> ## Documentation Index
> Fetch the complete documentation index at: https://docs.deck.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Rate limits & concurrency

> How Deck rate limits API requests and manages session concurrency.

Deck enforces two types of limits: rate limits on API requests and concurrency limits on sessions running in agent sandboxes.

## Limits

The rate limit is 200 requests per 10 seconds per organization. Limits are applied across all API keys in your organization. If you have multiple services making requests with different keys, they share the same quota.

## Rate limited responses

When a request is rate limited, Deck returns:

```json theme={null}
{
  "errors": [
    {
      "type": "rate_limit",
      "code": "rate_limit_exceeded",
      "message": "Too many requests."
    }
  ],
  "request_id": "req_a1b2c3d4..."
}
```

## Handling rate limits

Implement retries with exponential backoff when you receive a `429` response.

```javascript theme={null}
async function requestWithBackoff(url, options, retries = 5) {
  for (let attempt = 0; attempt < retries; attempt++) {
    const res = await fetch(url, options)

    if (res.status !== 429) return res

    const delay = Math.min(1000 * Math.pow(2, attempt), 30000)
    await new Promise(r => setTimeout(r, delay))
  }

  throw new Error('Rate limit retries exhausted')
}
```

## Session concurrency

Each task that Deck runs executes in an agent sandbox tied to a session. The number of sessions your organization can run concurrently depends on your [plan](https://deck.co/pricing). This limit applies across all sessions in your organization regardless of connector or credential.

When you submit a task that would exceed your concurrency limit, Deck returns a `429` status code:

```json theme={null}
{
  "errors": [
    {
      "type": "rate_limit",
      "code": "session_limit_exceeded",
      "message": "Agent sandbox limit exceeded."
    }
  ],
  "request_id": "req_a1b2c3d4..."
}
```

Retry with backoff until a running session reaches a terminal state and a slot becomes available.

## Best practices

* Use events instead of polling. Register an [event destination](/events/events) and let Deck push status updates to you rather than polling `GET` endpoints in a loop.
* Paginate list requests. Use `limit` and `cursor` to fetch results in pages rather than requesting large datasets in a single call.
* Stagger task submissions. If you have many tasks to run, queue them and submit the next one after the previous completes. Use [events](/events/events) to know when a session finishes rather than polling.