Rate Limits
The Slim.io API enforces per-tenant rate limits to ensure fair usage and platform stability. Rate limits apply to all authenticated API requests.
Default Limits
| Tier | Requests / Minute | Requests / Hour | Burst |
|---|---|---|---|
| Free | 60 | 1,000 | 10 |
| Starter | 300 | 10,000 | 30 |
| Professional | 1,000 | 50,000 | 100 |
| Enterprise | Custom | Custom | Custom |
These limits are approximate and may be adjusted. Burst refers to the maximum number of concurrent requests allowed. Requests beyond the burst limit are queued, not rejected, up to the per-minute limit.
Rate Limit Enforcement
Rate limiting is enforced server-side on a per-tenant basis. The API does not expose rate limit counters in response headers.
429 Too Many Requests
When you exceed the rate limit, the API returns an HTTP 429 Too Many Requests response:
{
"status": "error",
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Rate limit exceeded. Please retry later."
}
}Handling Rate Limits
Retry Strategy
Implement exponential backoff when you receive a 429 response:
import time
import requests
def api_call_with_retry(url, headers, max_retries=3):
for attempt in range(max_retries):
response = requests.get(url, headers=headers)
if response.status_code == 429:
wait = min(2 ** attempt, 30)
time.sleep(wait)
continue
return response
raise Exception("Rate limit exceeded after max retries")Scan-related API calls (triggering scans, fetching worker status) are rate-limited separately from general API calls. Scan operations have higher limits to support real-time monitoring use cases.
Endpoint-Specific Limits
Some endpoints have additional limits beyond the general rate limit:
| Endpoint | Additional Limit | Reason |
|---|---|---|
POST /scans/parallel | 5 / hour | Prevent excessive scan job creation |
POST /governance/reconcile | 2 / hour | Resource-intensive operation |
POST /connectors | 20 / hour | Prevent connector creation abuse |
POST /classifiers/validate | 30 / minute | CI/CD validation support |
Increasing Limits
If your use case requires higher rate limits:
- Starter/Professional tiers — Upgrade to a higher tier for increased limits
- Enterprise tier — Contact your account manager to configure custom limits
- Temporary increases — Contact support to request temporary limit increases for migration or backfill operations
Best Practices
- Cache responses — Cache list and detail responses locally to reduce API calls
- Use webhooks — For scan completion and drift events, use webhook notifications instead of polling
- Batch operations — Where possible, use batch endpoints to reduce request count
- Implement backoff — Use exponential backoff on
429responses to avoid cascading failures - Stagger requests — Distribute API calls over time instead of sending bursts