Rate Limiting

Unless specified otherwise, all requests to the API are rate limited to prevent abuse, accidental or otherwise. It is not intended for this rate limit to interfere with any legitimate use of the API. The limits vary depending on the type of client that is accessing the API, according to the following rules (unless specified otherwise by the specific API endpoint):

Client Type

Description

Limit

Non-Authenticated/Anonymous User

Users that are not logged in, i.e. anonymous; requests are associated by IP address.

1800 requests per hour.
Equivalent to 0.5 requests per second.

Authenticated User w/ Non-Premium Plan

Users that are authenticated but do not belong to an org that has a premium (paid) subscription.

5400 requests per hour.
Equivalent to 1.5 requests per second.

Authenticated User w/ Premium Plan

Users that are authenticated and belong to an org that has a premium (paid) subscription.

10800 requests per hour.
Equivalent to 3.0 requests per second.

Additionally, the default download domain has a limit of 10,000 requests per 5 minutes (600 seconds). Custom domains can have higher limits.

📘

Need Higher Limits?

No problem! If you're on a non-premium plan then all you need to do is activate a premium plan. If you're already on a premium plan then we'll be happy to raise the limit for you, just send us a description of use case and the desired limit to us and we'll take care of it.

Every response from the API will include the following headers to provide information about the current rate limit status:

Header

Meaning

Example

X-RateLimit-Limit

The maximum number of requests that the client is permitted to send per hour.

600

X-RateLimit-Remaining

The number of requests that are remaining in the current rate limit window.

588

X-RateLimit-Reset

The UTC epoch timestamp at which the current rate limit window will reset.

1485706850

X-RateLimit-Interval

The time in seconds that client is suggested to wait until the next request in order to avoid consuming too much within the rate limit window.

0.98256663893

Retry-After

The time in seconds to wait before the next request will be allowed (only sent if the request has been throttled).

3384

Let's see it in action:

curl -i http://api.cloudsmith.io/user/self/

HTTP/1.0 200 OK
X-RateLimit-Interval: 60.0
X-RateLimit-Limit: 600
X-RateLimit-Remaining: 599
X-RateLimit-Reset: 1485712175
Date: Sun, 29 Jan 2017 16:49:34 GMT

If the client has exceeded the rate limit in a particular rate limit window a 429 Too Many Requests status code will be sent instead of acting upon the request. The body response will be JSON encoded and include a detail message. Let's see it in action:

curl -i http://api.cloudsmith.io/user/self/

HTTP/1.0 429 Too Many Requests
Allow: GET, OPTIONS
Content-Type: application/json
Retry-After: 3304
Vary: Cookie
x-content-type-options: nosniff
X-Frame-Options: SAMEORIGIN
X-RateLimit-Interval: 3303.55762601
X-RateLimit-Limit: 1
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1485712175
Date: Sun, 29 Jan 2017 16:54:30 GMT

{
  "detail": "Request was throttled. Expected available in 3304.0 seconds."
}

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution

With support for all major package formats, you can trust us to manage your software supply chain.


Start My Free Trial Now
Cookie Declaration (Manage Cookies)