Announcing New REST API Rate Limits

Posted by Yaroslav Borets in Product Updates

Sauce Labs is introducing a new rate limiting on our REST endpoints in order to ensure a great experience for all of our customers. In addition to the recent limits placed on the number of requests per second we will be implementing further restrictions with dedicated hourly request limits for each endpoint. The new restrictions will limit the access to all endpoints to 10 reqs/s or 3500 reqs/hour if the user is logged in and 2 reqs/minute if the user is logged out. The limits will be tracked on a per account basis for both logged in and logged out users.

The new limits will go in the effect on Tuesday, March 1st 2016. We strongly encourage customers who use the REST API to modify their code to be able to gracefully handle a new set of restrictions. Please refer to the code samples below on how to prepare for the new limits as well as the headers to use.

The addition of more restrictive rate limits will be handled in a multi-stage process as follows:

  1. Starting February 1st , customers can opt-in to the new rate limits in order to test how their code handles rate limiting. The opt-in capability will be provided via a new header.
  2. On March 1st, the new rate limits will be in place by default, but customers can opt out using a dedicated header.
  3. Finally, in the beginning of April the new rate limits will be in place, and customers will no longer be able to opt out.

Note: the samples below are calling on https://saucelabs.com/rest/v1/hello, a sample endpoint that can be used to test your code without the need to use endpoint limits.

Opting in into REST API rate-limiting

Customers interested in testing if their usage complies with the new REST API request need to add "X-RateLimit-Enable" to their header with value set to "true" for each request. As shown below, each response returns three headers:

- X-Ratelimit-Remaining - displays how many requests a given user can make before receiving a 429 response

- X-Ratelimit-Limit - shows the limit of requests for a given endpoint

- X-Ratelimit-Reset - how much time (in seconds) is left before the limit will get reset

Sample response for a logged out user:

> curl -X GET "https://saucelabs.com/rest/v1/hello" -H 'X-RateLimit-Enable: true' -i

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jan 2016 16:51:01 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Ratelimit-Remaining: 1
X-Ratelimit-Limit: 2
X-Ratelimit-Reset: 60
X-Backend: resto

{"Hello": "World"}

Sample response for a logged in user:

> curl -u username:access_key -X GET "https://saucelabs.com/rest/v1/hello" -H 'X-RateLimit-Enable: true' -i

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jan 2016 16:56:28 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Ratelimit-Remaining: 3499
X-Ratelimit-Limit: 3500
X-Ratelimit-Reset: 3600
X-Backend: resto

{"Hello": "World"}

Sample response for when the limit is reached:

> curl -X GET "https://saucelabs.com/rest/v1/hello" -H 'X-RateLimit-Enable: true' -i

HTTP/1.1 429 Unknown Status
Server: nginx
Date: Thu, 21 Jan 2016 16:55:29 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Ratelimit-Remaining: 0
Retry-After: 58
X-Ratelimit-Limit: 2
X-Ratelimit-Reset: 58

{"message": "API rate limit exceeded for 127.0.0.1. See rate-limiting section in our API documentation."}

2. Opting out from rate-limiting

Pass "false" value for the header to opt out.

> curl -X GET "https://saucelabs.com/rest/v1/hello" -H 'X-RateLimit-Enable: false' -i

Discuss: Announcing New REST API Rate Limits
0 Comments

Free Trial

Get access to a free 14-day trial version, or contact Sales for more information.