Rate limits

Rate limits are based on the authenticated user's API key and are subject to change without notice. If you are consistently hitting the limit, contact your account manager to see what options are available for your usage.

DigiCert APIs enforce a rate limit of 1300 requests per hour. There is also a short-term rate limit of 100 requests per 10 seconds to protect against burst requests and to prevent abuse.

Both the per hour and short-term rate limits use a rolling time window. This means each time you send a request, the service checks how many requests have occurred in the preceding 10 seconds, and then the preceding hour. If the request exceeds either rate limit, API access is temporarily blocked and all requests return a 429 HTTP status code with this JSON response:

json
{
  "errors": [
    {
      "code": "request_limit_exceeded",
      "message": "Service unavailable, please limit request volume"
    }
  ]
}

Because rate limits use a rolling time window, there's no specific interval at which rate limits reset. So if you properly spread out your requests, waiting a few seconds or minutes will restore API access.