sailpoint-oss · ben-godin-sp · Mar 23, 2026 · Mar 25, 2026 · Mar 25, 2026
diff --git a/docs/api/rate-limit.md b/docs/api/rate-limit.md
@@ -12,7 +12,11 @@ tags: ['Rate Limit']
 
 ## Rate Limits
 
-There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 API calls through the API gateway. If you exceed the rate limit, expect the following response from the API:
+### Current default (API gateway)
+
+There is a default rate limit of 100 requests per `client_id` per 10 seconds for traffic through the API gateway.
+Which API version you call does not change this default; the limit applies **gateway-wide**. If you exceed the rate
+limit, expect the following response from the API:
 
 **HTTP Status Code**: 429 Too Many Requests
 
@@ -25,3 +29,17 @@ There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 A
 Specific APIs may have different rate limiting. Refer to their specifications for this information.
 
 :::
+
+:::tip What changed
+
+Gateway rate limiting now keys off **`client_id`** (still **100 requests per 10 seconds** by default). Earlier
+documentation described the same ceiling per **`access_token`**. Plan retries and concurrency around **`client_id`** so
+your behavior matches how the gateway enforces limits.
+
+:::
+
+### Previous documentation (per access token)
+
+For reference, the documentation used to describe this default as **100 requests** per **`access_token`** per **10 seconds**
+through the API gateway. The **429 Too Many Requests** response and **Retry-After** header when you exceed a limit follow
+the same pattern as above.
diff --git a/docs/api/v2024/rate-limit.md b/docs/api/v2024/rate-limit.md
@@ -13,10 +13,34 @@ tags: ['Rate Limit']
 
 ## Rate Limits
 
-There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 API calls through the API gateway. If you exceed the rate limit, expect the following response from the API:
+### Current default (API gateway)
+
+There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2024 traffic through the API gateway.
+Which API version you call does not change this default; the limit applies **gateway-wide**. If you exceed the rate
+limit, expect the following response from the API:
 
 **HTTP Status Code**: 429 Too Many Requests
 
 **Headers**:
 
 - **Retry-After**: [seconds to wait before rate limit resets]
+
+:::info
+
+Specific APIs may have different rate limiting. Refer to their specifications for this information.
+
+:::
+
+:::tip What changed
+
+Gateway rate limiting now keys off **`client_id`** (still **100 requests per 10 seconds** by default). Earlier
+documentation described the same ceiling per **`access_token`**. Plan retries and concurrency around **`client_id`** so
+your behavior matches how the gateway enforces limits.
+
+:::
+
+### Previous documentation (per access token)
+
+For reference, the documentation used to describe this default as **100 requests** per **`access_token`** per **10 seconds**
+through the API gateway. The **429 Too Many Requests** response and **Retry-After** header when you exceed a limit follow
+the same pattern as above.
diff --git a/docs/api/v2025/rate-limit.md b/docs/api/v2025/rate-limit.md
@@ -13,10 +13,34 @@ tags: ['Rate Limit']
 
 ## Rate Limits
 
-There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 API calls through the API gateway. If you exceed the rate limit, expect the following response from the API:
+### Current default (API gateway)
+
+There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2025 traffic through the API gateway.
+Which API version you call does not change this default; the limit applies **gateway-wide**. If you exceed the rate
+limit, expect the following response from the API:
 
 **HTTP Status Code**: 429 Too Many Requests
 
 **Headers**:
 
 - **Retry-After**: [seconds to wait before rate limit resets]
+
+:::info
+
+Specific APIs may have different rate limiting. Refer to their specifications for this information.
+
+:::
+
+:::tip What changed
+
+Gateway rate limiting now keys off **`client_id`** (still **100 requests per 10 seconds** by default). Earlier
+documentation described the same ceiling per **`access_token`**. Plan retries and concurrency around **`client_id`** so
+your behavior matches how the gateway enforces limits.
+
+:::
+
+### Previous documentation (per access token)
+
+For reference, the documentation used to describe this default as **100 requests** per **`access_token`** per **10 seconds**
+through the API gateway. The **429 Too Many Requests** response and **Retry-After** header when you exceed a limit follow
+the same pattern as above.
diff --git a/docs/api/v2026/rate-limit.md b/docs/api/v2026/rate-limit.md
@@ -13,10 +13,34 @@ tags: ['Rate Limit']
 
 ## Rate Limits
 
-There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 API calls through the API gateway. If you exceed the rate limit, expect the following response from the API:
+### Current default (API gateway)
+
+There is a default rate limit of 100 requests per `client_id` per 10 seconds for v2026 traffic through the API gateway.
+Which API version you call does not change this default; the limit applies **gateway-wide**. If you exceed the rate
+limit, expect the following response from the API:
 
 **HTTP Status Code**: 429 Too Many Requests
 
 **Headers**:
 
 - **Retry-After**: [seconds to wait before rate limit resets]
+
+:::info
+
+Specific APIs may have different rate limiting. Refer to their specifications for this information.
+
+:::
+
+:::tip What changed
+
+Gateway rate limiting now keys off **`client_id`** (still **100 requests per 10 seconds** by default). Earlier
+documentation described the same ceiling per **`access_token`**. Plan retries and concurrency around **`client_id`** so
+your behavior matches how the gateway enforces limits.
+
+:::
+
+### Previous documentation (per access token)
+
+For reference, the documentation used to describe this default as **100 requests** per **`access_token`** per **10 seconds**
+through the API gateway. The **429 Too Many Requests** response and **Retry-After** header when you exceed a limit follow
+the same pattern as above.
diff --git a/docs/api/v3/rate-limit.md b/docs/api/v3/rate-limit.md
@@ -13,10 +13,34 @@ tags: ['Rate Limit']
 
 ## Rate Limits
 
-There is a rate limit of 100 requests per `access_token` per 10 seconds for V3 API calls through the API gateway. If you exceed the rate limit, expect the following response from the API:
+### Current default (API gateway)
+
+There is a default rate limit of 100 requests per `client_id` per 10 seconds for v3 traffic through the API gateway.
+Which API version you call does not change this default; the limit applies **gateway-wide**. If you exceed the rate
+limit, expect the following response from the API:
 
 **HTTP Status Code**: 429 Too Many Requests
 
 **Headers**:
 
 - **Retry-After**: [seconds to wait before rate limit resets]
+
+:::info
+
+Specific APIs may have different rate limiting. Refer to their specifications for this information.
+
+:::
+
+:::tip What changed
+
+Gateway rate limiting now keys off **`client_id`** (still **100 requests per 10 seconds** by default). Earlier
+documentation described the same ceiling per **`access_token`**. Plan retries and concurrency around **`client_id`** so
+your behavior matches how the gateway enforces limits.
+
+:::
+
+### Previous documentation (per access token)
+
+For reference, the documentation used to describe this default as **100 requests** per **`access_token`** per **10 seconds**
+through the API gateway. The **429 Too Many Requests** response and **Retry-After** header when you exceed a limit follow
+the same pattern as above.