Rate limits & errors
The public API is unauthenticated and capped per IP. Honest clients get the headers they need to self-throttle.
Authentication
The public /api/v1/* endpoints require no API key, token, or sign-in.
Just send a JSON request. This is to keep integration friction zero for AI agents,
prototypes, and low-volume tools.
If you need higher volume, partner-tier access, or per-account analytics, email
support@allnutrition.info — we have a
token-authenticated endpoint at /api/ask/external for that purpose.
The limit
| Scope | Limit | Window |
|---|---|---|
Per IP, across all /api/v1/* endpoints |
10 requests | UTC calendar day (resets at 00:00 UTC) |
The limit is shared between /api/v1/ask and /api/v1/references/search.
/api/v1/health is not rate limited.
Headers on every response
Both successful and 429 responses include:
RateLimit-Limit: 10
RateLimit-Remaining: 7
RateLimit-Reset: 41218 # seconds until the window resets
X-RateLimit-Limit: 10
X-RateLimit-Remaining: 7
X-RateLimit-Reset: 1746489600 # absolute unix timestamp (UTC)
We send both the draft IETF
RateLimit-* headers (delta-seconds reset) and the legacy X-RateLimit-*
headers (absolute unix timestamp reset). Use whichever your client supports.
The 429 response
When you exceed the limit:
HTTP/1.1 429 Too Many Requests
Retry-After: 41218
RateLimit-Limit: 10
RateLimit-Remaining: 0
RateLimit-Reset: 41218
Content-Type: application/json
{
"detail": {
"error": "rate_limit_exceeded",
"message": "Public API limit of 10 requests per IP per day exceeded. Resets at 2026-05-09T00:00:00+00:00.",
"limit": 10,
"remaining": 0,
"reset_at": 1746489600
}
}Recommended client behaviour
- Read
RateLimit-Remainingon every successful response and stop sending when it hits zero. - On
429, honourRetry-After(delta seconds). Do not retry sooner. - For agentic loops, cache answers — most nutrition questions are repeated across users.
Other error codes
| Status | When you see it | Action |
|---|---|---|
400 |
Empty question / query, or fields exceeding limits (max 1000 chars). |
Fix the payload. Don't retry as-is. |
500 |
Unexpected server-side failure. | Retry with exponential backoff (e.g. 1s → 2s → 4s, max 3 attempts). |
503 |
Upstream LLM provider exhausted or unavailable. | Retry after 30–60 seconds. |
Going beyond the public limit
For production integrations with heavier usage, partner SLAs, or per-account analytics, request a higher-volume tier: support@allnutrition.info.