Rate Limits
Per-tier monthly quotas, per-minute rate limits, response headers, and the 429 envelope.
Florida Business API enforces two limits on every /api/v1/* and /api/mcp request:
- Monthly credit bucket — one unified pool per customer that funds both REST and MCP. Every request (REST or MCP tool call) decrements the same balance by 1 credit.
- Per-minute rate limit (RPM) — a sliding-window burst limit, by plan.
Whichever you hit first returns 429 rate_limited with a Retry-After header. Both buckets are backed by Upstash Redis with a 1-second timeout that fails open (we'd rather under-bill than 5xx your job).
Florida Business API is an independent data platform and is not affiliated with Sunbiz.org, the Florida Department of State, or the Florida Division of Corporations.
Tiers
| Plan | Monthly Credits (REST + MCP, unified) | RPM (burst) | REST | MCP | CSV | Webhooks |
|---|---|---|---|---|---|---|
| Free Trial | 500 at signup, full access 7 days then capped at min(remaining, 100) | 30 | ✓ | — | — | — |
| Developer ($19/mo) | 10,000 | 60 | ✓ | ✓ | — | — |
| Pro ($49/mo) | 50,000 | 150 | ✓ | ✓ | ✓ | beta |
| Growth ($149/mo) | 250,000 | 300 | ✓ | ✓ | ✓ | ✓ |
| Lead Feed ($299/mo) | 750,000 | 600 | ✓ | ✓ | ✓ | ✓ |
| Enterprise (custom) | Custom | Custom | ✓ | ✓ | ✓ | ✓ |
| MCP Starter ($5/mo) | 1,000 (MCP only) | 30 | — | ✓ | — | — |
REQ-006 (2026-06-28): every paid plan from Developer up shares ONE monthly credit pool — one REST call or one MCP tool call both cost 1 credit. MCP Starter is the only tier where REST is gated off; REST requests on a Starter key return 403 rest_disabled (see Errors). The Free Trial gates MCP off (REST-only trial). Enterprise quota is contract-bound; internally it is modeled as a 2,000,000,000-row cap so the Postgres INT column does not overflow.
Overage billing (paid subscriptions)
As of 2026-06-28, paid subscription customers (Developer through Lead Feed) no longer hard-stop at quota. Once your monthly grant is exhausted, the API keeps serving 200 OK and accrues overage credits which are billed daily on your next invoice at:
- $5 per 1,000 credits ($0.005 per credit)
- Rounded up to the nearest $0.05
So a single request over quota costs $0.05; 100 requests over quota costs $0.50; 10,000 over costs $50.00. The line item appears as "API Overage" on your normal monthly invoice — no separate charge. See the Billing doc for worked examples.
Overage does not apply to:
- Free trial clients (those receive
402 Payment Requiredinstead — upgrade or buy a credit pack to continue) - Subscriptions in
past_duestatus (card needs to clear before we resume serving) - MCP Starter subscribers (top up with a credit pack when 1,000 MCP calls are used up)
Credit packs (one-time, any plan)
If you want a hard ceiling and no monthly commitment, buy a credit pack:
| Pack | Credits | Price | Per 1K credits |
|---|---|---|---|
| Starter | 1,000 | $5 | $5.00 |
| Investigator | 5,000 | $23 | $4.60 |
| Bulk | 25,000 | $99 | $3.96 |
| Power | 100,000 | $349 | $3.49 |
Pack credits expire 12 months after purchase. Within a billing cycle, monthly plan credits are consumed first — pack credits only burn once your monthly bucket is empty. Pack credits do not unlock plan-gated features (CSV exports, webhooks) and do not raise your per-minute rate limit; those follow the plan you are on. See the Billing doc for the purchase flow.
The Free tier is a 7-day trial: each new client is granted 500 credits at signup. For the first 7 days you have full access to whatever balance remains. On the first API call after day 7, your balance is automatically capped at min(remaining_balance, 100) — a one-shot adjustment recorded in the credit ledger as free_trial_expired_cap. After that, when the remaining credits run out the API returns 402 Payment Required with an upgrade hint pointing at /pricing. Upgrading to any paid tier removes the cap and swaps the gate to the recurring monthly grant.
Response Headers
Every /api/v1/* response (including 429) includes both the legacy de-facto headers and the IETF draft RateLimit structured field — pick whichever your HTTP client supports:
| Header | Meaning |
|---|---|
X-RateLimit-Limit | Your plan's RPM cap. |
X-RateLimit-Remaining | Requests remaining in the current 60-second window. |
X-RateLimit-Reset | Unix seconds at which the window resets. |
RateLimit | RFC 9651 structured field: "default";r=<remaining>;t=<seconds_until_reset>. |
Retry-After | Only on 429. Seconds until you may retry. |
Example success headers:
HTTP/1.1 200 OK
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 57
X-RateLimit-Reset: 1719367200
RateLimit: "default";r=57;t=42429 Envelope
HTTP/1.1 429 Too Many Requests
Content-Type: application/json
Retry-After: 17
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 17
RateLimit: "default";r=0;t=17{
"error": {
"code": "rate_limited",
"message": "Rate limit exceeded. Retry after 17 seconds.",
"request_id": "req_1234567890abcdef12345"
}
}Handling 429s
The simplest correct strategy: sleep Retry-After seconds, then retry once.
while :; do
RESP=$(curl -s -w "\n%{http_code}" \
-H "Authorization: Bearer fbapi_live_..." \
"https://api.floridabusinessapi.com/v1/entities/search?name=ACME")
CODE=$(printf '%s\n' "$RESP" | tail -n1)
BODY=$(printf '%s\n' "$RESP" | sed '$d')
[ "$CODE" = "200" ] && { echo "$BODY"; break; }
[ "$CODE" = "429" ] && { sleep "${Retry_After:-30}"; continue; }
echo "fatal: $CODE — $BODY" >&2; exit 1
doneFor long-running batch jobs, use exponential backoff capped at the X-RateLimit-Reset value — you will never wait longer than the window itself.
Monthly Quota vs. RPM
- Hitting RPM returns 429 and resets within ~60 seconds. Slow down and you can finish your job today.
- Hitting monthly quota also returns 429, but
Retry-Afterwill be the seconds until your next billing cycle. Upgrade or wait — there is no in-cycle escape hatch.
Check current consumption from the Account Usage endpoint.