Rate Limits

Last modified on September 11, 2023

Current Rate Limits

StrongDM uses rate limits to mitigate traffic caused by misconfiguration or malicious actors. These limits are designed to be generous enough not to be an obstacle for normal use. Rate limits for the StrongDM service are:

  • Individual users (including API keys and admin tokens) can make up to 5,000 read requests and 500 write requests per minute.
  • The sum of all actions taken within an organization can be up to 150,000 read requests and 15,000 write requests per minute.

Measurement and Enforcement of Limits

Every API request, whether initiated directly with SDKs or through the use of StrongDM applications (such as the Admin UI), counts against the defined rate limits for any given user or organization. When a request comes in and the rate limit (for either the individual user or for the organization as a whole) has been hit, the request fails. The permitted amount of remaining available calls per minute dynamically refills.