Rate limits

Rate limits are based on the authenticated user's API key and are subject to change without notice. If you are consistently hitting the limit, contact your account manager to see what options are available for your usage.

DigiCert APIs enforce a rate limit of 1300 requests per hour. There is also a short-term rate limit of 100 requests per 10 seconds to protect against burst requests and to prevent abuse.

Both the per hour and short-term rate limits use a rolling time window. This means each time you send a request, the service checks how many requests have occurred in the preceding 10 seconds, and then the preceding hour. If the request exceeds either rate limit, API access is temporarily blocked and all requests return a 429 HTTP status code with this JSON response:

json 
{
  "errors": [
    {
      "code": "request_limit_exceeded",
      "message": "Service unavailable, please limit request volume"
    }
  ]
}

Because rate limits use a rolling time window, there's no specific interval at which rate limits reset. So if you properly spread out your requests, waiting a few seconds or minutes will restore API access.

About

DigiCert is the world’s premier provider of high—assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs. Now, we’ve added Symantec’s experience and talent to our legacy of innovation to find a better way to lead the industry forward, and build greater trust in identity and digital interactions.

©2019 DigiCert, Inc. All rights reserved. DigiCert and its logo are registered trademarks of DigiCert, Inc. Symantec and Norton and their logos are trademarks used under license from Symantec Corporation. Other names may be trademarks of their respective owners.