Castor · Rate Limits

Castoredc Rate Limits

The Castor EDC / CDMS API applies a default rate limit of roughly 600 requests per 10 minutes per API client. Exceeding the limit returns HTTP 429 Too Many Requests. OAuth2 access tokens obtained via the client-credentials flow are valid for 5 hours, so clients should cache and reuse a token rather than re-authenticate on every call. Large data reads should use the paginated (HAL) collection endpoints or the batch export endpoints rather than tight per-record polling, and bulk analysis is best done through the official R and Python wrapper packages, which handle pagination and throttling.

Castoredc Rate Limits is the machine-readable rate-limit profile for Castor on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 3 rate-limit definitions, measuring requests, seconds, and items.

The profile also includes 3 backoff/retry policies defined and response codes documented for throttled.

Tagged areas include Clinical Trials, Electronic Data Capture, EDC, Rate Limiting, and Quotas.

3 Limits Throttle: 429
Clinical TrialsElectronic Data CaptureEDCRate LimitingQuotas

Limits

Default API Requests client
requests
~600 per 10 minutes
Default per-API-client request rate. Exceeding it returns HTTP 429.
Access Token Lifetime client
seconds
18000
OAuth2 client-credentials access tokens are valid for 5 hours; cache and reuse them.
Collection Pagination endpoint
items
page-based (HAL)
List endpoints return paginated HAL collections; iterate pages instead of over-fetching.

Policies

Token Reuse
Reuse the 5-hour access token across requests instead of re-authenticating per call to conserve request budget.
Backoff Strategy
On HTTP 429, back off and retry with exponential backoff and jitter before resuming requests.
Prefer Batch Export
For large data pulls, use the export endpoints (data / structure / option groups) or the official R / Python wrappers rather than high-frequency per-record requests.

Sources