- Credit limits — how much you can spend, based on your credit balance and any per-key credit limits. Exceeding these returns .
- Rate limits — how many requests you can make in a given window, such as free-model request caps and DDoS protection. Exceeding these returns
429 Too Many Requests.
Checking Your Limits
To check the rate limit or credits left on an API key, make a GET request tohttps://openrouter.ai/api/v1/key.
If you submit a valid API key, you should get a response of the form:
TypeScript
Credit Limits
Credit limits govern how much you can spend. They come from two places:- Account balance — your available credits across the account. If your account has a negative credit balance, you may see errors, including for free models. Adding credits to put your balance above zero allows you to use those models again.
- Per-key credit limits — an optional spending cap configured on an individual API key. The
limit,limit_reset, andlimit_remainingfields in theGET /api/v1/keyresponse above describe this cap and how much of it remains.
Handling 402 Payment Required
To resolve errors:
- Add credits to bring your account balance above zero.
- Check per-key limits. If
limit_remainingon the key is exhausted, raise the key’s credit limit or wait for it to reset (seelimit_reset). - Monitor proactively. Call
GET /api/v1/keyas shown above to tracklimit_remainingand usage before requests start failing.
Rate Limits
Rate limits govern how many requests you can make. There are a few rate limits that apply to certain types of requests, regardless of account status:- Free usage limits: If you’re using a free model variant (with an ID ending in ), you can make up to requests per minute. The following per-day limits apply:
- If you have purchased less than credits, you’re limited to model requests per day.
- If you purchase at least credits, your daily limit is increased to model requests per day.
- DDoS protection: Cloudflare’s DDoS protection will block requests that dramatically exceed reasonable usage.
Handling 429 Too Many Requests
Rate-limited requests fail with a standard error response:
429 can come from two places:
- OpenRouter — you hit one of the platform limits above (free-model requests per minute or per day, or DDoS protection).
- The upstream provider — the provider serving your request is rate limiting or at capacity. In this case
error.metadata.provider_codecarries the provider’s original error code when available, and fallback routing retries other providers for the same model automatically before the error reaches you. You can also specify fallback models to try a different model when all providers for the first are exhausted.
Successful inference responses do not include
X-RateLimit-* headers. When
OpenRouter itself returns a 429 for a platform limit, the error response
carries X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset
headers describing the limit that was hit. To monitor your remaining quota
before hitting a limit, call GET /api/v1/key as shown above.429 errors:
- Retry with exponential backoff. Rate limits are transient; wait and retry rather than immediately re-sending. When every attempted provider returned a retry hint, the response carries a
Retry-Afterheader — honor it when present. - On free variants, purchase at least credits to raise your daily limit, or switch to the paid variant of the model, which has no platform-level request cap.
- For provider-side limits, add fallback models or relax provider routing preferences so more providers are eligible to serve the request.
finish_reason: "error" instead of an HTTP 429, since the 200 status was already sent. See Handling Errors During Streaming.