Rate Limiting


To ensure responsible usage of the SheerID REST API, we have instituted various rate limiting policies for REST endpoints. Callers should familiarize themselves with these limits and implement applications with these policies in mind.


The applicable rate limit policies for a given endpoint are listed on that endpoint’s documentation page, which can be found in the REST Resources Documentation. All requests against a given endpoint count against the rate limit, including user errors as indicated by a 4XXresponse code.

Rate limits are enforced by counting the number of actions taken in a rolling window of time, such as the last 15 minutes. If the total number of actions in this window of time is higher than the allowable limit for that period, the request will be rejected with HTTP status code 429: Too Many Requests. Callers can wait for older actions to expire out of the rolling window before re-submitting the request, or wait until the end of the window for the count to completely reset.

Header Name Value
X-RateLimit-Account-Limit The total number of actions allowed by the policy
X-RateLimit-Account-Remaining The number of actions remaining
X-RateLimit-Account-Reset A UTC timestamp (millisecond resolution) that marks the end of the rolling window. If no more actions subject to this rate policy are taken, the remaining count will be equal to the limit at this time.


Some API users will have a legitimate need for higher rate limit thresholds. SheerID can raise these limits upon request.