JFrog · Rate Limits

Jfrog Rate Limits

JFrog Cloud applies per-instance / per-tenant fair-use throttling on the Artifactory, Xray, Distribution, Pipelines, and Curation REST APIs; numeric request-per-second limits are not published at the platform level. Self-managed Artifactory has no provider-side rate limit and is bounded by the customer's hardware. Public download endpoints (e.g., the JFrog public registry mirror) enforce anonymous and authenticated download caps to protect shared bandwidth.

Jfrog Rate Limits is the machine-readable rate-limit profile for JFrog on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 3 rate-limit definitions, measuring varies and requests_per_hour.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled and serviceUnavailable.

Tagged areas include Rate Limiting, DevOps, Artifactory, Container Registry, and Software Supply Chain.

3 Limits Throttle: 429
Rate LimitingDevOpsArtifactoryContainer RegistrySoftware Supply Chain

Limits

JFrog Cloud — REST API (per tenant) account
varies
per-tenant fair use (raise via support)
Cloud tenants share rate-limit pools sized to their subscription tier (Pro, Enterprise X, Enterprise+). Sustained throughput beyond fair-use returns 429.
JFrog Self-Managed server
varies
bounded by self-hosted capacity
No platform-imposed rate limit on self-managed deployments; throughput is governed by your hardware and database.
Public mirror — anonymous download IP
requests_per_hour
see public registry policy
Anonymous pulls from JFrog-hosted public mirrors (e.g., jfrog.io public registries) are throttled per IP to prevent abuse; authenticate to lift.

Policies

Backoff
Honor Retry-After on 429 / 503 responses; back off exponentially with jitter.
Tier scaling
Pro tenants share lower fair-use ceilings than Enterprise X; raise via support if sustained 429s appear.
Authenticate
Authenticate to public registry endpoints to receive higher per-token limits than anonymous IP-bound caps.
Self-hosted vs SaaS
Self-managed installations have no provider rate limit; SaaS tenants are subject to JFrog's gateway throttling.

Sources