Beginning November 1, 2022, Qlik is enforcing rate limits to API requests on Qlik Cloud REST APIs. This means any API request originating to a REST API endpoint on Qlik Cloud is subject to rejection if the number of requests to an endpoint exceeds the allowed amount in a specified duration on that endpoint.
What is API rate limiting?
API rate limiting is a mechanism for ensuring API and platform performance and scalability. It protects the platform from being overwhelmed by requests made to API endpoints by throttling the number of requests an endpoint will accept before blocking or rejecting more requests from a client.
What Qlik experiences (clients) are impacted by rate limiting?
All REST endpoints in Qlik Cloud have a rate limit tier assignment. Any requests made from Qlik Sense REST connector, requests made from Qlik Application Automation, qlik-cli, any REST client like Postman, or custom application you create is subject to rate limiting.
Limits are enforced per tier, per user, per tenant. When a rate limit is reached, all endpoints in the same tier are blocked until the retry-after time expires. When you exceed a rate limit, your application receives an HTTP 429 status code response such as below:
Depending on the language, client, and code you’ve written to interact with Qlik’s APIs, you need to accommodate it to handle rate limits based upon the APIs you’re using. One way to do this is to add code that handles the 429 response by reading the `retry-after` response header and adding a function that throttles your application to wait until the retry period has elapsed.
How does API rate limiting in Qlik Cloud work?
Initially, rate limits are going to be enforced on Qlik Cloud REST API endpoints only. It is our intention to add external rate limits for other types of traffic including but not limited to websocket connections in a future release.
Here are the enforcement tiers for the number of requests allowed on an endpoint based on its assigned tiers.
600+ per minute
Supports majority of requests for data consumption with generous bursting.
60+ per minute
Create, update, and delete resource endpoints with occasional bursts of more requests.
Rate limiting conditions are unique for methods with this tier. Consult the method's documentation to better understand its rate limiting conditions.
We identified these tiers after observing API requests and rate limiting decisions from the beginning of 2022. Additional consideration has been paid to endpoints with heavy usage to make sure the services the APIs call scale to support the anticipated request volume.
Why is API rate limiting important to me?
API rate limiting is a mechanism for protecting your experience using the Qlik Cloud platform. Here are some reasons why we’re beginning to enforce rate limits on tenants:
Rate limits are a baseline security mechanism to prevent brute-force attacks against the platform.
Rate limiting prevents system degradation from a single application or user overwhelming the system.
Rate limiting communicates to customers an expected service level for an API endpoint and how requests are treated if you cross a rate limit threshold.
Enables Qlik to provide a platform that is affordable and returns business value through consistent uptime and a performant experience for our customers
Where can I learn more about Qlik Cloud API rate limits?
Information about Qlik Cloud API rate limits is visible on qlik.dev beginning today, October 11, 2022. In the API reference section for Manage APIs, you can identify the rate limit tier for endpoints you use. Any special tier endpoints will indicate the specific API rate limit on the APIs reference page.
We released a new API Policy for working with Qlik Cloud’s APIs. Please review this page so you can ensure the end users of your solutions receive a pleasant experience interacting with Qlik Cloud.