Rest api rate limit

We recently found some 429 response code when using REST API. I’m not sure if we’re being rate-limited and what limit should we keep in.
I also wonder whether there are different rate-limit in different endpoints (for example GET file & GET image).
I’ve read this article An alternative approach to rate limiting ,but didn’t find the precise qps limit number.

I am also curious about the rate limit, especially for the get IMAGE endpoint. Very weird it seems nowhere to be defined in exact numbers…

I’m trying to figure this out too. I seem to be encountering an issue when building our icon library at exactly 900.

Its returning 429 for me for way lower API request numbers. Maybe it depends on the endpoint. I understand the need for rate limiting, some documentation about this would have been really nice…

1 Like

@MichaelF @Ross_Moody You can ask Figma support about this. I don’t think the API team checks the community forum often so it would be probably faster.

ok, I contacted support and received an answer including rate limits which I am allowed to share here, including the following preface:

these limits are subject to change. Another point of clarification is that they are dependent on the type of authentication used, so if someone is using OAuth the rate limits are different and are for the entire application, not per user. For context, this complexity is what has prevented us from publishing these more broadly in the past.

and here are the rate limits I received:

FILE_COST = 50; // Equates to 120 req/min and 24000 req/day per user
IMAGE_COST = 200; // Equates to 30 req/min and 6000 req/day per user
VERSION_COST = 100; // Equates to 60 req/min and 12000 req/day per user
COMMENT_COST = 20; // Equates to 300 req/min and 60000 req/day per user
WEBHOOK_COST = 20; // Equates to 300 req/min and 60000 req/day per user
TEAM_COST = 20; // Equates to 300 req/min and 60000 req/day per user
PROJECT_COST = 20; // Equates to 300 req/min and 60000 req/day per user
FILE_IMAGE_COST = 20; // Equates to 300 req/min and 60000 req/day per user
SELECTION_COST = 20; // Equates to 300 req/min and 60000 req/day per user
RECENT_FILES_COST = 10; // Equates to 600 req/min and 120000 req/day per user

Hope this helps other folks like me to at least get an idea of might be possible wrong if she/he hits a ‘rate limit exceeded’ 429 :wink:

4 Likes

What do those figures “= XX” mean? FILE_COST = 50 — is it the price $50 for “Equates to 120 req/min and 24000 req/day per user”? What does it mean?

Are those limits for OAuth 2 / SSO authorization on a per-user basis? It also contradict to statement “so if someone is using OAuth the rate limits are different and are for the entire application, not per user”?

  1. These figures mean that you have an X amount of virtual “credits” or “points” that you can use to interact with the API within a specified timeframe. And every API interaction has a cost that takes those credits from a user. Judging by the numbers provided, you have 6000 credits per minute and 1 200 000 credits per day. So you can for example access 120 files in a minute, spending 50 credits per file. Alternatively you can render 30 images in a minute but you won’t have any credits left to do anything else like access files or comments within the same minute. Same with daily limits.

  2. In the “per application” scenario, it is implied that you are using a personal access token, thus your whole application is a single user and has the limits of a single user. An application cannot access the API without a user access token. It’s always the user interacting with the API through the application.

1 Like