REST API Rate Limits

Hi! We’ve found that some applications have hit repeated 429s when hitting any endpoints (we often hit teams/<team_id>/projects, projects/<project_id>/files, and GET file endpoints).

We saw in Rest api rate limit - #6 by MichaelF that there are some rate limits mentioned in the past-- we believe our application should be making around ~2 requests / second for GET files and ~3 requests / second for the other endpoints, which should be under those specified limits. In addition, we do exponential backoff on 429s. Our application is set up via OAuth 2 so hits the endpoints with user access tokens.

Given this, we had a few questions:

  • Is there any possibility that our application may have been blocked from making API calls?
  • In the Errors section, the documentation mentions to just retry after one minute. Is this the recommended practice, or is there a better systematic method to determine if an application has been blocked for a longer period of time to resolve the repeated 429s?
  • Are the rate limits for the mentioned endpoints more restrictive if an application uses OAuth 2 (if there’s a particular global rate limit that applies to the application regardless of the user access token used)?

One use case we have is also to discover explicit members of teams / projects. There didn’t seem to be a direct endpoint to retrieve this info, so one workaround was to use the existing user access tokens to hit the associated teams / projects endpoint-- if a request returns with 200 status, then we could determine that a particular user can view a team / project.

This workaround could also lead to consuming a large portion of the rate limit. Are there any plans to support such an endpoint in the future, and/or are there any other possibilities to support the above use case while minimizing the cost incurred? The cost would be high assuming that the rate limit is indeed global for an application and agnostic to user access tokens.