Back to Resources


Posted February 4, 2016

Announcing New REST API Rate Limits


Sauce Labs is introducing a new rate limiting on our REST endpoints in order to ensure a great experience for all of our customers. In addition to the recent limits placed on the number of requests per second we will be implementing further restrictions with dedicated hourly request limits for each endpoint. The new restrictions will limit the access to all endpoints to 10 reqs/s or 3500 reqs/hour if the user is logged in and 2 reqs/minute if the user is logged out. The limits will be tracked on a per account basis for both logged in and logged out users.

The new limits will go in the effect on Tuesday, March 1st 2016. We strongly encourage customers who use the REST API to modify their code to be able to gracefully handle a new set of restrictions. Please refer to the code samples below on how to prepare for the new limits as well as the headers to use.

The addition of more restrictive rate limits will be handled in a multi-stage process as follows:

  1. Starting February 1st , customers can opt-in to the new rate limits in order to test how their code handles rate limiting. The opt-in capability will be provided via a new header.

  2. On March 1st, the new rate limits will be in place by default, but customers can opt out using a dedicated header.

  3. Finally, in the beginning of April the new rate limits will be in place, and customers will no longer be able to opt out.

Note: the samples below are calling on, a sample endpoint that can be used to test your code without the need to use endpoint limits.

Opting in into REST API rate-limiting

Customers interested in testing if their usage complies with the new REST API request need to add "X-RateLimit-Enable" to their header with value set to "true" for each request. As shown below, each response returns three headers:

- X-Ratelimit-Remaining - displays how many requests a given user can make before receiving a 429 response

- X-Ratelimit-Limit - shows the limit of requests for a given endpoint

- X-Ratelimit-Reset - how much time (in seconds) is left before the limit will get reset

Sample response for a logged out user:

> curl -X GET "" -H 'X-RateLimit-Enable: true' -i

HTTP/1.1200OK Server:nginx Date:Thu,21Jan201616:51:01GMT Content-Type:application/json;charset=utf-8 Transfer-Encoding:chunkedConnection:keep-alive X-Ratelimit-Remaining:1 X-Ratelimit-Limit:2 X-Ratelimit-Reset:60 X-Backend:resto

{"Hello": "World"}

Sample response for a logged in user:

> curl -u username:access_key -X GET "" -H 'X-RateLimit-Enable: true' -i

HTTP/1.1200OK Server:nginxDate:Thu,21Jan201616:56:28GMT Content-Type:application/json;charset=utf-8 Transfer-Encoding:chunked Connection:keep-alive X-Ratelimit-Remaining:3499 X-Ratelimit-Limit:3500 X-Ratelimit-Reset:3600 X-Backend:resto

{"Hello": "World"}

Sample response for when the limit is reached:

> curl -X GET "" -H 'X-RateLimit-Enable: true' -i

HTTP/1.1429UnknownStatus Server:nginx Date:Thu,21Jan201616:55:29GMT Content-Type:application/jsonTransfer-Encoding:chunked Connection:keep-alive X-Ratelimit-Remaining:0Retry-After:58 X-Ratelimit-Limit:2 X-Ratelimit-Reset:58

{"message": "API rate limit exceeded for See rate-limiting section in our API documentation."}

2. Opting out from rate-limiting

Pass "false" value for the header to opt out.

> curl -X GET "" -H 'X-RateLimit-Enable: false' -i

Feb 4, 2016
Share this post
Copy Share Link
© 2023 Sauce Labs Inc., all rights reserved. SAUCE and SAUCE LABS are registered trademarks owned by Sauce Labs Inc. in the United States, EU, and may be registered in other jurisdictions.