Rate Limits
The CLOB server enforces a per-IP sliding window rate limit. By default, each client IP is allowed 500 requests within any 60-second window. Exceeding this budget returns 429 Too Many Requests with the body {"error": "rate limit exceeded"}.
All paths under https://api.openfish.fun draw from a single shared counter — there are no endpoint-specific quotas.
Defaults
Section titled “Defaults”| Setting | Value |
|---|---|
| Max requests | 500 |
| Window | 60 seconds |
| Scope | Per client IP (via x-forwarded-for, x-real-ip, or peer address) |
The health probe (/ok) and internal-only paths are excluded from counting.
Other servers
Section titled “Other servers”Gamma (3001), Data (3003), and Bridge (3004) do not apply their own application-level rate limits in the current release. Protect them with your own reverse proxy if you are exposing them publicly.
Adjusting the limit (operators only)
Section titled “Adjusting the limit (operators only)”The CLOB server offers a private management endpoint for inspecting and modifying the limit on the fly:
# readcurl http://localhost:3002/internal/rate-limit
# update (camelCase body!)curl -X POST http://localhost:3002/internal/rate-limit \ -H "Content-Type: application/json" \ -d '{"maxRequests": 5000, "windowSecs": 60}'This endpoint listens only on the internal network interface and cannot be reached from the public internet.
Recommendations for Clients
Section titled “Recommendations for Clients”- Keep your sustained request rate comfortably below the ceiling (roughly 8 req/sec as a steady state).
- On receiving a
429, implement exponential back-off before retrying. - For real-time data needs, prefer the WebSocket channels (
/ws/market,/ws/user) over repeated REST polling. - If your workload demands a higher allowance, coordinate with the operators ahead of time rather than hitting the limit unexpectedly.