Scope contract notice: API key scopes are enforced for public routes; see Scope reference for required grants.

Rate Limits

Partner-facing API key quotas are planned but not yet enforced.

Current State

There is currently no partner-facing rate limit policy for public API keys. Rate quotas are deferred until Phase 5 of #42.

Planned Headers

When partner quotas are implemented, responses should include rate-limit headers:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1780272000

429 Responses

When a request is rejected by quota, VoiceAgent will return 429 Too Many Requests. Clients should read Retry-After when present and retry with backoff. 

Retry-After: 30
{
  "error": {
    "code": "RATE_LIMITED",
    "message": "Too many requests"
  }
}

Client Guidance

Build integrations so retries are idempotent where possible. Use bounded exponential backoff for 429 and transient 503 responses.