Skip to main content
Rate limiting is partner-scoped: limits are shared across all tenants under the same API key and environment. Each request is classified into 1 of 7 buckets.

Buckets

BucketLimitEndpoints
criteria_ai2 req/s + 4 concurrent in-flightPOST /v1/jobs/{jobId}/question-sets, POST /v1/jobs/{jobId}/criteria/generate
criteria_current_reads60 req/sGET /v1/jobs/{jobId}/criteria/versions/current
scoring_intake_batch1 req/sPOST /v1/jobs/{jobId}/scoring-batches
scoring_intake_single10 req/sPOST /v1/jobs/{jobId}/applications/{applicationId}/scoring-jobs
read_and_ops20 req/sOther read/write /v1/* endpoints (except criteria_current_reads, analytics, and rate-limit status)
analytics20 req/sGET /v1/analytics/*
rate_limit_status2 req/sGET /v1/rate-limit-status
Buckets are isolated: exhausting one doesn’t affect others. The criteria_ai bucket has an extra concurrency cap. At most 4 requests can process simultaneously, returning 429 even if RPS tokens are available.
If you need higher limits, contact us through the Embed Portal.

Trial accounts

Trial accounts may have configured monthly limits for scoring jobs, question generation, and criteria generation. These limits are shared across all tenants in the same partner environment and reset on the first day of each UTC month. If a request exceeds the configured monthly trial limit, the API returns HTTP 429 with MONTHLY_TRIAL_QUOTA_EXCEEDED and retryable: false. Contact your Nova account manager or nova@dweet.com to upgrade your plan. We share exact trial limits during onboarding.

Response headers

All /v1/* responses include:
HeaderDescription
X-RateLimit-BucketWhich bucket the request was classified into
X-RateLimit-LimitMax requests per second for this bucket
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp when the window resets
X-RateLimit-Degraded"true" when rate limiting is in degraded mode

Checking status

GET /v1/rate-limit-status returns all buckets at once without consuming tokens from other buckets. Only needs Authorization, not X-Tenant-Id.

Handling 429

When short-window rate-limited with RATE_LIMITED, the response includes a Retry-After header (seconds to wait).
If you use Idempotency-Key on criteria or library mutations, reuse the same key when retrying after 429 RATE_LIMITED. Rate limiting runs before the idempotency replay layer. Scoring submissions use built-in scoring idempotency instead, so retry the same scoring request directly.
For high-volume backfills, use POST /v1/jobs/{jobId}/scoring-batches with up to 25 applications per request.

Degraded mode

If Redis is temporarily unavailable, the system enters degraded mode: requests are allowed through (fail-open), X-RateLimit-Degraded: true is set, and header values are best-effort estimates. Normal limiting resumes automatically when Redis recovers.