Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.qoder.com/llms.txt

Use this file to discover all available pages before exploring further.

The Qoder Cloud Agents API does not currently apply application-layer rate limiting. Request frequency is governed by global gateway protections.

Current state

LayerRate limitNotes
API application layerNoneDoes not actively return 429 Too Many Requests
Gateway layerYesGlobal protection against abnormal traffic
Although the API does not impose explicit rate limits, this does not mean clients can send unlimited requests. The gateway intercepts abusive traffic.

Gateway protections

The gateway provides:
  1. Burst suppression — sudden bursts may be temporarily blocked.
  2. Connection limits — per-client concurrent connections are capped.
  3. DDoS protection — automatic detection and mitigation of malicious traffic.
When gateway protection triggers, clients may see:
  • HTTP 429 or 503 responses
  • Connections reset without a response body
Even in the absence of explicit limits, clients should self-regulate.

Suggested baselines

OperationRecommended rate
Reads (GET)≤ 50 requests/sec
Writes (POST/PUT/DELETE)≤ 20 requests/sec
Bulk traversal (paginated reads)≥ 100 ms between requests

Exponential backoff

# Request with backoff retry
max_retries=3
retry_delay=1

for i in $(seq 1 $max_retries); do
  response=$(curl -s -w "\n%{http_code}" \
    https://openapi.qoder.sh/api/v1/cloud/agents \
    -H "Authorization: Bearer $QODER_PAT")

  http_code=$(echo "$response" | tail -1)

  # Success or client error (no retry)
  if [ "$http_code" -lt 500 ] && [ "$http_code" != "429" ]; then
    echo "$response" | sed '$d'
    break
  fi

  # Server error or rate limit; back off and retry
  echo "Request failed ($http_code), retrying in ${retry_delay}s... ($i/$max_retries)"
  sleep $retry_delay
  retry_delay=$((retry_delay * 2))
done

Planned rate limits

A formal rate-limiting mechanism is planned for a future release:
FeatureExpected behavior
Rate limit response headersX-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
Rate limit status code429 Too Many Requests
Rate limit granularityPer PAT, organization, and endpoint
Retry hintRetry-After response header

Expected response headers

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 950
X-RateLimit-Reset: 1717200000
Retry-After: 30
Implement handling for 429 and Retry-After now so clients work seamlessly when limits go live.

Bulk operations

For workloads that issue many API calls: 
# Fetch multiple Agents with throttling
agent_ids=("agent_001" "agent_002" "agent_003" "agent_004" "agent_005")

for id in "${agent_ids[@]}"; do
  curl -s "https://openapi.qoder.sh/api/v1/cloud/agents/$id" \
    -H "Authorization: Bearer $QODER_PAT"
  # Sleep 200ms between requests to avoid gateway protection
  sleep 0.2
done

Monitoring guidance

  • Track request latency. Increased latency may indicate the gateway throttle is approaching.
  • Watch 5xx error rates. A spike may indicate gateway protection has engaged.
  • Use a circuit breaker to pause traffic during sustained failures.