Performance
Latency targets, caching guidance, and rate-limit strategy.
Latency targets
| Endpoint | Target p50 | Target p95 |
|---|---|---|
POST /v1/score | 120 ms | 250 ms |
POST /v1/score/batch (100 items) | 450 ms | 900 ms |
GET /v1/operator/:id/profile | 80 ms | 160 ms |
GET /v1/organization/dashboard | 200 ms | 500 ms |
GET /v1/compliance/report | 800 ms | 2000 ms |
POST /v1/admin/key/rotate | 150 ms | 300 ms |
Targets are edge-to-edge. All auth flows carry an 80 ms floor (uniform across success and failure).
Caching guidance
- Operator profile: Cache client-side for 60 seconds maximum. It updates after every scored interaction.
- Organization dashboard: Cache 5 minutes. Cheap to refresh.
- Compliance report: Cache by
report_id. Reports are immutable once generated.
Rate-limit strategy
See rate limits. Key moves:
- Batch where you can.
- Stagger workers across minute boundaries so they do not collide.
- Honor
Retry-Afterexactly, not some shorter value.
Status page
Live at status.cohesionauth.com. Subscribe for incident emails.
Next step
- SLA for uptime targets.
- Incident response for what we do when latency slips.