Didomi - Developers documentation
  • Introduction
  • SDKs
    • Introduction
    • Web SDK
      • Getting started
      • Tags and vendors management
        • Tags management
          • Events & Variables
            • Deprecated
            • Custom events
          • Tag managers
            • Adobe Launch/DTM
            • Eulerian
            • Google Tag Manager
              • Configure the Didomi / GTM integration
              • Didomi's GTM template
            • Tealium
            • Other tag managers
        • Custom Didomi <script> tags
        • Third-party integrations
          • Google Ad Manager / AdSense
            • GDPR via Non-Personalized Ads
              • Share consent and load/refresh ads
              • Share consent without loading or refreshing ads
            • US states laws
          • Google Consent Mode V2
          • Kameleoon
          • Piano Analytics (AT Internet)
          • Prebid
            • GDPR via IAB TCF
            • US states laws
          • Salesforce DMP (Krux)
        • IAB frameworks
        • Programmatic API
      • Configuration
        • Bots (SEO & Performance tools)
        • Configuration by URL
        • Cookies and storage
        • Custom domains for events
        • Notice
          • Behavior
          • Interactions
          • Look and feel
        • Preferences
        • Theme
      • AB tests
      • Custom domain
        • Domain delegation
        • Reverse proxy
      • Share consents between domains
      • Share consents across devices
      • Pass user choices in query string
      • Serve Didomi assets from your domain
      • Reference
        • API
          • Deprecated
        • Events
      • Performance
      • Versions
    • Mobile and TV SDKs
      • Android and Android TV
        • Setup
        • Logging
        • Reference
          • API
            • Deprecated
          • Events
        • Versions
      • iOS and tvOS
        • Setup
        • Logging
        • App Tracking Transparency (iOS 14.5+)
        • Reference
          • API
            • Deprecated
          • Events
        • Versions
      • Unity
        • Setup
        • Reference
        • Versions
        • Troubleshooting
      • React Native
        • Setup
        • Reference
          • Deprecated
        • Versions
      • Flutter
        • Setup
        • Reference
        • Versions
      • Consent notice
        • Getting started
        • Customize the notice
        • Customize the preferences popup
        • Customize the theme & UI
        • Load notice by ID
      • Third-party SDKs
      • Share consents across devices
      • Share consent with WebViews
      • Google Consent Mode v2
      • FAQ
    • AMP SDK
      • Blocking Behaviors
        • Load immediately on page load
        • Load only after consent (positive or negative)
        • Load only after positive consent
      • Consent status for vendors
    • Help & Support
  • API
    • Introduction
      • Authentication
      • Errors
      • Pagination
      • Filters
      • Caching
      • Rate limiting
      • Quotas
      • Translations
    • Data Manager
      • Regulations
      • Configuration Tree
      • Purposes
        • Purposes & Vendors Numerical IDs
      • Preferences Library
      • User Rights
    • Widgets
      • Consent notices
        • Notices
        • Configurations
        • Multi-Regulation Configurations
          • Migration of Existing Notices and API Updates
        • Deployments
        • Tutorials
          • Create and publish a consent notice
          • Create and publish a multi-regulation consent notice
      • Privacy widgets
        • Create a widget
        • Retrieve widgets
        • Edit a widget
          • Content & Design
            • Themes & Shapes
            • Components
              • auth
              • dsar_form
              • footer
              • header
              • preference
              • preference_value
              • save
              • section
              • sections
            • Options
          • Purposes & preferences
          • Settings
        • Deploy a Widget
          • Use your own subdomain
          • Use your own domain
          • Implement an embeddable widget on your website
        • Authentication
          • Manage authentication providers
          • Authenticate your end-user
        • Archive a widget
        • Headless widgets
          • Public Methods
          • Custom elements
          • Custom events
          • Event listeners
        • Tutorial
          • Launch a Preference Center from a mobile app
    • Compliance Reports
      • Properties
      • Reports
      • CSV format reference
      • Websites
    • Consents and Preferences
      • Events
        • Generate IAB TCF consent string
      • Links
      • Proofs
      • Tokens
      • Secrets
      • Users
      • Tutorial
        • Collect and operate data
    • Privacy Requests
      • Requests
      • Notes
      • Links
      • Emails
  • Integrations
    • Introduction
      • Quotas
    • Generic integrations
      • Batch export
        • Destinations
          • AWS S3 Bucket (owned by Didomi)
          • GCP Storage Bucket
        • Exported data
          • Notices consents
        • Logs
      • Webhooks
      • Batch import
      • Analytics export
        • Destinations
          • AWS S3 Bucket (owned by Didomi)
          • GCP Storage Bucket
    • Third-party apps
      • CMP integrations
        • Didomi-mParticle integration for your CMP
        • Deploy Didomi’s SDK for your Adobe Commerce website
      • Preference Management Platform integrations
        • Actito
        • Adobe Campaign Classic
        • Adobe Experience Cloud
        • Adobe Marketo Engage
        • Adobe Source Connector
        • Braze
        • Dotdigital
        • Hubspot
        • Mailchimp
        • Microsoft Dynamics 365
        • Salesforce Marketing Cloud
        • Salesforce Sales & Service Cloud
        • Selligent
        • Brevo (ex Sendinblue)
    • Tutorials
      • Configure a HTTP webhook
      • Configure a batch export
      • Configure an analytics export
    • Emailing
      • Configurations
        • Actito Email
        • Actito SMS
        • Adobe Campaign Classic
        • Adobe Campaign Standard
      • Emails
        • Templates
        • Manage your templates
Powered by GitBook
On this page
  • Limits
  • Consents API
  • All other API requests
  • HTTP responses
  • Throttled requests
  • All requests
  1. API
  2. Introduction

Rate limiting

PreviousCachingNextQuotas

Last updated 9 months ago

The Didomi platform limits the number of requests sent to the API () when authenticated via API keys.

Requests from Didomi SDKs are not subject to rate limiting and the limits documented in this section do not apply to the Didomi SDKs (CMP and PMP SDKs on all platforms -Web, Mobile, CTV, AMP-).

Rate limiting is used to protect the platform and to ensure the availability and performance of the Didomi API for all customers.

This page presents the current rate limits that are enforced by the Didomi API.

Those limits are subject to change at any time without prior communication to ensure the availability and performance of the Didomi API.

Rate limiting is not a commitment to honor any number of requests under any specific response time constraints and is not a service level agreement.

Limits

Rate limits are defined globally and cannot be adjusted for specific organizations.

The following limits are currently enforced:

Routes
Limit

/consents/*

No limit

All other routes

100 requests every 15 seconds per organization

Consents API

Didomi does not enforce any rate limit for routes under the path /consents/* and will not actively throttle API requests sent to those routes.

This is not a commitment to honor an unlimited number of requests or to enforce a specific response time. Please refer to our Service Level Agreement for more information if you need specific availability and response time commitments.

All other API requests

For all routes other than /consents/*, the following rate limit is enforced: 100 requests every 15 seconds per organization.

Rate limiting is applied at the organization level. If an organization uses multiple API keys to send HTTP requests to the Didomi API, all API keys are subject to the same shared rate limit.

Examples:

Scenario
Throttling

50 requests to GET /widgets/notices and 5 requests to GET /widgets/notices/configs in a 15-second period

No throttling

200 requests to GET /widgets/notices in a 15-second period

Throttling after the first 100 requests in the time window

100 requests to GET /widgets/notices and 200 requests to POST /widgets/notices in a 15-second period

Throttling after the first 100 requests in the time window

HTTP responses

The following elements are added to HTTP responses from the Didomi API to help you manage rate limiting.

Rate limit header fields convey hints from the server to the clients in order to help them avoid being throttled out.

Clients MUST NOT consider the units returned in headers as a service level agreement.

In case of resource saturation, the server MAY artificially lower the returned values or not serve the request regardless of the advertised quotas.

Throttled requests

Response code

When a request cannot be processed because an organization has exceeded its allocated limit, the HTTP response will be sent with the status code 429.

This is an indication that the organization requests are being throttled and should be retried at a later time.

Retry-After header

Example: Retry-After: 15 indicates that the organization is throttled for 15 seconds and no request to the same route will be accepted for the next 15 seconds.

All requests

The following headers are added to HTTP responses:

Header
Format and description
Example

RateLimit

Format: limit={limit}, remaining={remaining}, reset={reset} This header provides the following information: - limit: Maximum number of requests allowed for the route and the organization in the current time window. - remaining: Remaining number of requests in the current time window. - reset: Number of seconds until the remaining number of requests resets.

RateLimit: limit=100, remaining=60, reset=7 Indicates that the organization can send a total of 100 requests in the current time window, has 60 requests left in the current time window, and that the number of remaining requests will be set back to 100 in 7 seconds.

RateLimit-Policy

Format: {limit};w={window} This header provides the following information: - limit: Maximum number of requests allowed for the route and the organization in the current time window. - window: Time interval in seconds on which the limit is applied.

RateLimit-Policy: 100;w=15 Indicates that the organization can send a total of 100 requests in every window of 15 seconds.

When a response is sent with the status code 429, a header will be added to the HTTP response with the number of seconds that the organization should wait before sending more HTTP requests to the same route.

All routes that are subject to rate limiting will return headers respecting the , even when the request and organization are not being actively throttled.

https://api.didomi.io/
Retry-After
draft 7 of the IETF RateLimit header fields for HTTP specification