Rate Limit Information Returned by the Cloud Controller API

Page last updated:

The Cloud Controller API includes rate limit information in the HTTP header. Each header includes the following:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 56
X-RateLimit-Reset: 1372700873

Use this table to understand the rate limit header.

Field Value Description
X-RateLimit-Limit The maximum number of attempts per User Account and Authentication (UAA) user, if a user is authenticated. The maximum number of attempts per IP address, if no user is authenticated.
X-RateLimit-Remaining The estimated number of attempts remaining.
X-RateLimit-Reset The time when the rate limit counter resets, in UTC epoch seconds.

Requests are counted separately in each Cloud Controller instance and each produces an estimate for the total number of remaining requests. The estimate is based on the fraction remaining on the Cloud Controller instance, rounded down to the nearest 10%, multiplied by the global maximum number of attempts. This might result in inconsistent values for the X-RateLimit-Remaining header when running multiple instances of Cloud Controller API, such as some requests still being allowed when the header value is 0.

When requests exceed the maximum rate limit value, the Cloud Controller API returns a 429: Too Many Requests error code.

Create a pull request or raise an issue on the source for this page in GitHub