Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What is JIRA API Rate Limit based on?

Daniel Christian
Daniel Christian June 16, 2023

I've been reading this documentation related to rate limit in JIRA API.

But one thing that i don't understand, is the limit shared based on domain or is it based on the domain+endpoint?

Say, my Application is trying to hit this endpoint 

https://<your-domain>.atlassian.net/rest/api/3/user/search

Does the limit shared between

  • <your-domain>,
  • <your-domain> and /user, or
  • <your-domain> and /user/search?

or maybe there's another thing that the limit is based on?

Thank you in advance.

Answer
Watch
Like Be the first to like this
2568 views

2 answers

1 accepted

2 votes
Answer accepted
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 16, 2023 edited

Hello @Daniel Christian 

"is the limit shared based on domain or is it based on the domain+endpoint" Neither.

The limits have nothing to do with the domain or endpoint. They are budgeted purely against the app or user account used to authenticate the request, as per the documentation:

Implementation

Depending on the type of authentication used, each API request is associated with one of these user-based budgets:

  • User: the request was made by an end user.
  • App: the request was made by the app without direct user interaction.
  • App + user: the request was made by the app in association with a user interaction. Each combination of app and user has its own cost budget.
  • Anonymous: the request was not associated with a user or app.
View More Comments
Daniel Christian
Daniel Christian June 18, 2023

Hello @David Bakkers, thanks for the answer. I get a better grasp on it now.

But there's something i want to ask, since i'm kinda new to this rate limit, i need your help to confirm if my understanding on this part is correct or not.

Say, we want to move the status of a Jira Ticket.

  • User: Rate limit is applied when user is changing the ticket status manually in JIRA board.
  • App: Rate limit is applied when an app is hitting this endpoint to change the ticket status automatically using an authorization
  • Anonymous: Rate limit is applied when an app/a user is hitting this endpoint to change the ticket status automatically without any authorization

Then, what's the example of App + User in this case?

Like
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 18, 2023 edited

1. User: Rate limit is applied when user is changing the ticket status manually in JIRA board.

You are describing a user doing something manually via the GUI, which doesn't count. That documentation uses the word 'user' in the context of 'a user's credentials', so if a user's credentials was used to change the ticket status via the REST API, that would count.

2 App: Rate limit is applied when an app is hitting this endpoint to change the ticket status automatically using an authorization.

Yes, that counts, but it's the amount of usage that counts. Remember, in this context 'app' means something like a Connect or Forge app that is using scopes, not user credentials. It doesn't mean 'a generic application outside of Jira that uses user credential'

3. Anonymous: Rate limit is applied when an app/a user is hitting this endpoint to change the ticket status automatically without any authorization.

Yes, that counts, but be careful to re-read the documentation about what exactly is meant by 'anonymously'. It doesn't mean 'without any form of authorization'

4. Then, what's the example of App + User in this case?

That is for apps such as those built with the Connect or Forge frameworks and use OAUth based credentials to either act on behalf of the user (user impersonation) or use a particular security level (scope). If you are not using OAuth and that sort of security model, it doesn't apply to you.

 

Now, the salient question for you. Is it really that important what happens 'behind the scenes' to measure your use of the REST API, when all you really need to do is watch for the 429 response codes as an indicator you're approaching the limit, back off your requests, add any delay to meet the Retry-After period for your subsequent requests, and if do you get a X-RateLimit-NearLimit response, you were given plenty of warning :)

You really have to be a very lazy developer trying to pass massive numbers of sequential requests via the REST API to hit those limits. Do your requests in batches, add some delay / jitter and you'll be fine.

Have fun.

Like
Daniel Christian
Daniel Christian June 18, 2023

Thanks a lot for your detailed answer, David.

As for the answer to your question. No, it's not really important for me to know what happens 'behind the scenes', although i just want to know so i could better understand the context.

And also thanks for the suggestion at the end to make my requests in batches, i'll keep that in mind.

Have a nice day. 

Like • David Bakkers likes this
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 23, 2023

As a side topic Daniel, if you want to see a perfect example of the REST API rate limits kicking in to stop a person doing something really stupid, read this thread.

Like
Reply
0 votes
Deepak Jain
Deepak Jain
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 16, 2023

Hi @Daniel Christian ,

Welcome to Atlassian Community !

Rate limiting is based on account basis. So you can choose an account where you want to limit rest api call. You can exempt any account from rate limit.

Jira provides two tabs, one is list of limited accounts and other one is Exceptions :

rete.PNG

Hope this helps !!

View More Comments
Deepak Jain
Deepak Jain
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 16, 2023

More about rate limiting -

When automated integrations or scripts send requests to Jira in huge bursts, it can affect Jira’s stability, leading to drops in performance or even downtime. With rate limiting, you can control how many external REST API requests automations and users can make and how often they can make them, making sure that your Jira instance remains stable.

Like
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 16, 2023 edited

Hello @Deepak Jain 

The OP is asking about the rate limiting for Jira CLOUD, not Jira DATA CENTER / SERVER. What you have described does not exist for the cloud platform.

Like • Ross E. Snyder likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Upcoming Jira Events