Welcome to the new Box Support website. Check out all the details here on what’s changed.

Understand box api call rate limit

Answered
New post

Comments

6 comments

  • jcleblanc

    Hi  ,

     

    There will actually be four rate limits that you'll need to be aware of, as per the reference docs:

    • 16.67 API calls per second per user (updated from 10).
    • 4 uploads per second per user.
    • 6 searches per second per user, up to 60 searches per minute.
    • 12 searches per second per enterprise.

    The 16.67 API calls per second per user will be the limit, and be inclusive of the 4 uploads. So you can call 4 upload API calls/sec + 12 other API calls (total 16.67 API calls/sec). 

     

    The only oddity here is the 12 searches per second per enterprise. Each app will still have a 16.67 API call per second per user limit, but 12 is the total limit of searches per seconds amongst all apps within your enterprise / company.

     

    Thanks,

    Jon

    0
    Comment actions Permalink
  • guzi99

    Is the limit applied to all apps per user? In other words, does each app get this quota per user and users can run multiple apps at this speed of each in parallel?

    0
    Comment actions Permalink
  • walarsh

    Hello Jon,


    Does this rate limit apply to admin users when using the 'As-User' header?

    For instance, an admin user making calls as two different users. The rate limit will be 16.6 calls per second per each user?

    0
    Comment actions Permalink
  • Nayak

    Hi,

     

    Yes rate limit is applied even when admin users use the 'As-User' header but in this case the api's are counted against the user and not against the admin making the call

    0
    Comment actions Permalink
  • BradZinser

    Is the rate limit still applied if using the official SDK? 

    0
    Comment actions Permalink
  • dandennhardt

     

     

    Yes - the rate limits apply no matter what method or application is calling the API, including the official Box SDKs. Rate limits are in place to protect the health of the service and to minimize the risk of an overactive application causing issues - whether intentionally such as an attack or (much more frequently) unintentionally such as a bug in the code calling the API.

    0
    Comment actions Permalink

Please sign in to leave a comment.