Getting Started
Rate limits & quotas
Per-key and per-IP rate limits, plan tiers, and how throttling behaves.
Rate limits & quotas
Navvo enforces limits on two axes — per API key and per client IP — to keep the platform fast and fair. Limits are tracked in rolling minute and daily windows.
Default limits
| Limit | Default | Applies to |
|---|---|---|
| Per-key, per minute | 180 requests | Each API key (quotaPerMinute). |
| Per-key, per day | 2,500 requests | Each API key (quotaPerDay). |
| Per-IP, per minute | 90 requests | The originating IP address. |
| Per-IP, per day | 30,000 requests | The originating IP address. |
Per-key limits are configurable when the key is created (quotaPerMinute / quotaPerDay) and may be raised on higher plans. The per-IP limits are platform-wide guardrails that apply regardless of key.
Plans
Keys carry a plan tier that determines available quota:
| Plan | Intended for |
|---|---|
free | Prototyping and low-volume apps. |
startup | Production apps with moderate traffic. |
growth | High-volume production workloads. |
enterprise | Custom limits and dedicated support. |
Need higher throughput? Set
quotaPerMinute / quotaPerDay when creating the key (see Authentication), or contact Navvo to move to a growth/enterprise plan.When you exceed a limit
Requests over any limit are rejected with HTTP 403 and a descriptive message, for example:
{
"statusCode": 403,
"message": "API key quota exceeded for scope routing: 180/minute",
"error": "Forbidden"
}
Other throttle messages you may see: ... 2500/day, IP rate limit exceeded, and IP daily quota exceeded.
Best practices
Cache aggressively
Tiles, styles, and place details rarely change minute-to-minute. Respect
Cache-Control headers and cache responses where you can.Batch where possible
Use the matrix endpoint instead of N individual route calls, and request bounded map data with
bbox/tile-cover.Keep keys server-side
Proxy requests through your backend when you can, so one shared key isn't multiplied across many client IPs.
Back off on 403
On a rate-limit
403, pause and retry with exponential backoff rather than hammering the endpoint.Quotas are counted per request, across all scopes that key has used in the window. Reads and writes both count.