Barndoor · Rate Limits

Barndoor Rate Limits

Barndoor does not publish numeric per-second or per-minute rate limits for the Platform API in public documentation. Several adjacent policies that effectively shape throughput are documented: a pool of five static egress IPs is shared across all customers for outbound MCP traffic, JWT bearer tokens are short-lived and refreshed by the SDK (Auth0 PKCE flow), and the audit-log export pipeline batches events every 30 seconds or per 100 events (whichever first). Pagination on list endpoints is bounded (page >= 1, limit <= 100). Per-plan agent (non-human identity) ceilings act as a structural quota: Trial unlimited, Team 250, Pro 1,000, Enterprise custom. Numeric request-rate ceilings remain unpublished - reconciled:false until Barndoor Support confirms them.

Barndoor Rate Limits is the machine-readable rate-limit profile for Barndoor on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 6 rate-limit definitions, measuring requests, items_per_page, egress_ip, events_per_batch, and buffer_days.

The profile also includes 5 backoff/retry policies defined and response codes documented for throttled, unauthorized, validation, and serverError.

Tagged areas include AI Agents, MCP, Rate Limiting, Throttling, and Egress.

6 Limits Throttle: 429
AI AgentsMCPRate LimitingThrottlingEgress

Limits

Per-Customer Platform API Throttle customer
requests · minute
undocumented
Numeric rate limit not published. Per-customer throttling is presumed at the Platform API edge; on excessive throughput expect HTTP 429.
List-Endpoint Page Size request
items_per_page · request
100
List operations (listAgents, listServers, listPolicies, listPolicyRevisions) cap `limit` at 100 items per page; `page` is 1-based with default 10.
Static Egress IP Pool (Outbound to MCP Servers) platform
egress_ip · persistent
5
Outbound MCP traffic from Barndoor exits via a fixed pool of five shared IPs (136.114.185.55, 34.121.81.24, 34.172.10.253, 35.226.250.15, 35.188.204.49) with automatic failover. Customers whitelist these on MCP server firewalls.
Audit-Log Export Batch tenant
events_per_batch · 30s
100
Audit batches flush every 30 seconds or every 100 events (whichever first); events land in the destination bucket within ~1 minute.
Audit-Log Buffer During Pause tenant
buffer_days · day
30
While the audit-log export stream is paused, events buffer for up to 30 days; older events are dropped if the stream stays paused.
Non-Human Identities Quota tenant
agents
plan-based
Trial unlimited, Team 250, Pro 1,000, Enterprise custom. Acts as a structural ceiling on the number of registered agents.

Policies

429 Throttling
Excessive request volume returns HTTP 429 Too Many Requests. Clients should back off before retrying.
Backoff Strategy
Implement exponential backoff with jitter on 429 / 5xx responses. The SDK handles transparent retries on transient failures.
JWT Lifecycle
Bearer tokens are short-lived JWTs issued by Auth0 PKCE; the SDK's `loginInteractive()` refreshes them. Do not cache tokens past their `exp` claim.
Egress Whitelisting
Allow inbound traffic from the five Barndoor egress IPs on the MCP server side; rotate firewall rules to keep the full pool open to tolerate failover.
Audit Export Backpressure
Avoid pausing the audit-log export stream for more than 30 days; buffered events past that window are dropped.

Sources