Sertifier · Rate Limits

Sertifier Rate Limits

Sertifier does not publish fixed numeric HTTP rate limits (requests per second or per minute) for the Credential API. The practical throughput ceiling for a program is the account's plan-based annual recipient allowance rather than a per-endpoint request cap - the API is designed to issue anywhere from tens to tens of thousands of credentials against that allowance. Sertifier's own guidance emphasizes reliability practices over rate limits: protect the secretKey, and guard the credential-issuance path with an idempotency check (for example enrolment ID + campaignId) so a completion event that fires twice does not double-issue.

Sertifier Rate Limits is the machine-readable rate-limit profile for Sertifier on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 3 rate-limit definitions, measuring requests, recipients, and credentials.

The profile also includes 3 backoff/retry policies defined and response codes documented for throttled.

Tagged areas include Digital Credentials, Certificates, Credentialing, Rate Limiting, and Quotas.

3 Limits Throttle: 429
Digital CredentialsCertificatesCredentialingRate LimitingQuotas

Limits

Credential API Requests account
requests
not published
No fixed numeric request-rate limit is documented for the Credential API.
Annual Recipient Allowance account
recipients
per plan
The effective issuance ceiling is the plan's annual unique-recipient allowance (Free 250; paid tiers higher). Credentials per recipient are unlimited.
Bulk Credential Issuance campaign
credentials
designed for high volume (50 to 50,000+ per campaign)
Sertifier markets issuing tens of thousands of credentials via addCredentials; batch large jobs and verify server-side limits with support.

Policies

Idempotency
Guard the addCredentials call with an idempotency key such as (enrolment ID + campaignId), or use externalId / updateExistingCredentials, so a webhook or completion event that fires more than once does not issue a duplicate credential.
Secret Protection
Store the secretKey in a secrets vault, rotate it when staff change, and never embed it in client-side JavaScript.
Backoff Strategy
Clients should implement exponential backoff with jitter and honor Retry-After on any 429 or 5xx responses during large bulk imports.

Sources