Rate Limiting

Learn how our rate limiting in SAP LeanIX APIs works.

Overview

Rate limiting is a measure to restrict the number of requests that a user or system can make to a network interface within a specific timeframe.

Rate limiting allows us to ensure that:

  • The system is protected from excessive traffic and certain types of attacks, such as DoS (Denial of Service).
  • The resources are available to all users, and the user experience remains consistent and predictable.
  • The traffic is fairly distributed among users, for example, each customer Workspace receives the same share of requests.
  • The risk of potential downtimes is reduced.

Consider our rate limits when implementing high-frequency API calls.

How Rate Limiting Works

If you reach a rate limit, you get the HTTP 429 Too Many Requests response status code.

The API response may contain a message showing the reason for reaching the rate limit. For example, if you reach a user-based rate limit, you get a response like the following: HTTP 429 Too Many Requests. USER_INTERVAL_REQUEST_LIMIT_EXCEEDED.

In the event of rate limiting or temporary unavailability, the API response may include a Retry-After header, indicating the recommended duration the client should wait before initiating a new request. If this header is not present, the client must determine an appropriate retry interval based on the specific rate limits established by the API.

Rate Limits for the Pathfinder API

The Pathfinder API is the core service that allows you to work with your Fact Sheets. The API powers data and capabilities behind the Fact Sheets functionality.

📘

Rate limits apply to both your interactions with Fact Sheets in the application UI and your backend API calls.

We set the following rate limits for the Pathfinder API:

  • User-based rate limit: 1800 requests per minute per user (including both human users and technical users).
  • Rate limit for internal requests: 1200 requests per minute per Workspace for requests from specific internal services listed below. These services automatically reschedule rate-limited requests for you. This applies to: