Skip to content

Latest commit

 

History

History
209 lines (108 loc) · 3.47 KB

rate-limiting-97be679.md

File metadata and controls

209 lines (108 loc) · 3.47 KB

Rate Limiting

Describes how all API requests to the SAP Service Manager service adhere to rate limiting rules.

Context

All APIs define their own custom rate limit rules for the number of requests per time window and per identified caller.

API callers are identified through the authenticated requests associated with the username on the authenticated platform or with the OAuth client ID.

When the rate limit is exceeded, the client receives the HTTP 429 Too Many Requests response status code.

Service Manager and Rate Limiting

With the SAP Service Manager APIs, the rate-limiting rules are applied on the following three levels:

  • Total number of requests for all SAP Service Manager APIs.

    You can call 10 000 Service Manager APIs per hour and 1000 per minute.

  • Total number of requests for a specific SAP Service Manager resource API group:

    API Endpoint

    Maximum Number of Calls

    /v1/service_bindings
    • Hour: 6000
    • Minute: 600

    /v1/service_offerings
    • Hour: 1000
    • Minute: 100

    /v1/service_plans
    • Hour: 1000
    • Minute: 100

  • Total number of requests per SAP Service Manager API resource group and method:

    API Method and Endpoint

    Maximum Number of Calls

    CREATE /v1/service_instances
    • Minute: 50

    UPDATE /v1/service_instances
    • Hour: 6000
    • Minute: 600

    DELETE /v1/service_instances
    • Hour: 6000
    • Minute: 600

Note:

Rate-limiting mechanism works concurrently on all three levels.

For example, if you try to perform more than 50 Create Service Instance API requests in a minute, you will reach the rate limit for that specific endpoint, but you can still perform up to 950 requests to other Service Manager APIs.

Response Example

If you called GET /v1/service_bindings 900 times in a minute, you will receive the following error:

HTTP/1.1 429 Too Many Requests
{
  "description": "The allowed request limit of 600 responses has been reached. Please try again later.Check the 'Retry-After' header value to see how long you need to wait."
}

The example shows that there is also the Retry-After header value at your disposal. It indicates how long you need to wait before you can try again.

Its value is in HTTP-date format:

Date:<day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT

Retry-After
Sun, 06 Nov 1994 08:49:37 GMT