Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ryzeapi.cloud/llms.txt

Use this file to discover all available pages before exploring further.

Rate limit

To keep the service stable, RyzeAPI applies a per-minute request limit. The limit is counted per token: everyone using the same token shares the same bucket.
Request typeDefault limit
Most endpoints100 requests per minute
Instance creation (POST /api/instance/new)20 requests per minute
If you need a higher limit for your account, contact support.

Rate limit headers

All responses (including successful ones) include three headers that let your client adapt:
HeaderMeaning
X-RateLimit-LimitMaximum limit in the current period (e.g., 100)
X-RateLimit-RemainingHow many requests are still available
X-RateLimit-ResetUnix timestamp (seconds) of when the counter resets
Use X-RateLimit-Remaining to implement exponential backoff before hitting the limit. For example: when it goes below 10, wait a bit before the next call.

What happens when you exceed it

The API responds with HTTP 429 Too Many Requests: 
{
  "success": false,
  "error": {
    "message": "Rate limit exceeded. Try again later."
  }
}
The X-RateLimit-* headers continue to be sent, use X-RateLimit-Reset to know when you can try again.

Handling example

async function callAPI(path, options = {}) {
  const res = await fetch(`https://ryzeapi.cloud${path}`, options);

  // If you exceeded the limit, wait until the reset
  if (res.status === 429) {
    const resetAt = parseInt(res.headers.get("X-RateLimit-Reset"), 10) * 1000;
    const waitMs = Math.max(1000, resetAt - Date.now());
    await new Promise(r => setTimeout(r, waitMs));
    return callAPI(path, options); // retry
  }

  // Preventive backoff: if close to the limit, slow down
  const remaining = parseInt(res.headers.get("X-RateLimit-Remaining"), 10);
  if (remaining < 10) {
    await new Promise(r => setTimeout(r, 500));
  }

  return res.json();
}

CORS

If you are calling the API from a browser (JavaScript running on a web page), you need to be mindful of CORS.

Allowed origins

RyzeAPI accepts requests only from the origins authorized for your account. Unauthorized origins receive the classic CORS error in the browser console: 
Access to fetch at 'https://ryzeapi.cloud/...' from origin 'https://mysite.com'
has been blocked by CORS policy.
If your frontend application needs to call RyzeAPI, ask support to add your origin (https://mysite.com) to your account’s allowlist.

Accepted methods and headers

The API responds to the preflight (OPTIONS) with the following headers: 
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization, token
Access-Control-Expose-Headers: Content-Length
You can send requests with any HTTP method used by the API and with the Content-Type, Authorization, or token headers.

No cookies

RyzeAPI does not use cookies for authentication, the token goes in the token header. Therefore, it is not necessary (and not supported) to send credentials: "include" in fetch requests.

WebSocket in browser

Since browser JavaScript does not allow customizing headers in new WebSocket(...), the only way to authenticate is via the query string: 
const ws = new WebSocket(
  `wss://ryzeapi.cloud/ws/$Instance_Name?token=${instanceToken}`
);
The WebSocket also follows your account’s origin allowlist.

Checklist

Implement backoff based on X-RateLimit-Remaining so you do not get blocked.
Handle HTTP 429 by retrying after X-RateLimit-Reset.
If you use the browser, ask support to add your origin to the allowlist.
For WebSocket in the browser, pass the token via ?token= in the URL.