Oct 12, 2022 6:43:30 AM
Beginning November 1, 2022, Qlik is enforcing rate limits to API requests on Qlik Cloud REST APIs. This means any API request originating to a REST API endpoint on Qlik Cloud is subject to rejection if the number of requests to an endpoint exceeds the allowed amount in a specified duration on that endpoint.
API rate limiting is a mechanism for ensuring API and platform performance and scalability. It protects the platform from being overwhelmed by requests made to API endpoints by throttling the number of requests an endpoint will accept before blocking or rejecting more requests from a client.
All REST endpoints in Qlik Cloud have a rate limit tier assignment. Any requests made from Qlik Sense REST connector, requests made from Qlik Application Automation, qlik-cli, any REST client like Postman, or custom application you create is subject to rate limiting.
Limits are enforced per tier, per user, per tenant. When a rate limit is reached, all endpoints in the same tier are blocked until the retry-after time expires. When you exceed a rate limit, your application receives an HTTP 429 status code response such as below:
Depending on the language, client, and code you’ve written to interact with Qlik’s APIs, you need to accommodate it to handle rate limits based upon the APIs you’re using. One way to do this is to add code that handles the 429 response by reading the `retry-after` response header and adding a function that throttles your application to wait until the retry period has elapsed.
Initially, rate limits are going to be enforced on Qlik Cloud REST API endpoints only. It is our intention to add external rate limits for other types of traffic including but not limited to websocket connections in a future release.
Here are the enforcement tiers for the number of requests allowed on an endpoint based on its assigned tiers.
Tier |
Limit |
Description |
Tier 1 |
600+ per minute |
Supports majority of requests for data consumption with generous bursting. |
Tier 2 |
60+ per minute |
Create, update, and delete resource endpoints with occasional bursts of more requests. |
Special |
Varies |
Rate limiting conditions are unique for methods with this tier. Consult the method's documentation to better understand its rate limiting conditions. |
We identified these tiers after observing API requests and rate limiting decisions from the beginning of 2022. Additional consideration has been paid to endpoints with heavy usage to make sure the services the APIs call scale to support the anticipated request volume.
API rate limiting is a mechanism for protecting your experience using the Qlik Cloud platform. Here are some reasons why we’re beginning to enforce rate limits on tenants:
Information about Qlik Cloud API rate limits is visible on qlik.dev beginning today, October 11, 2022. In the API reference section for Manage APIs, you can identify the rate limit tier for endpoints you use. Any special tier endpoints will indicate the specific API rate limit on the APIs reference page.
We released a new API Policy for working with Qlik Cloud’s APIs. Please review this page so you can ensure the end users of your solutions receive a pleasant experience interacting with Qlik Cloud.
Hi, Could you clarify whether calling the APIs from Qlik Sense script or Qlik Application Automation would count as "external clients" or not? Assuming they are within the same tenant as the API being called of course.
@AlexOmetis , We need to amend the post. If you flood the endpoint from a load script or Qlik Application Automation past the rate limit, the requests are going to be throttled.