Arcjet · Rate Limits

Arcjet Rate Limits

Arcjet is itself a rate-limiting product; this artifact documents limits that apply to Arcjet's OWN decision service rather than the limits customers configure for their applications. Arcjet does not publish hard public per-account request-rate caps on the Decide service; usage is metered and billed per protected request rather than throttled, with tier-based request allowances and Enterprise offering higher allowances. The practical operational control is the SDK request timeout (default 500ms in production, 1000ms in development), after which the SDK fails open by default (configurable to fail closed). The SDK makes a single call to the Decide service per request regardless of the number of rules configured, and caches decisions locally to minimize calls.

Arcjet Rate Limits is the machine-readable rate-limit profile for Arcjet on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 4 rate-limit definitions, measuring requests, milliseconds, and calls.

The profile also includes 3 backoff/retry policies defined and response codes documented for throttled.

Tagged areas include Security, Rate Limiting, Bot Detection, WAF, and Developer Security.

4 Limits Throttle: 429
SecurityRate LimitingBot DetectionWAFDeveloper SecurityRate LimitingQuotasThrottling

Limits

Protected Request Allowance account
requests
see provider pricing
Tier-based monthly request allowances; usage metered and billed per protected request rather than hard-throttled. Enterprise offers higher allowances.
SDK Request Timeout (Production) request
milliseconds
500
Default production timeout for a Decide service call; configurable.
SDK Request Timeout (Development) request
milliseconds
1000
Default development timeout, higher to allow for geographic latency to the Cloud API.
Single Call Per Request request
calls
1
Arcjet makes a single Decide call regardless of the number of rules configured; local caching further reduces calls.

Policies

Fail Open by Default
On network problems or timeout the SDK defaults to failing open (allowing requests); it can be configured to fail closed.
Local Caching
The SDK caches decisions in memory so many requests are resolved locally in under 1ms without contacting the Decide service.
Tiered Allowances
Request allowances and retention scale with the pricing tier; Enterprise provides higher request allowances and dedicated capacity.

Sources