Skip to main content

Rate limits

DigiCert APIs enforce a rate limit of 1000 requests per 3 minutes, along with a short-term rate limit of 100 requests per 5 seconds to protect against burst requests and prevent abuse.

Items to note:

  • Rate limits are based on the authenticated user's API key and are subject to change without notice.

  • Rate limits use a rolling time window, which means there's no specific interval at which rate limits reset. If you spread your requests properly, waiting a few seconds or minutes will restore API access.

What happens if requests exceed rate limits?

The 3-minute and short-term 5-second rate limits use a rolling time window. When you send a request, the service checks how many requests have occurred in the preceding 5 seconds and then checks the preceding 3 minutes. If the number of requests exceeds either rate limit, API access is temporarily blocked, and all requests return a 429 HTTP status code with this JSON response:

{
  "errors": [
    {
      "code": "request_limit_exceeded",
      "message": "Service unavailable, please limit request volume"
    }
  ]
}