# Prevu API rate limits

Prevu API clients should treat rate limits as part of the public contract.

## Limits

- Authenticated REST API: 120 requests per minute per personal access token.
- Environment lifecycle mutations such as create, pause, resume, destroy, and expose port: 30 requests per minute per token.
- Public discovery files such as `/llms.txt`, `/openapi.json`, and `/.well-known/*`: cacheable and intended for crawlers.

## Headers

When rate limiting is enforced, Prevu API responses may include:

- `RateLimit-Limit` — maximum requests in the active window.
- `RateLimit-Remaining` — remaining requests in the active window.
- `RateLimit-Reset` — seconds until the window resets.
- `Retry-After` — seconds to wait before retrying after a `429` response.

## Agent behavior

Agents should back off on `429`, honor `Retry-After`, and avoid polling environment status more than once every few seconds. Prefer the MCP `wait_environment_ready` tool or API refresh endpoints over tight client-side loops.