API Rate Limits
Scantrust rate limits
The Scantrust API has several levels of rate limiting implemented. A summary of these limits can be found below. Whenever an API client exceeds the limits, the request will be throttled and a fixed error response will be returned.
Throttle scopes and limits
| Scope | Limit | Description |
|---|---|---|
| anonymous | 200/minute | Anonymous requests (unauthenticated e.g. third party scans) |
| authenticated | 3000/minute | Authenticated requests associated to an API user (e.g. Product creation) |
| consumer | 2000/minute | Requests to the consumer API (using campaign key e.g. /api/v2/consumer/campaign/) |
| scm_update | 10/second | SCM Updates (takes precedence over 'authenticated' scope) |
| login actions | 10/minute | Requests to the reset password/account endpoints |
Throttled error response
429 - TOO MANY REQUESTS
Response when exceeding the above limits.
{
"detail": "Request was throttled. Expected available in x seconds.",
"code": "throttled"
}