Skip to main content

Rate limits

DigiCert APIs enforce a rate limit of 1000 requests per 5 minutes, along with a short-term rate limit of 100 requests per 5 seconds to protect against burst requests and prevent abuse.

Notice

Rate limits are based on the authenticated user's API key and are subject to change without notice.

What happens if requests exceed rate limits?

Both the per 5 minutes and short-term per 5 seconds rate limits use a rolling time window. When you send a request, the service checks how many requests have occurred in the preceding 5 seconds, and then the preceding 5 minutes. If the number of requests exceeds either rate limit, API access is temporarily blocked, and all requests return a 429 HTTP status code with this JSON response:

{
  "errors": [
    {
      "code": "request_limit_exceeded",
      "message": "Service unavailable, please limit request volume"
    }
  ]
}

Important

Rate limits use a rolling time window, which means there's no specific interval at which rate limits reset. So, if you properly spread out your requests, waiting a few seconds or minutes will restore API access.