.svg?alt=media&token=8a6d8610-e43e-468c-a63a-6c3a9314e6f5)
Rate limiting
The Didomi platform limits the number of requests sent to the API (https://api.didomi.io/) when authenticated via API keys.
Requests from Didomi SDKs are not subject to rate limiting and the limits documented in this section do not apply to the Didomi SDKs (CMP and PMP SDKs on all platforms -Web, Mobile, CTV, AMP-).
Rate limiting is used to protect the platform and to ensure the availability and performance of the Didomi API for all customers.
This page presents the current rate limits that are enforced by the Didomi API.
Those limits are subject to change at any time without prior communication to ensure the availability and performance of the Didomi API.
Rate limiting is not a commitment to honor any number of requests under any specific response time constraints and is not a service level agreement.
Limits
Rate limits are defined globally and cannot be adjusted for specific organizations.
The following limits are currently enforced:
| Routes | Limit |
|---|---|
| No limit |
All other routes | 100 requests every 15 seconds per organization |
Consents API
Didomi does not enforce any rate limit for routes under the path /consents/* and will not actively throttle API requests sent to those routes.
This is not a commitment to honor an unlimited number of requests or to enforce a specific response time. Please refer to our Service Level Agreement for more information if you need specific availability and response time commitments.
All other API requests
For all routes other than /consents/*, the following rate limit is enforced: 100 requests every 15 seconds per organization.
Rate limiting is applied at the organization level. If an organization uses multiple API keys to send HTTP requests to the Didomi API, all API keys are subject to the same shared rate limit.
Examples:
| Scenario | Throttling |
|---|---|
50 requests to | No throttling |
200 requests to | Throttling after the first 100 requests in the time window |
100 requests to | Throttling after the first 100 requests in the time window |
HTTP responses
The following elements are added to HTTP responses from the Didomi API to help you manage rate limiting.
Rate limit header fields convey hints from the server to the clients in order to help them avoid being throttled out.
Clients MUST NOT consider the units returned in headers as a service level agreement.
In case of resource saturation, the server MAY artificially lower the returned values or not serve the request regardless of the advertised quotas.
Throttled requests
Response code
When a request cannot be processed because an organization has exceeded its allocated limit, the HTTP response will be sent with the status code 429.
This is an indication that the organization requests are being throttled and should be retried at a later time.
Retry-After header
When a response is sent with the status code 429, a Retry-After header will be added to the HTTP response with the number of seconds that the organization should wait before sending more HTTP requests to the same route.
Example: Retry-After: 15 indicates that the organization is throttled for 15 seconds and no request to the same route will be accepted for the next 15 seconds.
All requests
All routes that are subject to rate limiting will return headers respecting the draft 7 of the IETF RateLimit header fields for HTTP specification, even when the request and organization are not being actively throttled.
The following headers are added to HTTP responses:
| Header | Format and description | Example |
|---|---|---|
| Format: |
|
| Format: |
|
Last updated