Demeterics.ai Rate Limits
Demeterics enforces multiple layers of rate limiting to ensure fair usage, protect platform stability, and prevent abuse. Limits are applied based on your user tier and API key configuration.
All rate limit violations return HTTP 429 Too Many Requests with a JSON error body and relevant headers.
Tier System
Every user is assigned a tier that determines their rate limits. Tiers are assigned automatically based on account age and payment history, or manually by administrators.
| Tier | Name | Description |
|---|---|---|
| 1 | New | Limited test access for new users |
| 2 | Verified | After payment and 3+ days of usage |
| 3 | Established | Increased limits for established users |
| 4 | Power | High-volume access for power users |
| 5 | Enterprise | Unlimited access |
Rate Limit Summary
Requests Per Minute (RPM)
Per-user limit on API calls per minute, based on tier.
| Tier | Limit |
|---|---|
| New | 10 RPM |
| Verified | 30 RPM |
| Established | 60 RPM |
| Power | 120 RPM |
| Enterprise | Unlimited |
Error response:
{"error": "tier rate limit exceeded (calls/minute)", "code": 429}
Headers: X-Tier-Limit-Exceeded: calls-per-minute, Retry-After: 60
Requests Per Day
Per-user limit on total API calls per day (resets at midnight UTC).
| Tier | Limit |
|---|---|
| New | 1,000 |
| Verified | 5,000 |
| Established | 20,000 |
| Power | 50,000 |
| Enterprise | Unlimited |
Error response:
{"error": "tier daily call limit exceeded", "code": 429}
Headers: X-Tier-Limit-Exceeded: calls-per-day, Retry-After: <seconds until midnight UTC>
Daily Credit Limit
Per-user daily spending cap in Demeterics credits (100 credits = $1.00 USD). Resets at midnight UTC.
| Tier | Limit |
|---|---|
| New | 100 credits ($1.00/day) |
| Verified | 500 credits ($5.00/day) |
| Established | 2,000 credits ($20.00/day) |
| Power | 10,000 credits ($100.00/day) |
| Enterprise | Unlimited |
Error response:
{"error": "tier daily credit limit exceeded", "code": 429}
Headers: X-Tier-Limit-Exceeded: credits-per-day, Retry-After: <seconds until midnight UTC>
API Key Rate Limit
Per-API-key rate limit, configurable in the dashboard. Defaults to unlimited (0). This limit is independent of tier limits and is checked first.
Error response:
{"error": "rate limit exceeded", "code": 429}
Daily LLM Cost Limit
Per-API-key daily spending cap on LLM calls. Configurable per key in the dashboard.
- Default: $10.00 USD/day (when not explicitly set)
- Unlimited: Set to $0 to disable
- Custom: Any positive value in USD
For managed keys, the effective limit is capped at the user's credit balance.
Error response:
{"error": "daily llm cost limit exceeded", "code": 429}
Headers: X-Daily-Cost-Limit-Exceeded: true, Retry-After: <seconds until midnight UTC>
Alert notifications are sent at 80% and 100% thresholds.
Concurrent Request Limit (Managed Keys)
For managed keys (where Demeterics provides the LLM provider key), a per-user concurrency limit prevents too many simultaneous in-flight requests.
| Tier | Max Concurrent Requests |
|---|---|
| New | 3 |
| Verified | 5 |
| Established | 10 |
| Power | 20 |
| Enterprise | Unlimited |
Error response:
{"error": "Too many concurrent managed-key requests. Please wait and retry.", "code": 429, "type": "concurrency_limit"}
Velocity Limit (Managed Keys)
For managed keys, a 10-minute rolling window detects anomalous burst traffic. This is separate from the per-minute RPM limit and acts as abuse protection.
| Tier | Max Requests per 10 Minutes |
|---|---|
| New | 200 (20/min sustained) |
| Verified | 500 (50/min sustained) |
| Established | 1,000 (100/min sustained) |
| Power | 2,000 (200/min sustained) |
| Enterprise | Unlimited |
Error response:
{"error": "Request rate too high. Please slow down.", "code": 429, "type": "velocity_limit"}
At 2x the threshold, an admin abuse alert is triggered.
Widget Rate Limit
AI Chat Widgets have a per-agent rate limit, configurable in the dashboard.
- Default: 50 requests/minute per widget agent
- Custom: Configurable per widget
Error response:
{"error": "Rate limit exceeded", "code": 429}
Headers: X-RateLimit-Limit: <limit>, X-RateLimit-Remaining: <remaining>, Retry-After: 60
Enforcement Order
Rate limits are checked in the following order. The first limit exceeded short-circuits the request:
- API Key RPM - Per-key per-minute limit
- Tier RPM - Per-user per-minute limit
- Tier RPD - Per-user per-day limit
- Daily LLM Cost - Per-key daily spend (LLM endpoints only)
- Tier Credits/Day - Per-user daily credit cap (LLM endpoints only)
- Velocity - 10-min rolling window (managed keys only)
- Concurrency - In-flight request cap (managed keys only)
Fail Behavior
| Limit Type | On Error |
|---|---|
| API Key RPM | Fail open (allows request) |
| Tier RPM / RPD | Fail open |
| Daily LLM Cost (BYOK) | Fail open |
| Daily LLM Cost (Managed) | Fail closed (rejects request) |
| Velocity (Managed) | Fail closed |
| Concurrency (Managed) | Fail closed |
| Widget | Fail open |
Managed keys fail closed to protect against credit drain during infrastructure issues.
Best Practices
- Monitor headers: Check
X-Tier-Limit-ExceededandRetry-Afterin 429 responses to determine which limit was hit and when to retry. - Use exponential backoff: When rate limited, wait the
Retry-Afterduration before retrying. - Spread requests: Distribute API calls evenly across time rather than bursting.
- Upgrade your tier: Contact support or make a payment to upgrade from Tier 1.
- Configure per-key limits: Set appropriate
RateLimitPerMinuteandDailyLLMCostLimitper API key in the dashboard.