Orgs with many API keys can cap individual keys (e.g. a "read-only scraper" key vs. a "human dashboard" key). When a cap is reached, requests using that key return HTTP 429 while other keys continue to work.
GET /api/v1/dashboard/keys/:keyId/quota
Authorization: Bearer <your JWT>
200 OK
{
"key_id": "key_123",
"daily_used": 142,
"daily_cap": 1000,
"daily_remaining": 858,
"daily_reset_at": "2026-04-12T00:00:00.000Z",
"total_lifetime": 9842
}PUT /api/v1/dashboard/keys/:keyId/quota
Authorization: Bearer <your JWT>
Content-Type: application/json
{ "dailyCap": 1000 } // set a cap
{ "dailyCap": null } // remove capSuccessful proxy calls return these headers so clients can display progress:
X-Key-Daily-UsedX-Key-Daily-Cap (if a cap is set)X-Key-Daily-Remaining (if a cap is set)