Skip to main content

Fair use policy

Our APIs are built to be robust and during normal usage you should not be concerned about encountering any rate limits.

However, we rely on underlying systems which in turn may enforce strict rate limits. This document is intended to give guidance about how to use our APIs to avoid encountering issues related to rate limits.

We use HTTP 429 error responses to communicate when rate limits have been reached. If you encounter this error code, you must back off before making the next request. We recommend you wait at least 10 seconds before trying again if you encounter a 429 error.

The recommended limits are listed per domain, i.e. all users belonging to your domain should not exceed the recommended request rate.

IAM API

Maximum recommended rate: 120 requests/minute per domain.

If the limit is too low for your use cases, we recommend you cache responses from our GET endpoints. The GET /token-permissions is also safe to cache, although that one should not be cached for longer than 5 minutes due to security considerations.

Reports API

Maximum recommended rate: 120 requests/minute per domain.

Due to the size of the reports, we expect each report to only be downloaded once and stored on client side for future use.

Service Policies API

Maximum recommended rate: 120 requests/minute per domain.

Note: For CMP specific endpoints there are rate limits that are enforced on the CMP level. In case these rate limits are reached, a 429 error response will be returned.

Subscriptions API

Metadata endpoints maximum recommended rate: 300 requests/minute per domain.

Localize endpoint maximum recommended rate: 20 requests/minute per domain.

Other endpoints maximum recommended rate: 120 requests/minute per domain.

Some GET endpoints support the query parameter extendWith. Using this query parameter will lead to requests being made directly to CMP which increases risk of hitting rate limits. Avoid extendWith query parameter if you don't need it.

Non-GET endpoints (excluding metadata) will always make requests directly to the CMP to propagate the change, e.g. when localizing or changing mode. Instead of bursting many requests in a short time, we recommend to perform requests sequentially to reduce the risk of reaching rate limits. In case these rate limits are reached, a 429 error response will be returned.

Inventory search API

Maximum recommended rate: 120 requests/minute per domain.

Notifications API

You should only have one active stream open towards the Notifications API at a time.