Documentation

Rate Limits

How Milkey enforces monthly quotas and what your client should do when it hits a limit.

Milkey enforces plan-based monthly request limits for MCP usage, and it separately protects auth endpoints from bursts or abuse. Those are related, but they are not the same control.

Plan limits

  • Free: 200 requests / month
  • Pro: 1,000 requests / month
  • Pro+: 10,000 requests / month
  • Ultra: 30,000 requests / month
  • Business / Enterprise: Custom

For self-serve plans, Milkey reserves request quota during the request and releases it again when the request fails before completion. That keeps the monthly counter aligned more closely with successful usage.

429 behavior

When an account exceeds its monthly request quota, Milkey responds with 429 Too Many Requests and includes a plan-limit message that points the user toward the next upgrade path.

Example limit response
{  "error": {    "message": "Free plan request limit reached (200/month). Upgrade to Pro."  }}

Auth endpoint protection

Milkey also protects auth routes with a short-window rate limit so login and session endpoints cannot be hammered aggressively.

  • Auth protection currently enforces 120 requests per minute per client IP on the auth surface.
  • This is separate from monthly MCP plan consumption.

Client handling

  • Handle 429 as a quota problem first, not a malformed request problem.
  • Surface the error to the user clearly so they know whether to wait for reset or upgrade the plan.
  • If you run automation, add alerting around repeated 429s so workflows fail cleanly instead of thrashing.
Recommended operational response
Treat repeated 429s as a planning signal. Either reduce background usage, split traffic across the right accounts, or move the workload to a plan with the headroom it needs.

© 2026 Milkey MCP

SupportPrivacy