Basically you 300 API calls per minute per OAuth with a maximum of 10 OAuth client credential grants allowed. You can request through our Customer care site to set up a single OAuth Client with 3000 API calls per minute, but we never allow more than 3000 API calls per minute across all of your OAuth clients.
Our rate limits are meant to be hygienic and warn you that you are doing something wrong with the APIs. Many times developers inadvertently try to poll our APIs to retrieve data instead of using our notification service or AWS event bridge integration to receive an event stream of messages.
For further information on all of these topics, I suggest you take a look at the integration video I did last year that walks through all of this. Here is the video.
Because of that, I thought the limit was 90,000 requests per client (300 requests/token * 300 tokens/client). You might clarify it in the docs, as per this topic, it looks like I was not the only one with doubts about it.
Generally, when I talk to people about OAuth clients I keep it at a client credential level. It is really at a token level, but the reality is that you can have no more than 10 tokens with 300 requests per token. The reason I keep it at a credential level is that when I do get down to the token level, I have seen devs get clever and see if they can bypass our limits by getting more than 10 tokens (and they still run into problems.)
You can have a maximum of 100 client credential grants, but even then you can only have 300 request pers token so if you stick to 1 token=1 client and keep it simple you call to do no more then 3000 requests total.
Thanks,
John Carnell
Director, Developer Engagement
Oh, thank you John. One more question: Does this only apply to Client Credentials grant type? How does that 3000 requests limit affect the user-scoped grant types?
Let me get back to you on that. I think there is a limit on user-scoped grant types, but I want to make sure I have the number before I give it to you.
Thanks,
John Carnell
Director, Developer Engagement
Sorry, but I was asking if that 3,000 requests limit was across all OAuth Clients, or if it was only across the Client Credential ones.
Please, correct me if/where I'm wrong:
Number of requests / token : 300 per minute
Number of new tokens / OAuth Client : 300 per minute
Either:
Number of requests across all Client Credential OAuth Clients: 3,000 per minute
Number of requests across all User-Scoped OAuth Clients: ???
Or:
Number of requests across all OAuth Clients: 3,000 per minute
Also, I suppose that when you said that
you did it so 10 tokens * 300 requests per token = 3,000. But as long as the total number of 3,000 requests was not exceeded, it would be possible to have more than 10 tokens at the same time, right? For example, having 200 tokens making 15 requests each. Am I right?