Jumio · Rate Limits

Jumio Rate Limits

Jumio does not publish per-second numeric rate limits for the KYX Platform APIs in public documentation. The platform applies per-customer throttling that scales with the contracted verification volume, returns standard HTTP 4xx/5xx responses on abuse, and mandates verification of callback authenticity via mutual TLS or signed payload. Bulk operations (Retrieval, Screening monitoring batches) are processed asynchronously. Reconciliation against published numeric ceilings pending - confirm with Jumio Solutions Engineering for high-volume integrations.

Jumio Rate Limits is the machine-readable rate-limit profile for Jumio on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 3 rate-limit definitions, measuring requests, capture_session, and monitored_identities.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled, unauthorized, and serverError.

Tagged areas include KYC, Identity Verification, Biometrics, AML, and Fraud Prevention.

3 Limits Throttle: 429
KYCIdentity VerificationBiometricsAMLFraud PreventionRate LimitingThrottling

Limits

Per-Customer Throttle customer
requests · minute
contracted
Numeric ceiling not published; throttling scales with contracted verification volume. Sustained excessive request volume returns 429.
Mobile / Web SDK Capture device
capture_session
device-bound
SDK capture sessions are bound to the token returned from ID Verification initiation; tokens are short-lived and single-flow.
Bulk Screening Monitoring account
monitored_identities
contracted
Ongoing-monitoring batch refresh runs periodically per the contract; per-batch throughput is server-managed.

Policies

429 Throttling
Jumio returns 429 Too Many Requests on excessive throughput. Clients should back off before retrying.
Backoff Strategy
Implement exponential backoff with jitter on 429 / 5xx responses. Cache final decisions locally to avoid repeated Retrieval API calls.
Callback Authentication
Verify the source of inbound callbacks via mutual TLS or the signed payload before treating the decision as authoritative.
Token Lifecycle
ID Verification initiation tokens are short-lived and single-flow; do not cache them across user sessions.

Sources