Rate limits & errors

Requests are rate limited per API key. Every response carries X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset (Unix epoch second); a 429 adds Retry-After.

Errors use a stable envelope:

{ "error": { "code": "validation_error", "message": "…", "details": {} } }

Common codes: validation_error (400), authentication_required (401), forbidden (403), resource_not_found (404), workspace_not_found (404), duplicate_resource (409), rate_limited (429), internal_error (500). Correlate support requests with the X-Request-Id response header.