CrowdStrike · Rate Limits
Crowdstrike Rate Limits
CrowdStrike Falcon OAuth2 APIs are rate-limited per-client and per-endpoint. Specific numeric limits are not published publicly; they vary by API surface (Detects, Hosts, Real-Time Response, Spotlight, etc.) and are documented in the authenticated Falcon developer portal. Throttling is signaled with HTTP 429 plus rate-limit headers; clients are expected to honor Retry-After.
2 Limits
Throttle: 429
Quota: 429
CybersecurityEndpoint SecurityRate LimitingQuotasThrottling
Limits
Per-API rate limit api-client
see CrowdStrike Falcon documentation per API surface
Per-endpoint concurrency api-client
see CrowdStrike Falcon documentation per API surface
Policies
OAuth2 token refresh
Tokens are issued via OAuth2 client credentials and expire after 30 minutes; cache and reuse tokens until expiry rather than minting per-request.
Backoff Strategy
On HTTP 429, honor X-Ratelimit-Retryafter (epoch seconds) and apply exponential backoff with jitter for retried calls.
Per-API surface limits
Limits are scoped per API (Detects, Hosts, RTR, Spotlight, IOC, etc.) rather than globally; a 429 on one surface does not throttle others.
Pagination over polling
Use offset/limit or after/before pagination on listing endpoints rather than tight polling loops to stay within rate caps.