Rate limits
The k-ID platform enforces two independent rate limits:
- API rate limits apply to direct calls to the k-ID API from your servers. When exceeded, requests fail with HTTP
429 Too Many Requests. - Age verification and parental consent flow rate limits apply to user-facing flows (age verification widgets and VPC challenges). When exceeded, the user sees an in-flow error asking them to wait and try again.
Both limits differ between live mode and test mode, and both are enforced per product.
API rate limits
Calls to the k-ID API are rate-limited per product. Requests that exceed the limit receive an HTTP 429 response with no response body.
| Mode | Default limit |
|---|---|
| Live mode | 500 RPS |
| Test mode | 10 RPS |
Handling 429 responses
When you receive a 429, your integration should:
- Stop sending new requests for a short cool-down period.
- Retry with exponential backoff plus jitter, rather than a tight retry loop.
- Cache responses where possible (for example, sessions and age gate requirements).
- Coalesce duplicate concurrent requests for the same resource.
See Error handling for the full list of HTTP status codes and error formats.
Age verification and parental consent flow rate limits
User-facing age verification and parental consent flows, including hosted widget URLs and challenge flows, are rate-limited separately from direct API calls. These limits are also enforced per product.
| Mode | Default limit |
|---|---|
| Live mode | 100 RPS |
| Test mode | 20 RPS |
When this limit is exceeded, the user is shown an in-flow error asking them to wait and try again. No 429 is surfaced to your server. This limit is independent of, and additive to, the API rate limit described in the previous section: a single user journey can consume capacity from both buckets.
Default limits and requesting an increase
The numbers on this page are the default rate limits assigned to every product. If your product needs higher capacity (for example, for a launch, a marketing campaign, or sustained higher traffic), contact your k-ID representative to request an increase.
Next steps
- Error handling: error response formats and status codes.
- Authentication: keep test and live API keys correctly scoped to their environments.