Cigna · Rate Limits

Cigna Rate Limits

Cigna does not publish a numeric per-second or per-minute rate-limit policy on its public developer portal for the FHIR API surface. The endpoints (Patient Access, Provider Directory, Drug Formulary, Provider Access) are governed by HIPAA, CMS Interoperability rules, and Cigna's application-onboarding terms. Practical limits are imposed at the WAF / API-gateway layer and on the SMART on FHIR token issuer; client applications that exceed fair-use thresholds are throttled with a 429 response and may be contacted by Cigna's developer-relations team.

Cigna Rate Limits is the machine-readable rate-limit profile for Cigna on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 2 rate-limit definitions, measuring varies.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled, unauthorized, forbidden, serverError, and serviceUnavailable.

Tagged areas include CMS Interoperability, FHIR, Healthcare, Patient Access, and Provider Directory.

2 Limits Throttle: 429
CMS InteroperabilityFHIRHealthcarePatient AccessProvider DirectoryRate Limiting

Limits

FHIR API requests application
varies
see Cigna developer onboarding documentation; not publicly documented
Practical ceilings are applied at the WAF and applied per registered application client_id.
SMART on FHIR token issuance application
varies
governed by OAuth issuer; not publicly documented
Token issuance for member-authorized Patient Access is rate-limited by the OAuth server.

Policies

Backoff Strategy
On 429 / 5xx, retry with exponential backoff and jitter; honor Retry-After when present.
SMART on FHIR
Member-authorized Patient Access requires SMART on FHIR / OAuth 2.0 authorization with member consent before claims and clinical data can be queried.
Pagination
FHIR Bundle responses are paginated via the standard Bundle.link 'next' relation. Iterate cursors rather than issuing high-offset requests.
HIPAA / CMS Compliance
Application sponsors are accountable for HIPAA-aligned handling of any PHI returned by the Patient Access and Provider Access APIs.

Sources