Burst API Rate Limits - one bad script can spoil it for everyone. And Atlassian profits!?

I 100% share your sentiment and am so glad I'm not the only one infuriated irritated by this. I got an email "Hey we're introducing API limits and hey you're bursting them occasionally, here we offer 0 info on which ones cause this, we won't even tell you if it's a problem due to your Jira Automations or a 3rd party app, but the go-live for the limits is a week from today. Cheers!"

???

Bring a limit, that's fine and fair, but then offer a solution to keep track FOR FREE, that should be an absolute given. For the Jira Automations and other features we get a usage tab as well since they introduced limits, why not for this? (I hope I'm not giving them the wrong ideas now)

All I will say is that even in the predatory and miserable days of the 00's minutes-based cell phone plan, my cellular provider gave me granular detail about my usage, down to the numbers called and who called me, and the fractional minutes consumed. 

Now App Vendors probably have known about these rate limits for a while now, and know how do deal with them

Not quite. Yes, app vendors are painfully aware of Atlassian's new rate-limiting model. But no, nobody knows how to work with it effectively. In fact, the burst-limiting scheme talked about in this article is just the tip of the iceberg.

One of the most active threads in the history of the Atlassian Developer Community is about this exact topic: https://community.developer.atlassian.com/t/2026-point-based-rate-limits/97828

Just like one bad automation script can consume everyone's API quota, one aggressive app user can consume everyone's app usage. And there's very little vendors can do to guard against it. 😮

So yes, you may want to complain to your CSM...and print some t-shirts. 😆

Here's a ChatGPT summary of the above thread for anyone who doesn't have the 60+ minutes necessary to read it themselves:

Atlassian announced a new point-based API rate limit for Jira Cloud and Confluence Cloud apps. Under this model, API calls consume points, and apps are placed into quota tiers. The key issue raised in the thread is that the limits are not simply “per customer site.” In Tier 1, all installations of an app share one global hourly pool, so activity from one tenant could affect every other tenant using that app. In Tier 2, the blast radius is smaller, but the risk does not disappear: the quota is effectively tied to a single customer organization, which means one user doing a migration, bulk update, large export, or other bursty workflow could consume the app’s budget and disrupt the app for everyone else in that same organization until capacity recovers. 

Vendors in the thread said this could be especially problematic for enterprise use cases such as planning events, bulk operations, synchronization jobs, migrations, and compliance-related workflows. They also asked Atlassian for more clarity on how points are calculated, how burst traffic is handled, how admins and vendors can monitor consumption, and how quickly apps can be moved to higher-capacity tiers. Atlassian responded that the change is intended to manage rising API usage, that most apps are not expected to be affected, that some apps have already been proactively moved to Tier 2, and that partners can request higher limits through the Partner Portal with a grace period during review. Atlassian also said the hourly quota is meant as an accounting boundary and that the design is being pressure-tested to avoid hour-long lockouts, but many partners continued to ask for more detail and stronger assurances about customer-facing impact.

Imagine being charged for a log file access to a software you purchased. That's where we're at folks. 

Our company tries to be modern and started to use AI agents working with jira issues. Perhaps we will need to forget about them since every agent consumes many REST API calls. I understand Atlassian needs money since there is no oil in Australia and prices go high, but come on guys rest api call is very cheap in terms of CPU, in fact just to render issue view Jira uses hundreds of them, so it is not the point at all, just business.

And now we know why Atlassian closed on prem Jira. For the simple reason they cannot charge for every API call.

Hi  @Darryl Lee - I am Swapnil, Senior Product Manager for Jira API Traffic Observability. Thank you for your valuable feedback regarding the Burst API Rate Limits. Aligned with the core ask in JRACLOUD-74098 (REST API usage report), we are building a native, self-serve API traffic observability experience. This will enable admins to monitor rate-limited requests over time, identify exactly which apps, integrations, or API tokens contribute to throttled traffic, and see the specific endpoints impacted. We expect these insights to help you streamline the API traffic and avoid/remediate any accidental bursts, while ensuring platform stability for all users. This initiative is well underway, and we will share updates here on the Community forum and through other channels as soon as the first version is ready for release.

@Swapnil Jalamkar Is the plan for the observability tool to be available to teams on Standard Jira/Confluence plans, or will we have to update to Teamwork collection + Guard Premium or some other rate increase? 

@Darryl Lee preach!

I also have not been a big fan of this change. Admins used to be able to protect integrations from throttling by setting up API tokens to a dedicated user (service) account. If one integration started behaving badly, only it would be throttled. Now with the shared approach, those protections are no longer available to teams looking to protect instance performance.

If you want any background finger snappers at TEAM to voice these concerns, let me know. 😉

I wasn't aware of the Guard premium requirement and am glad that @Swapnil Jalamkar is working on improving observability.