CrowdStrike · Rate Limits

Crowdstrike Rate Limits

CrowdStrike Falcon OAuth2 APIs are rate-limited per-client and per-endpoint. Specific numeric limits are not published publicly; they vary by API surface (Detects, Hosts, Real-Time Response, Spotlight, etc.) and are documented in the authenticated Falcon developer portal. Throttling is signaled with HTTP 429 plus rate-limit headers; clients are expected to honor Retry-After.

Crowdstrike Rate Limits is the machine-readable rate-limit profile for CrowdStrike on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 2 rate-limit definitions, measuring varies and concurrent_requests.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled, quotaExceeded, and serviceUnavailable.

Tagged areas include Cybersecurity, Endpoint Security, Rate Limiting, Quotas, and Throttling.

2 Limits Throttle: 429 Quota: 429
CybersecurityEndpoint SecurityRate LimitingQuotasThrottling

Limits

Per-API rate limit api-client
varies
see CrowdStrike Falcon documentation per API surface
Per-endpoint concurrency api-client
concurrent_requests
see CrowdStrike Falcon documentation per API surface

Policies

OAuth2 token refresh
Tokens are issued via OAuth2 client credentials and expire after 30 minutes; cache and reuse tokens until expiry rather than minting per-request.
Backoff Strategy
On HTTP 429, honor X-Ratelimit-Retryafter (epoch seconds) and apply exponential backoff with jitter for retried calls.
Per-API surface limits
Limits are scoped per API (Detects, Hosts, RTR, Spotlight, IOC, etc.) rather than globally; a 429 on one surface does not throttle others.
Pagination over polling
Use offset/limit or after/before pagination on listing endpoints rather than tight polling loops to stay within rate caps.

Sources