Bitwarden · Rate Limits

Bitwarden Rate Limits

Bitwarden documents that its Public API throttles abusive traffic and returns 429 Too Many Requests when the API is hit too quickly. Numeric per-second ceilings are not exhaustively published. List endpoints exceeding 50 results return a continuationToken for pagination. Identity tokens issued via client_credentials are valid for 3600 seconds and should be reused rather than reissued on every call. Two cloud regions exist - api.bitwarden.com (US) and api.bitwarden.eu (EU) - each with its own identity host.

Bitwarden Rate Limits is the machine-readable rate-limit profile for Bitwarden on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 3 rate-limit definitions, measuring requests, items, and seconds.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled and unauthorized.

Tagged areas include Security, Password Manager, Open Source, Vault, and Identity.

3 Limits Throttle: 429
SecurityPassword ManagerOpen SourceVaultIdentityRate LimitingThrottling

Limits

Public API Throttle client
requests · minute
dynamic
Bitwarden returns 429 Too Many Requests when the Public API is called too rapidly. Numeric ceiling is not published.
Pagination Window list_endpoint
items · page
50
Lists exceeding 50 results return a continuationToken; clients must page using the token to retrieve the full result set.
Identity Token Validity token
seconds · token_lifetime
3600
Bearer tokens issued from /connect/token are valid for 3600 seconds; reuse the token until expiry rather than re-issuing per request.

Policies

429 Throttling
When throughput is excessive the Public API returns 429 Too Many Requests. Clients should back off before retrying.
Token Reuse
Cache the bearer token for its 3600-second lifetime. Re-issuing per call wastes identity quota and risks rate limiting on /connect/token.
Continuation Pagination
Use continuationToken to walk lists exceeding 50 results; do not synthesise offsets.
Regional Selection
Use api.bitwarden.com / identity.bitwarden.com for US tenants and api.bitwarden.eu / identity.bitwarden.eu for EU tenants.

Sources