Skip to main content
This page explains the restrictions, resource limits, and permissions for analytics queries.

Workspace Isolation

Every query is automatically scoped to your workspace. You can only access your own verification data - it’s impossible to view data from other workspaces.

Query Restrictions

Only SELECT Allowed

Only SELECT queries are permitted. All other SQL statement types return a query_not_supported error. Allowed query patterns:
  • SELECT statements
  • WITH (Common Table Expressions)
  • UNION
  • Subqueries
  • Joins
  • Aggregations
  • Window functions
Not allowed: INSERT, UPDATE, DELETE, DROP, ALTER, CREATE, TRUNCATE, GRANT, REVOKE

Table Access Control

Only explicitly allowed analytics tables are accessible. Any attempt to access tables not on the allow list (including system.* or information_schema.*) will return an invalid_table error.

Function Allow List

Only explicitly approved functions are allowed. Any function not on this list will be rejected with an invalid_function error.

Allowed Functions

count, sum, avg, min, max, any, groupArray, groupUniqArray, uniq, uniqExact, quantile, countIf
now, now64, today, toDate, toDateTime, toDateTime64, toStartOfDay, toStartOfWeek, toStartOfMonth, toStartOfYear, toStartOfHour, toStartOfMinute, date_trunc, formatDateTime, fromUnixTimestamp64Milli, toUnixTimestamp64Milli, toIntervalDay, toIntervalWeek, toIntervalMonth, toIntervalYear, toIntervalHour, toIntervalMinute, toIntervalSecond
lower, upper, substring, concat, length, trim, startsWith, endsWith
round, floor, ceil, abs
if, case, coalesce
toString, toInt32, toInt64, toFloat64
has, hasAny, hasAll, arrayJoin, arrayFilter, length
If you need a function that’s not listed, please contact us at support@unkey.dev and we’ll review it for inclusion.

Resource Limits

To ensure fair usage and prevent abuse, queries are subject to resource limits:

Execution Limits

ResourceLimitPurpose
Max execution time30 secondsPrevent long-running queries
Max execution time (per window)1800 seconds (30 min)Total execution time per hour
Max memory usage1 GBPrevent memory exhaustion
Max rows to read10 millionLimit data scanned
Max result rows10 millionLimit result set size

Query Quotas

QuotaLimitWindow
Queries per workspace1000Per hour
If you need higher limits for your use case, please contact us at support@unkey.dev.

Error Codes

When limits are exceeded, you’ll receive specific error codes:
Error CodeDescriptionSolution
query_execution_timeoutQuery took longer than 30 secondsAdd more filters, reduce time range, use aggregated tables
query_memory_limit_exceededQuery used more than 1GB memoryReduce result set size, add LIMIT clause, use aggregation
query_rows_limit_exceededQuery scanned more than 10M rowsAdd time filters, use aggregated tables (hour/day/month)
query_quota_exceededExceeded 1000 queries per hourWait for quota to reset, optimize query frequency

Authentication

Analytics queries require a root key with specific permissions:

Required Permissions

You need to grant analytics access for per API or for all APIs: Workspace-level access (all APIs): 
api.*.read_analytics
Per-API access (specific API): 
api.<api_id>.read_analytics
Choose workspace-level for broad access or per-API for fine-grained control.

Root Key Best Practices

  1. Use environment variables - Never hardcode root keys
  2. Rotate keys regularly - Create new keys and revoke old ones
  3. Limit permissions - Only grant read_analytics permission
  4. Use separate keys - Different keys for different services
  5. Monitor usage - Track which keys are making queries
See Getting Started for step-by-step instructions on creating an analytics root key.

Next Steps

Getting Started

Create a root key and run your first query

Query Examples

Explore common query patterns

Schema Reference

Browse available tables and columns

Error Codes

View all error codes and responses