Rate limits
Kvire applies per-IP rate limits to protect against abuse and to keep AI costs predictable. You shouldn't hit any of these in normal use — they're wide enough for active research sessions.
Limits by route family
| Family | Rate | What it covers |
|---|---|---|
| AI | 20 / hour | analyze, ask, lens, reading-list, author bios, compare |
| Search | 60 / minute | search, topic autocomplete |
| Read-only | 120 / minute | work metadata, library, reading lists, search history, share |
| Auth | 5 / 10 minutes | request a sign-in code, verify a code |
What happens when you hit one
The API returns HTTP 429 with a Retry-After header telling you how many seconds to wait. The UI shows a friendly “Too many attempts. Wait a few minutes.” message rather than failing silently.
Daily AI budget
Beyond per-user rate limits, Kvire enforces a global daily token budget against the Claude API. If we hit it for the day, the AI features return HTTP 503 with BUDGET_EXCEEDED and the UI shows a “Daily AI capacity reached. Try again tomorrow.” banner. Catalog browsing keeps working.
Code-level brute-force protection
Sign-in codes have an additional 5-attempt cap per code on top of the auth rate limit. Five wrong guesses invalidates the code and you have to request a new one.