| Limit type | What it governs | Error on exceeding | Where to check |
|---|---|---|---|
| Credit limits | How much you can spend (account balance and per-key credit caps) | GET /api/v1/key → limit_remaining | |
| Rate limits | How many requests you can make (free-model request caps and DDoS protection) | X-RateLimit-* headers on the error response |
Checking Your Limits
To check the rate limit or credits left on an API key, make a GET request tohttps://openrouter.ai/api/v1/key.
If you submit a valid API key, you should get a response of the form:
TypeScript
Credit Limits
Credit limits govern how much you can spend. They come from two places:- Account balance — your available credits across the account. If your account has a negative credit balance, you may see errors, including for free models. Adding credits to put your balance above zero allows you to use those models again.
- Per-key credit limits — an optional spending cap configured on an individual API key. The
limit,limit_reset, andlimit_remainingfields in theGET /api/v1/keyresponse above describe this cap and how much of it remains.
Handling 402 errors
To resolve errors:- Add credits to bring your account balance above zero.
- Check per-key limits. If
limit_remainingon the key is exhausted, raise the key’s credit limit or wait for it to reset (seelimit_reset). - Monitor proactively. Call
GET /api/v1/keyas shown above to tracklimit_remainingand usage before requests start failing.
Rate Limits
Rate limits govern how many requests you can make. There are a few rate limits that apply to certain types of requests, regardless of account status:- Free usage limits: If you’re using a free model variant (with an ID ending in ), the following limits apply:
| Credits purchased (all time) | Requests per minute | Requests per day |
|---|---|---|
| Less than | ||
| At least |
- DDoS protection: Cloudflare’s DDoS protection will block requests that dramatically exceed reasonable usage.
Handling 429 errors
Requests rejected with fail with a standard error response:- OpenRouter — you hit one of the platform limits above (free-model requests per minute or per day, or DDoS protection).
- The upstream provider — the provider serving your request is rate limiting or at capacity. In this case
error.metadata.provider_codecarries the provider’s original error code when available, and fallback routing retries other providers for the same model automatically before the error reaches you. You can also specify fallback models to try a different model when all providers for the first are exhausted.
Successful inference responses do not include
X-RateLimit-* headers. When
OpenRouter itself returns a
error for a platform limit, the error response
carries X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset
headers describing the limit that was hit. When every attempted provider
returned a retry hint, the error response also carries a Retry-After
header. To monitor your remaining quota before hitting a limit, call
GET /api/v1/key as shown above.- Retry with exponential backoff. Rate limits are transient; wait and retry rather than immediately re-sending. Honor the
Retry-Afterheader when present. - On free variants, purchase at least credits to raise your daily limit, or switch to the paid variant of the model, which has no platform-level request cap.
- For provider-side limits, add fallback models or relax provider routing preferences so more providers are eligible to serve the request.
Mid-stream rate limits
If a rate limit is hit after streaming has started, the error arrives as an SSE event withfinish_reason: "error" instead of an HTTP , since the status was already sent: