Concepts

Rate Limiting

Understand API rate limits, response headers, and how to handle 429 responses gracefully with exponential backoff.

Limits

Rate limits are applied per API key. The default limits are 25 concurrent requests per API key, a maximum of 100 jobs per session, and configurable per-user application limits (both total and monthly). Enterprise plans include custom rate limits.

Response Headers

Every API response includes rate limit headers so you can track your usage and avoid hitting limits.

X-RateLimit-Concurrent-Limit: 25
X-RateLimit-Concurrent-Remaining: 18
X-RateLimit-User-Total-Limit: 1000
X-RateLimit-User-Total-Remaining: 650
X-RateLimit-User-Monthly-Limit: 100
X-RateLimit-User-Monthly-Remaining: 55

Handling 429 Responses

When you exceed the rate limit, the API returns a 429 status with a retryAfter field indicating how many seconds to wait. Implement exponential backoff with jitter for best results.

# The API returns Retry-After header with 429 responses
# Wait the specified number of seconds before retrying
curl -X POST https://apply-api.boringproject.ai/api/v1/sessions/apply \
  -H "Authorization: Bearer bp_live_..." \
  -H "Content-Type: application/json" \
  -d '{...}'

# If you get HTTP 429, check the Retry-After header and wait
Response200 OK
{
  "error": {
    "code": "RATE_LIMIT_CONCURRENT_EXCEEDED",
    "message": "Too many concurrent requests. Maximum 25 allowed.",
    "retryAfter": 30
  }
}

Related docs

Continue reading

Error Handling

Understand the API error format, HTTP status codes, error code categories, and best practices for handling errors.

Authentication

Authenticate requests to the Boring Project API using Bearer tokens with your API key.

Idempotency

Prevent duplicate operations by including an Idempotency-Key header in POST requests.