Qlik Cloud API rate limits enforced starting on November 1st, 2022

Andre_Sostizzo — Wed, 12 Oct 2022 13:43:30 GMT

Beginning November 1, 2022, Qlik is enforcing rate limits to API requests on Qlik Cloud REST APIs. This means any API request originating to a REST API endpoint on Qlik Cloud is subject to rejection if the number of requests to an endpoint exceeds the allowed amount in a specified duration on that endpoint.

What is API rate limiting?

API rate limiting is a mechanism for ensuring API and platform performance and scalability. It protects the platform from being overwhelmed by requests made to API endpoints by throttling the number of requests an endpoint will accept before blocking or rejecting more requests from a client.

What Qlik experiences (clients) are impacted by rate limiting?

All REST endpoints in Qlik Cloud have a rate limit tier assignment. Any requests made from Qlik Sense REST connector, requests made from Qlik Application Automation, qlik-cli, any REST client like Postman, or custom application you create is subject to rate limiting.

Limits are enforced per tier, per user, per tenant. When a rate limit is reached, all endpoints in the same tier are blocked until the retry-after time expires. When you exceed a rate limit, your application receives an HTTP 429 status code response such as below:

Environment:

How do I handle rate limiting in my applications?

Depending on the language, client, and code you’ve written to interact with Qlik’s APIs, you need to accommodate it to handle rate limits based upon the APIs you’re using. One way to do this is to add code that handles the 429 response by reading the `retry-after` response header and adding a function that throttles your application to wait until the retry period has elapsed.

How does API rate limiting in Qlik Cloud work?

Initially, rate limits are going to be enforced on Qlik Cloud REST API endpoints only. It is our intention to add external rate limits for other types of traffic including but not limited to websocket connections in a future release.

Here are the enforcement tiers for the number of requests allowed on an endpoint based on its assigned tiers.

Tier	Limit	Description
Tier 1	600+ per minute	Supports majority of requests for data consumption with generous bursting.
Tier 2	60+ per minute	Create, update, and delete resource endpoints with occasional bursts of more requests.
Special	Varies	Rate limiting conditions are unique for methods with this tier. Consult the method's documentation to better understand its rate limiting conditions.

We identified these tiers after observing API requests and rate limiting decisions from the beginning of 2022. Additional consideration has been paid to endpoints with heavy usage to make sure the services the APIs call scale to support the anticipated request volume.

Why is API rate limiting important to me?

API rate limiting is a mechanism for protecting your experience using the Qlik Cloud platform. Here are some reasons why we’re beginning to enforce rate limits on tenants:

Rate limits are a baseline security mechanism to prevent brute-force attacks against the platform.
Rate limiting prevents system degradation from a single application or user overwhelming the system.
Rate limiting communicates to customers an expected service level for an API endpoint and how requests are treated if you cross a rate limit threshold.
Enables Qlik to provide a platform that is affordable and returns business value through consistent uptime and a performant experience for our customers

Where can I learn more about Qlik Cloud API rate limits?

Information about Qlik Cloud API rate limits is visible on qlik.dev beginning today, October 11, 2022. In the API reference section for Manage APIs, you can identify the rate limit tier for endpoints you use. Any special tier endpoints will indicate the specific API rate limit on the APIs reference page.

We released a new API Policy for working with Qlik Cloud’s APIs. Please review this page so you can ensure the end users of your solutions receive a pleasant experience interacting with Qlik Cloud.

Re: Qlik Cloud API rate limits enforced starting on November 1st, 2022

AlexOmetis — Wed, 12 Oct 2022 11:32:20 GMT

Hi, Could you clarify whether calling the APIs from Qlik Sense script or Qlik Application Automation would count as "external clients" or not? Assuming they are within the same tenant as the API being called of course.

Re: Qlik Cloud API rate limits enforced starting on November 1st, 2022

Jeffrey_Goldberg — Wed, 12 Oct 2022 12:19:42 GMT

@AlexOmetis , We need to amend the post. If you flood the endpoint from a load script or Qlik Application Automation past the rate limit, the requests are going to be throttled.

Re: Qlik Cloud API rate limits enforced starting on November 1st, 2022

fmarvnnt — Wed, 20 Nov 2024 16:00:07 GMT

I guess limits might be increased since we got easily error HTTP 429 while we create several files onto SharePoint for example.

FMa

article Qlik Cloud API rate limits enforced starting on November 1st, 2022 in Official Support Articles

Qlik Cloud API rate limits enforced starting on November 1st, 2022

What is API rate limiting?

What Qlik experiences (clients) are impacted by rate limiting?

Environment:

How do I handle rate limiting in my applications?

How does API rate limiting in Qlik Cloud work?

Why is API rate limiting important to me?

Where can I learn more about Qlik Cloud API rate limits?

Re: Qlik Cloud API rate limits enforced starting on November 1st, 2022

Re: Qlik Cloud API rate limits enforced starting on November 1st, 2022

Re: Qlik Cloud API rate limits enforced starting on November 1st, 2022