CyberArk · Rate Limits
Cyberark Rate Limits
CyberArk REST APIs (PAM Self-Hosted, Privilege Cloud, Identity, Conjur) are tenant- or vault-scoped and do not publish fixed numeric rate limits. Conjur enforces a configurable throttle for token issuance; Privilege Cloud and Identity throttle abusive clients via 429.
Cyberark Rate Limits is the machine-readable rate-limit profile for CyberArk on the APIs.io network, conforming to the API Commons Rate Limits specification.
It captures 4 rate-limit definitions, measuring varies and requests_per_second.
The profile also includes 3 backoff/retry policies defined and response codes documented for throttled and serviceUnavailable.
Tagged areas include Identity Security, Privileged Access Management, Secrets Management, and Rate Limiting.
4 Limits
Throttle: 429
Identity SecurityPrivileged Access ManagementSecrets ManagementRate Limiting
Limits
PAM Self-Hosted REST API tenant
depends on customer-deployed PVWA / CPM capacity (self-hosted)
Privilege Cloud REST API tenant
see CyberArk Privilege Cloud documentation
Identity REST API tenant
see CyberArk Identity API reference
Conjur token issuance tenant
configurable per Conjur deployment (authn-throttle)
Policies
Token caching
Conjur and Identity authentication tokens should be cached and reused until expiry rather than minted per request to stay under throttles.
Backoff Strategy
Honor 429 / 503 with exponential backoff and jitter; retry idempotent reads only.
Self-hosted vs SaaS
Self-Hosted limits depend on customer-deployed PVWA / CPM sizing; SaaS limits are tenant-scoped by CyberArk.