Rate Limiting
Global
- 30 requests per minute per client IP
- Tracks via in-memory dict with per-IP counter
- Resets every 60 seconds
Per-Agent (AP2)
- 30 requests per 60 seconds per agent identity
- Enforced on
POST /api/v1/ap2/* - Returns HTTP 429 with body:
{
"error": "rate_limit_exceeded",
"retry_after_seconds": 45
}
Best Practices
- Cache KYA tokens (they're valid for 1h)
- Implement exponential backoff on 429 responses
- Use
X-Agent-Identityheader for per-agent tracking