Concepts

Rate Limiting

Understand API rate limits, response headers, and how to handle 429 responses gracefully with exponential backoff.

Limits

Rate limits are applied per API key. The default limits are 25 concurrent requests per API key across all rate-limited endpoints (Sessions and Job Search), a maximum of 100 jobs per session, and configurable per-user application limits (both total and monthly). Enterprise plans include custom rate limits.

For Session endpoints, the concurrent slot is released once the session is created. For Job Search endpoints, the slot is held until the search results are fully returned, so sustained parallel searches will consume concurrent slots longer.

Response Headers

Every API response includes rate limit headers so you can track your usage and avoid hitting limits.

X-RateLimit-Concurrent-Limit: 25
X-RateLimit-Concurrent-Remaining: 18
X-RateLimit-User-Total-Limit: 1000
X-RateLimit-User-Total-Remaining: 650
X-RateLimit-User-Monthly-Limit: 100
X-RateLimit-User-Monthly-Remaining: 55

Handling 429 Responses

When you exceed the rate limit, the API returns a 429 status with a retryAfter field indicating how many seconds to wait. Implement exponential backoff with jitter for best results.

# The API returns Retry-After header with 429 responses
# Wait the specified number of seconds before retrying
curl -X POST https://apply-api.boringproject.ai/api/v1/sessions/apply \
  -H "Authorization: Bearer bp_live_..." \
  -H "Content-Type: application/json" \
  -d '{...}'

# If you get HTTP 429, check the Retry-After header and wait

Response200 OK

{
  "error": {
    "code": "RATE_LIMIT_CONCURRENT_EXCEEDED",
    "message": "Too many concurrent requests. Maximum 25 allowed.",
    "retryAfter": 30
  }
}

Related docs

Rate Limiting

Limits

Response Headers

Handling 429 Responses

Continue reading

Error Handling

Authentication

Idempotency