Sanity · Rate Limits

Sanity Rate Limits

Sanity rate limits apply to direct API calls only; cached responses served from the API CDN are not rate limited. Limits are enforced per-IP for request rate and per-dataset for concurrency. When limits are exceeded the API returns HTTP 429 and the docs recommend exponential backoff. Plan-level monthly quotas (CDN requests, direct API requests, bandwidth) are tracked separately in plans/.

Sanity Rate Limits is the machine-readable rate-limit profile for Sanity on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 6 rate-limit definitions, measuring requests_per_second and concurrent_requests.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled and quotaExceeded.

Tagged areas include Rate Limiting, Headless CMS, Content Management, GROQ, and Real-Time.

6 Limits Throttle: 429 Quota: 429
Rate LimitingHeadless CMSContent ManagementGROQReal-Time

Limits

API CDN cached responses dataset
requests_per_second
cached responses are not rate limited
Cache misses fall through to the direct API and incur the per-IP limits below.
Direct API general request rate (per IP) IP
requests_per_second · second
500
Direct API mutations rate (per IP) IP
requests_per_second · second
25
Direct API uploads rate (per IP) IP
requests_per_second · second
25
Direct API query concurrency (per dataset) dataset
concurrent_requests
500
Direct API mutation concurrency (per dataset) dataset
concurrent_requests
100

Policies

Use the API CDN
Setting `useCdn: true` in the client serves cached responses that are not rate limited; this is the recommended default for read-heavy workloads.
Backoff on 429
When the API returns 429 Too Many Requests, clients should implement exponential backoff with jitter or wait briefly before retrying.
Cache miss fallthrough
API CDN cache misses are forwarded to the direct API and are subject to the per-IP and per-dataset concurrency limits.
Headers
Sanity does not document X-RateLimit-* or Retry-After headers; consumers should rely on the 429 status and a backoff timer rather than header-driven scheduling.

Sources