Algorithms
POST /v1/limit supports three single-shot algorithms, selected with the
algorithm field. Each takes a limit and a window_ms; how they use that
window is where they differ.
sliding_window— a precise rolling window. There’s no burst at the window boundary: the count that matters is always “in the lastwindow_ms,” not “since the clock last ticked over.” Use this when you need the tightest, most predictable limit.token_bucket— allows bursts up to a capacity, then refills at a steady rate. Good for traffic that’s naturally spiky but should average out over time, like a client that occasionally fires a batch of requests.fixed_window— the simplest and cheapest counter: it resets every fixed interval. It can admit a burst right at the reset boundary, but for many use cases that’s an acceptable trade for simplicity.
Plan availability
Section titled “Plan availability”Starter includes sliding_window and fixed_window. Pro and Scale add
concurrent_limit, which limits in-flight work rather than requests per
window — see Concurrency & leases.
Requesting an algorithm your plan doesn’t include returns 403 with code
algorithm_not_on_plan.
Example
Section titled “Example”curl -X POST https://api.detent.fr/v1/limit \ -H "Authorization: Bearer dt_live_…" \ -H "Content-Type: application/json" \ -d '{"namespace":"checkout","key":"user_42","algorithm":"sliding_window","limit":100,"window_ms":60000}'{ "allowed": true, "remaining": 87, "reset_ms": 41230, "limit": 100 }