limit of 500 exceeded",
  "timestamp": "2025-10-02T12:00:00Z",
  "version": "1.0.0",
  "retryAfter": 3600,
  "requestsRemaining": 0,
  "ipRequestsRemaining": 0
}
ipRequestsRemaining appears when Dock detects multiple API keys sending traffic from the same IP address. This shared counter helps prevent teams from bypassing limits by rotating keys on a single host.

​
Best practices

Check requestsRemaining and ipRequestsRemaining in your responses so you can track both the per-key quota and any shared-IP quota.
Log these values in your app so you can detect approaching limits before requests start failing.
Need higher limits? Contact support for enterprise plans.

​
Verify session bucket

Verification session endpoints use a separate daily bucket and do not consume the normal mapping quota.

Free plan

verifyRequestsRemaining starts at 2000 per day.

Premium plan

verifyRequestsRemaining starts at 10000 per day.
​
verifyRequestsRemaining
number
required
Remaining requests in the verification-session bucket.
​
verifyIpRequestsRemaining
number
Remaining verification requests in the shared-IP bucket when shared-IP enforcement is triggered for verification traffic.
​
pollIntervalMinimum
string
required
Minimum allowed delay between verification status polls.
​
freePollLimit
number
required
Maximum number of session polls allowed on Free plans.
​
premiumPollLimit
number
required
Maximum number of session polls allowed on Premium plans.
verifyRequestsRemaining starts at 2000 per day.
verifyRequestsRemaining starts at 10000 per day.
Polling requires at least 2 seconds between requests, with a maximum of 60 polls on Free plans and 150 polls on Premium plans.
Opening an SSE stream counts as one verify request, but keeping the stream open does not increase poll count.
Verification routes can return verifyIpRequestsRemaining when shared-IP protection is active for verification traffic.