Keygen · Rate Limits

Keygen Rate Limits

Keygen enforces sliding-window rate limits that differ by whether requests originate client-side (unauthenticated, license, or user tokens) or server-side (admin, environment, or product tokens). Client-side traffic is the more constrained tier - roughly a 60-request burst per 30 seconds with a sustained ceiling around 500 requests per 5 minutes - while server-side tokens receive substantially higher, undocumented ceilings suited to back-end automation. Limits and the current window are surfaced on every response via X-RateLimit-* headers, and throttled requests return 429 with a Retry-After header.

Keygen Rate Limits is the machine-readable rate-limit profile for Keygen on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 4 rate-limit definitions, measuring requests.

The profile also includes 3 backoff/retry policies defined and response codes documented for throttled.

Tagged areas include Software Licensing, Distribution, Rate Limiting, Quotas, and Throttling.

4 Limits Throttle: 429
Software LicensingDistributionRate LimitingQuotasThrottling

Limits

Client-Side Burst ip-or-token
requests
60
Applies to unauthenticated, license, and user (client-side) tokens.
Client-Side Sustained ip-or-token
requests
500
Sustained ceiling (~1 req/sec) for client-side tokens; short bursts allowed.
Server-Side token
requests
see provider documentation
Admin, environment, and product tokens receive higher, undocumented limits.
Enterprise Custom account
requests
negotiated
Custom rate limits available on Keygen Cloud Enterprise plans.

Policies

Backoff Strategy
Honor the Retry-After header and use exponential backoff with jitter on 429.
Header Monitoring
Read X-RateLimit-Remaining / X-RateLimit-Reset to throttle proactively before hitting 429.
Caching
Cache validation and metadata responses and use offline license check-out to reduce request volume.

Sources