From 2dc866607878cc58cb0607e8dcd34c5831398481 Mon Sep 17 00:00:00 2001 From: Ben Godin Date: Mon, 23 Mar 2026 11:20:51 -0400 Subject: [PATCH 1/3] APIMGMT-1829: updated rate-limit docs to show client_id instead of access_token --- docs/api/v2024/rate-limit.md | 5 ++++- docs/api/v2025/rate-limit.md | 5 ++++- docs/api/v2026/rate-limit.md | 5 ++++- docs/api/v3/rate-limit.md | 5 ++++- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/api/v2024/rate-limit.md b/docs/api/v2024/rate-limit.md index 97111a299987a..651d40d02d2c3 100644 --- a/docs/api/v2024/rate-limit.md +++ b/docs/api/v2024/rate-limit.md @@ -13,7 +13,10 @@ tags: ['Rate Limit'] ## Rate Limits -There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 API calls through the API gateway. If you exceed the rate limit, expect the following response from the API: +There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2024 API calls through the API gateway. +Custom rate limits can be set per API in the [sp-gateway route spec](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/sp-gateway-routes.yaml), +or per tenant as a [dynamic rate limit](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/dynamic-rate-limits.yaml). +If you exceed the rate limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests diff --git a/docs/api/v2025/rate-limit.md b/docs/api/v2025/rate-limit.md index 29bcd049e48ce..3a65c58dac0b0 100644 --- a/docs/api/v2025/rate-limit.md +++ b/docs/api/v2025/rate-limit.md @@ -13,7 +13,10 @@ tags: ['Rate Limit'] ## Rate Limits -There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 API calls through the API gateway. If you exceed the rate limit, expect the following response from the API: +There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2025 API calls through the API gateway. +Custom rate limits can be set per API in the [sp-gateway route spec](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/sp-gateway-routes.yaml), +or per tenant as a [dynamic rate limit](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/dynamic-rate-limits.yaml). +If you exceed the rate limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests diff --git a/docs/api/v2026/rate-limit.md b/docs/api/v2026/rate-limit.md index db3b13bfc0136..9b6d9d4439f25 100644 --- a/docs/api/v2026/rate-limit.md +++ b/docs/api/v2026/rate-limit.md @@ -13,7 +13,10 @@ tags: ['Rate Limit'] ## Rate Limits -There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 API calls through the API gateway. If you exceed the rate limit, expect the following response from the API: +There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2026 API calls through the API gateway. +Custom rate limits can be set per API in the [sp-gateway route spec](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/sp-gateway-routes.yaml), +or per tenant as a [dynamic rate limit](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/dynamic-rate-limits.yaml). +If you exceed the rate limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests diff --git a/docs/api/v3/rate-limit.md b/docs/api/v3/rate-limit.md index f3457ea5637dc..3e8f15bd26429 100644 --- a/docs/api/v3/rate-limit.md +++ b/docs/api/v3/rate-limit.md @@ -13,7 +13,10 @@ tags: ['Rate Limit'] ## Rate Limits -There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 API calls through the API gateway. If you exceed the rate limit, expect the following response from the API: +There is a default rate limit of 100 requests per `client_id` per 10 seconds for v3 API calls through the API gateway. +Custom rate limits can be set per API in the [sp-gateway route spec](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/sp-gateway-routes.yaml), +or per tenant as a [dynamic rate limit](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/dynamic-rate-limits.yaml). +If you exceed the rate limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests From 5675e4830c0b2568f83afb292616bdac856518e0 Mon Sep 17 00:00:00 2001 From: Ben Godin Date: Wed, 25 Mar 2026 11:04:48 -0400 Subject: [PATCH 2/3] APIMGMT-1829: removed links to route spec --- docs/api/v2024/rate-limit.md | 2 -- docs/api/v2025/rate-limit.md | 2 -- docs/api/v2026/rate-limit.md | 2 -- docs/api/v3/rate-limit.md | 2 -- 4 files changed, 8 deletions(-) diff --git a/docs/api/v2024/rate-limit.md b/docs/api/v2024/rate-limit.md index 651d40d02d2c3..52a39705addd8 100644 --- a/docs/api/v2024/rate-limit.md +++ b/docs/api/v2024/rate-limit.md @@ -14,8 +14,6 @@ tags: ['Rate Limit'] ## Rate Limits There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2024 API calls through the API gateway. -Custom rate limits can be set per API in the [sp-gateway route spec](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/sp-gateway-routes.yaml), -or per tenant as a [dynamic rate limit](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/dynamic-rate-limits.yaml). If you exceed the rate limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests diff --git a/docs/api/v2025/rate-limit.md b/docs/api/v2025/rate-limit.md index 3a65c58dac0b0..8f7e9661c7cba 100644 --- a/docs/api/v2025/rate-limit.md +++ b/docs/api/v2025/rate-limit.md @@ -14,8 +14,6 @@ tags: ['Rate Limit'] ## Rate Limits There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2025 API calls through the API gateway. -Custom rate limits can be set per API in the [sp-gateway route spec](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/sp-gateway-routes.yaml), -or per tenant as a [dynamic rate limit](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/dynamic-rate-limits.yaml). If you exceed the rate limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests diff --git a/docs/api/v2026/rate-limit.md b/docs/api/v2026/rate-limit.md index 9b6d9d4439f25..ad2ba32f252c5 100644 --- a/docs/api/v2026/rate-limit.md +++ b/docs/api/v2026/rate-limit.md @@ -14,8 +14,6 @@ tags: ['Rate Limit'] ## Rate Limits There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2026 API calls through the API gateway. -Custom rate limits can be set per API in the [sp-gateway route spec](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/sp-gateway-routes.yaml), -or per tenant as a [dynamic rate limit](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/dynamic-rate-limits.yaml). If you exceed the rate limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests diff --git a/docs/api/v3/rate-limit.md b/docs/api/v3/rate-limit.md index 3e8f15bd26429..227b0146fcfd9 100644 --- a/docs/api/v3/rate-limit.md +++ b/docs/api/v3/rate-limit.md @@ -14,8 +14,6 @@ tags: ['Rate Limit'] ## Rate Limits There is a default rate limit of 100 requests per `client_id` per 10 seconds for v3 API calls through the API gateway. -Custom rate limits can be set per API in the [sp-gateway route spec](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/sp-gateway-routes.yaml), -or per tenant as a [dynamic rate limit](https://github.com/sailpoint/cloud-api-client-common/blob/master/api-route-specs/dynamic-rate-limits.yaml). If you exceed the rate limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests From ca04920cdfea36f09695f58c6e6f779ae2145c62 Mon Sep 17 00:00:00 2001 From: Ben Godin Date: Wed, 25 Mar 2026 16:26:13 -0400 Subject: [PATCH 3/3] APIMGMT-1829: added previous documentation section to rate limit pages --- docs/api/rate-limit.md | 20 +++++++++++++++++++- docs/api/v2024/rate-limit.md | 27 +++++++++++++++++++++++++-- docs/api/v2025/rate-limit.md | 27 +++++++++++++++++++++++++-- docs/api/v2026/rate-limit.md | 27 +++++++++++++++++++++++++-- docs/api/v3/rate-limit.md | 27 +++++++++++++++++++++++++-- 5 files changed, 119 insertions(+), 9 deletions(-) diff --git a/docs/api/rate-limit.md b/docs/api/rate-limit.md index 90420bced6998..24d036c679775 100644 --- a/docs/api/rate-limit.md +++ b/docs/api/rate-limit.md @@ -12,7 +12,11 @@ tags: ['Rate Limit'] ## Rate Limits -There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 API calls through the API gateway. If you exceed the rate limit, expect the following response from the API: +### Current default (API gateway) + +There is a default rate limit of 100 requests per `client_id` per 10 seconds for traffic through the API gateway. +Which API version you call does not change this default; the limit applies **gateway-wide**. If you exceed the rate +limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests @@ -25,3 +29,17 @@ There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 A Specific APIs may have different rate limiting. Refer to their specifications for this information. ::: + +:::tip What changed + +Gateway rate limiting now keys off **`client_id`** (still **100 requests per 10 seconds** by default). Earlier +documentation described the same ceiling per **`access_token`**. Plan retries and concurrency around **`client_id`** so +your behavior matches how the gateway enforces limits. + +::: + +### Previous documentation (per access token) + +For reference, the documentation used to describe this default as **100 requests** per **`access_token`** per **10 seconds** +through the API gateway. The **429 Too Many Requests** response and **Retry-After** header when you exceed a limit follow +the same pattern as above. diff --git a/docs/api/v2024/rate-limit.md b/docs/api/v2024/rate-limit.md index 52a39705addd8..db4642a6aa01a 100644 --- a/docs/api/v2024/rate-limit.md +++ b/docs/api/v2024/rate-limit.md @@ -13,11 +13,34 @@ tags: ['Rate Limit'] ## Rate Limits -There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2024 API calls through the API gateway. -If you exceed the rate limit, expect the following response from the API: +### Current default (API gateway) + +There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2024 traffic through the API gateway. +Which API version you call does not change this default; the limit applies **gateway-wide**. If you exceed the rate +limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests **Headers**: - **Retry-After**: [seconds to wait before rate limit resets] + +:::info + +Specific APIs may have different rate limiting. Refer to their specifications for this information. + +::: + +:::tip What changed + +Gateway rate limiting now keys off **`client_id`** (still **100 requests per 10 seconds** by default). Earlier +documentation described the same ceiling per **`access_token`**. Plan retries and concurrency around **`client_id`** so +your behavior matches how the gateway enforces limits. + +::: + +### Previous documentation (per access token) + +For reference, the documentation used to describe this default as **100 requests** per **`access_token`** per **10 seconds** +through the API gateway. The **429 Too Many Requests** response and **Retry-After** header when you exceed a limit follow +the same pattern as above. diff --git a/docs/api/v2025/rate-limit.md b/docs/api/v2025/rate-limit.md index 8f7e9661c7cba..c10a77e3688ab 100644 --- a/docs/api/v2025/rate-limit.md +++ b/docs/api/v2025/rate-limit.md @@ -13,11 +13,34 @@ tags: ['Rate Limit'] ## Rate Limits -There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2025 API calls through the API gateway. -If you exceed the rate limit, expect the following response from the API: +### Current default (API gateway) + +There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2025 traffic through the API gateway. +Which API version you call does not change this default; the limit applies **gateway-wide**. If you exceed the rate +limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests **Headers**: - **Retry-After**: [seconds to wait before rate limit resets] + +:::info + +Specific APIs may have different rate limiting. Refer to their specifications for this information. + +::: + +:::tip What changed + +Gateway rate limiting now keys off **`client_id`** (still **100 requests per 10 seconds** by default). Earlier +documentation described the same ceiling per **`access_token`**. Plan retries and concurrency around **`client_id`** so +your behavior matches how the gateway enforces limits. + +::: + +### Previous documentation (per access token) + +For reference, the documentation used to describe this default as **100 requests** per **`access_token`** per **10 seconds** +through the API gateway. The **429 Too Many Requests** response and **Retry-After** header when you exceed a limit follow +the same pattern as above. diff --git a/docs/api/v2026/rate-limit.md b/docs/api/v2026/rate-limit.md index ad2ba32f252c5..b1a09e0c4c6ae 100644 --- a/docs/api/v2026/rate-limit.md +++ b/docs/api/v2026/rate-limit.md @@ -13,11 +13,34 @@ tags: ['Rate Limit'] ## Rate Limits -There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2026 API calls through the API gateway. -If you exceed the rate limit, expect the following response from the API: +### Current default (API gateway) + +There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2026 traffic through the API gateway. +Which API version you call does not change this default; the limit applies **gateway-wide**. If you exceed the rate +limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests **Headers**: - **Retry-After**: [seconds to wait before rate limit resets] + +:::info + +Specific APIs may have different rate limiting. Refer to their specifications for this information. + +::: + +:::tip What changed + +Gateway rate limiting now keys off **`client_id`** (still **100 requests per 10 seconds** by default). Earlier +documentation described the same ceiling per **`access_token`**. Plan retries and concurrency around **`client_id`** so +your behavior matches how the gateway enforces limits. + +::: + +### Previous documentation (per access token) + +For reference, the documentation used to describe this default as **100 requests** per **`access_token`** per **10 seconds** +through the API gateway. The **429 Too Many Requests** response and **Retry-After** header when you exceed a limit follow +the same pattern as above. diff --git a/docs/api/v3/rate-limit.md b/docs/api/v3/rate-limit.md index 227b0146fcfd9..5e96d846a068d 100644 --- a/docs/api/v3/rate-limit.md +++ b/docs/api/v3/rate-limit.md @@ -13,11 +13,34 @@ tags: ['Rate Limit'] ## Rate Limits -There is a default rate limit of 100 requests per `client_id` per 10 seconds for v3 API calls through the API gateway. -If you exceed the rate limit, expect the following response from the API: +### Current default (API gateway) + +There is a default rate limit of 100 requests per `client_id` per 10 seconds for v3 traffic through the API gateway. +Which API version you call does not change this default; the limit applies **gateway-wide**. If you exceed the rate +limit, expect the following response from the API: **HTTP Status Code**: 429 Too Many Requests **Headers**: - **Retry-After**: [seconds to wait before rate limit resets] + +:::info + +Specific APIs may have different rate limiting. Refer to their specifications for this information. + +::: + +:::tip What changed + +Gateway rate limiting now keys off **`client_id`** (still **100 requests per 10 seconds** by default). Earlier +documentation described the same ceiling per **`access_token`**. Plan retries and concurrency around **`client_id`** so +your behavior matches how the gateway enforces limits. + +::: + +### Previous documentation (per access token) + +For reference, the documentation used to describe this default as **100 requests** per **`access_token`** per **10 seconds** +through the API gateway. The **429 Too Many Requests** response and **Retry-After** header when you exceed a limit follow +the same pattern as above.