Snyk · Rate Limits

Snyk Rate Limits

Snyk applies a per-token request-rate limit to both the REST and V1 APIs. Numeric ceilings are not exhaustively published; documented behaviour is that 429 Too Many Requests is returned when the bucket is exhausted, with Retry-After indicating when the caller may resume. Free and Team tier API access varies - per Snyk auth docs Free and Team users cannot use personal access tokens for API calls; Enterprise/Ignite use service accounts for automation. Regional endpoints serve US, EU, and AU traffic.

Snyk Rate Limits is the machine-readable rate-limit profile for Snyk on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 3 rate-limit definitions, measuring requests, tier_eligibility, and export_jobs.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled, unauthorized, and serverError.

Tagged areas include Security, DevSecOps, Vulnerability Management, Application Security, and Rate Limiting.

3 Limits Throttle: 429
SecurityDevSecOpsVulnerability ManagementApplication SecurityRate LimitingThrottling

Limits

Per-Token Throttle token
requests · minute
dynamic
Snyk applies per-token rate limits. The numeric ceiling is not published; 429 is returned when exceeded.
Free / Team Personal Token API Access token
tier_eligibility
restricted
Free and Team plans do not permit personal access tokens to call the API for automation. Use of the API is gated to Enterprise (and Ignite) plans, with service accounts recommended for non-interactive use.
Bulk Export Job Concurrency organization
export_jobs
dynamic
Issue and dependency exports are processed asynchronously; only a small number of concurrent exports per organization are accepted before subsequent jobs queue.

Policies

429 Throttling
When the per-token bucket is exhausted Snyk returns 429 Too Many Requests with a Retry-After header indicating the wait time.
Backoff Strategy
Implement exponential backoff with jitter on 429 and 5xx responses. Cache idempotent reads (org list, project list) and prefer the bulk Export API for large exports rather than paginating individual issue lists.
Service Accounts For Automation
Use a service account scoped to an organization or group for CI/CD and automation flows; reserve personal tokens for interactive CLI/IDE use.
Regional Endpoint Selection
Use the regional endpoint matching your tenant's region - api.snyk.io (US), api.eu.snyk.io (EU), or api.au.snyk.io (AU) - to comply with data residency.

Sources