API Rate Limiting

turbine cloud enforces rate limits to ensure platform stability and fair usage across all tenants at a glance limit type value scope reset standard api 15 requests/second (900 requests/minute) per user/token rolling 1 minute window webhook 100 requests/minute per web server ( 900 requests/minute total) per web server rolling 1 minute window standard api rate limit the global rate limit applies to any http request through the public load balancer — including api calls, playbook actions, and ui requests scope — user hash the rate limit is calculated per unique combination of authentication method and source ip authentication type source used in hash jwt token or pat user token + source ip multiple pats, same ip each pat gets a separate rate limit pool anonymous / playbook native http action region egress ip if a playbook makes anonymous outbound http calls, those requests are sourced from the region's shared egress ip and count toward the rate limit pool for that ip webhook rate limit webhooks have a dedicated rate limit enforced separately from the standard api limit setting value limit per web server 100 requests/minute total across region (9 web servers) 900 requests/minute distribution round robin across web servers scope per tenant per web server for mssp or multi tenant architectures where a central tenant sends webhook requests to customer tenants, each tenant's webhook traffic is rate limited independently rate limit behavior when a rate limit is exceeded, the api returns a 429 too many requests response implement exponential backoff and retry logic in your integrations to handle rate limiting gracefully