For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
  • Getting Started
    • Introduction
    • How Verifa Works
    • Quickstart
    • Choosing an Integration Method
  • Use Cases
    • KYC Onboarding
    • Age Verification
    • AML Compliance
    • Fraud Prevention
    • Marketplace Trust & Safety
  • Core Concepts
    • Overview
    • Sessions
    • Verifications & Checks
    • Workflows
    • Identities
    • Cases
    • Screening & Reports
    • Lists
  • Integration Guides
    • Overview
    • JavaScript SDK
    • Web Capture Flow
    • API-Only Integration
    • Mobile SDK
    • Webhooks Guide
    • MCP Server
    • Migrating from Persona
  • API Details
    • Overview
    • Authentication
    • Pagination
    • Rate Limiting
    • Versioning
    • Errors
    • Webhooks
    • Idempotency
    • Key Inflection
    • Data Access
    • Data Retention
  • Tutorials
    • Creating Your First Verification Session
    • Creating a Workflow
    • Receiving Webhooks & Validating Signatures
    • Handling Webhook Events
    • Custom Document Types & AI Extraction
  • Best Practices
    • Testing
    • Preventing Duplicates
    • Fraud Signals
    • Changelog
  • API Reference
On this page
  • Rate limits by plan
  • Product quotas
  • Daily verification limits
  • Response headers
  • Handling 429 responses
  • Endpoint-specific limits
  • Related
API Details

Rate Limiting

Was this page helpful?
Previous

Versioning

Next
Built with

Verifa enforces two types of limits: rate limits (requests per minute) and product quotas (resource creation per minute).

Rate limits by plan

PlanRequests per minute
Free300
Starter600
Professional1,000
Enterprise1,000

Product quotas

Product quotas limit how quickly you can create specific resources:

ResourceFreeStarterProfessionalEnterprise
Session creation50/min100/min150/min300/min
API key creation10/min25/min50/minUnlimited

Daily verification limits

PlanVerifications per day
Free50
Starter1,000
Professional1,000
EnterpriseUnlimited

Response headers

Every API response includes rate limit headers:

HeaderDescription
X-RateLimit-LimitMaximum requests allowed in the current window
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp when the window resets

When a product quota applies, additional headers are included:

HeaderDescription
X-Quota-LimitMaximum quota in the current window
X-Quota-RemainingQuota remaining in the current window
X-Quota-ResetUnix timestamp when the quota resets

Handling 429 responses

When you exceed a rate limit or quota, the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait:

1HTTP/1.1 429 Too Many Requests
2Retry-After: 12
3X-RateLimit-Limit: 300
4X-RateLimit-Remaining: 0
5X-RateLimit-Reset: 1738368012
6
7{
8  "error": "rate_limited",
9  "detail": "Rate limit exceeded. Retry after 12 seconds.",
10  "status_code": 429
11}

Best practice: Implement exponential backoff with jitter. Respect the Retry-After header value as the minimum wait time before retrying.

Endpoint-specific limits

A few endpoints sit outside the per-plan request bucket and have dedicated limits:

EndpointLimit
/scim/v2/*Per-token bucket — SCIM provisioning calls share the standard per-API-key rate limit.
/sso/*Per-IP bucket — SAML/OIDC sign-in endpoints are throttled per source IP.
ComplyAdvantage inbound webhookDedicated token bucket: 300 capacity, refills at 5 requests per second.

These limits also return 429 Too Many Requests with a Retry-After header.

Related

  • Errors — Full error response reference including 429
  • Authentication — API key types and plan tiers
  • Idempotency — Safe retries with idempotency keys