Sterling · Rate Limits

Sterling Check Rate Limits

Sterling does not publish fixed numeric rate limits for its API. Access is gated behind provisioned OAuth2 credentials (Client ID / Client Secret) issued per screening region and per environment (sandbox and production), and any request throttling is governed by the customer agreement rather than a public per-minute cap. Access tokens obtained from the OAuth token exchange are short-lived and must be refreshed. Background screening is an asynchronous, long-running process: after a screening is initiated, results arrive over minutes to days depending on the products and jurisdictions, so integrations should rely on webhook callbacks (the callbackUri on POST /screenings) for status changes rather than tight polling.

Sterling Check Rate Limits is the machine-readable rate-limit profile for Sterling on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 3 rate-limit definitions, measuring requests, seconds, and latency.

The profile also includes 3 backoff/retry policies defined and response codes documented for throttled.

Tagged areas include Background Screening, Identity Verification, Gated API, Rate Limiting, and Quotas.

3 Limits Throttle: 429
Background ScreeningIdentity VerificationGated APIRate LimitingQuotas

Limits

API Requests account
requests
not published
No fixed numeric request-rate limit is publicly documented; governed by contract.
Access Token Lifetime token
seconds
short-lived (refresh required)
OAuth2 access tokens expire and must be re-requested from the token endpoint.
Screening Result Delivery screening
latency
asynchronous (minutes to days)
Results depend on products and jurisdictions; use webhook callbacks rather than tight polling.

Policies

Prefer Webhooks
Use the per-screening callbackUri to receive real-time status updates instead of frequent polling.
Backoff Strategy
On 429 or transient errors, use exponential backoff with jitter and honor Retry-After.
Environment Separation
Sandbox and production use separate credentials and hosts; validate integrations in sandbox first.

Sources