Quotas

Reeflow APIs use quotas to limit the number of resources you can create per organization.

These limits protect service stability, ensure fair usage across all customers, and prevent accidental resource proliferation.

What are quotas?

Quotas are organization-level limits on the number of specific resources you can create through the API or the Console.

Each quota is applied independently—for example, having 20 API keys doesn’t affect your ability to create database connections.

The key characteristics of quotas are:

• Organization-scoped: Quotas apply to your entire organization, not individual users
• Resource-specific: Each resource type has its own quota limit
• Creation-only: Quotas only restrict creating new resources, not reading, updating, or deleting existing ones
• Real-time enforcement: Quota checks happen instantly when you attempt to create resources

Why quotas exist

Quotas serve multiple important purposes:

• Service Stability: Large numbers of resources can impact system performance. Quotas ensure that database queries, connection pools, and other system resources remain responsive for all customers.
• Cost Protection: Creating excessive resources could lead to unexpected usage charges. Quotas act as a safety net to prevent accidental runaway resource creation.
• Security: Quotas limit the potential damage from compromised API keys or runaway automation scripts, protecting both your account and the broader Reeflow platform.
• Fair Usage: By preventing any single organization from consuming excessive resources, quotas help ensure reliable service for all Reeflow customers.

How quotas work

Quota Enforcement

Quotas are enforced only when creating new resources via POST requests. When you attempt to create a resource that would exceed your quota limit, the API returns a 403 Forbidden error.

Example quota exceeded response:

{
  "statusCode": 403,
  "message": "Quota exceeded: maximum 20 api-keys allowed per organization (currently: 20)"
}

Quota Headers

All API responses from endpoints with quotas include three headers that show your current quota status:

X-Quota-Limit: 20
X-Quota-Used: 15
X-Quota-Remaining: 5

These headers appear on all HTTP methods (GET, POST, PATCH, DELETE), giving you visibility into your quota status even when just reading data.

Quota Information Endpoint

The /quotas endpoint provides complete quota information for all resource types in your organization:

GET /quotas HTTP/1.1
Host: api.reeflow.com
Authorization: Basic <credentials>

Response:

{
  "data": [
    {
      "api-keys": {
        "limit": 20,
        "used": 15,
        "remaining": 5
      },
      "connections": {
        "limit": 10,
        "used": 3,
        "remaining": 7
      },
      "teams": {
        "limit": 20,
        "used": 8,
        "remaining": 12
      }
    }
  ],
  "total": 1,
  "page": 1,
  "limit": 1,
  "pages": 1
}

Resource quotas

Different resource types have different quota limits based on their typical usage patterns and system impact:

Resource Type	Quota Purpose
API Keys	Limit authentication credentials for security
Database Connections	Prevent system overload from too many connections
Teams	Control organization structure complexity

Note

Quota limits are set conservatively to prevent abuse while allowing legitimate usage.

If you have a specific use case requiring higher limits, contact our support team to discuss your needs. While we can’t guarantee quota increases will be approved, we do our best to accommodate legitimate business requirements.

Best Practices

Monitor Your Usage

Check the quota headers in your API responses or call the /quotas endpoint regularly to track your resource usage and plan accordingly.

TypeScript

// Check quota status before creating resources
const quotaResponse = await fetch('https://api.reeflow.com/quotas', {
  headers: {
    Authorization: `Basic ${credentials}`,
  },
});

const quotaData = await quotaResponse.json();
const apiKeyQuota = quotaData.data[0]['api-keys'];

if (apiKeyQuota.remaining > 0) {
  // Safe to create a new API key
  await createApiKey(newKeyData);
} else {
  console.warn('API key quota exceeded');
}

Python

import requests
import base64

# Check quota status before creating resources
response = requests.get(
    'https://api.reeflow.com/quotas',
    headers={'Authorization': f'Basic {credentials}'}
)

quota_data = response.json()
api_key_quota = quota_data['data'][0]['api-keys']

if api_key_quota['remaining'] > 0:
    # Safe to create a new API key
    create_api_key(new_key_data)
else:
    print('API key quota exceeded')

Handle Quota Errors Gracefully

Always implement proper error handling for quota exceeded responses:

TypeScript

try {
  const response = await fetch('https://api.reeflow.com/api-keys', {
    method: 'POST',
    headers: {
      Authorization: `Basic ${credentials}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify(newApiKeyData),
  });

  if (response.status === 403) {
    const error = await response.json();
    if (error.message.includes('Quota exceeded')) {
      // Handle quota exceeded specifically
      console.error('Cannot create API key: quota limit reached');
      // Maybe prompt user to delete unused keys
      return;
    }
  }

  const apiKey = await response.json();
  console.log('API key created:', apiKey.id);
} catch (error) {
  console.error('Failed to create API key:', error);
}

Python

import requests

try:
    response = requests.post(
        'https://api.reeflow.com/api-keys',
        headers={
            'Authorization': f'Basic {credentials}',
            'Content-Type': 'application/json'
        },
        json=new_api_key_data
    )

    if response.status_code == 403:
        error = response.json()
        if 'Quota exceeded' in error['message']:
            # Handle quota exceeded specifically
            print('Cannot create API key: quota limit reached')
            # Maybe prompt user to delete unused keys
            return

    response.raise_for_status()
    api_key = response.json()
    print(f'API key created: {api_key["id"]}')

except requests.exceptions.RequestException as error:
    print(f'Failed to create API key: {error}')

Clean Up Unused Resources

Regularly review and delete resources you no longer need to stay within quota limits and maintain good organization hygiene.

Plan for Growth

If you’re approaching quota limits, plan your resource usage carefully. Consider whether you really need all existing resources or if some can be consolidated or removed.

Quota vs Rate Limits

Quotas are different from rate limits:

Aspect	Quotas	Rate Limits
What they limit	Total number of resources you can create	Number of requests per time period
Scope	Organization-wide resource counts	API request frequency
Reset behavior	Only decrease when you delete resources	Reset automatically after time window
HTTP status	403 Forbidden when exceeded	429 Too Many Requests when exceeded
Purpose	Prevent resource proliferation	Prevent API abuse and ensure fair access

Tip

Reeflow APIs currently use quotas for resource creation limits. Rate limits may be implemented in the future if needed to ensure service quality.