Rate limits

DigiCert APIs enforce a rate limit of 1000 requests per 5 minutes, along with a short-term rate limit of 100 requests per 5 seconds to protect against burst requests and prevent abuse.

Rate limits are based on the authenticated user's API key and are subject to change without notice. If you are consistently hitting the rate limit, contact your account manager to see what options are available for your usage.

What happens if requests exceed rate limits?

Both the per 5 minutes and short-term per 5 seconds rate limits use a rolling time window. When you send a request, the service checks how many requests have occurred in the preceding 5 seconds, and then the preceding 5 minutes. If the number of requests exceeds either rate limit, API access is temporarily blocked, and all requests return a 429 HTTP status code with this JSON response:

Rate limits use a rolling time window, which means there's no specific interval at which rate limits reset. So, if you properly spread out your requests, waiting a few seconds or minutes will restore API access.

json
{
  "errors": [
    {
      "code": "request_limit_exceeded",
      "message": "Service unavailable, please limit request volume"
    }
  ]
}