Scryfall · Rate Limits

Scryfall Rate Limits

Scryfall asks that all API consumers keep sustained traffic under 10 requests per second (50-100 ms delay between calls). The /cards/collection endpoint has a tighter 2/second hard cap (500 ms). Large-volume use cases must use the daily bulk-data exports instead of crawling Card endpoints. Every request must include a descriptive User-Agent header and an Accept header; missing or generic headers will cause Scryfall to block or throttle your traffic.

Scryfall Rate Limits is the machine-readable rate-limit profile for Scryfall on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 5 rate-limit definitions, measuring requests_per_second, delay_ms_between_requests, identifiers_per_request, and pages_per_minute.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled and serviceUnavailable.

Tagged areas include Rate Limiting, Public API, and Free.

5 Limits Throttle: 429
Rate LimitingPublic APIFree

Limits

Global request rate client
requests_per_second · second
10
Soft cap - sustained traffic above 10 RPS will be throttled or blocked. Insert 50-100 ms between requests.
Recommended inter-request delay client
delay_ms_between_requests
50
Scryfall publicly recommends 50-100 ms delay between calls; clients should default to 100 ms.
Cards collection batch endpoint client
requests_per_second · second
2
Hard rate limit on POST /cards/collection (max one call every 500 ms). The endpoint itself accepts up to 75 identifiers per batch.
Cards collection batch size request
identifiers_per_request
75
Maximum identifiers per POST /cards/collection request.
Bulk-data preferred for large ingestion client
pages_per_minute
use bulk-data instead
Scryfall asks that anyone performing a large amount of simple lookups or downloading many images use the bulk-data offerings and process the files locally rather than paginating live endpoints.

Policies

Required headers
Every request must include a descriptive User-Agent header that identifies the application (with contact info preferred) and an Accept header (typically application/json). Generic user agents (curl, python-requests defaults) are routinely blocked.
Backoff
On 429 or 503 responses, retry with exponential backoff and jitter. Do not hammer the endpoint - repeated abuse will trigger longer blocks.
Caching
Card and set data is highly cacheable. Scryfall encourages aggressive local caching to reduce request volume; bulk-data exports are the canonical refresh mechanism.
Image rehosting
Do not embed Scryfall image URIs in production sites - download and rehost images from your own infrastructure to avoid burdening Scryfall's image CDN.

Sources