CyberArk · Rate Limits

Cyberark Rate Limits

CyberArk REST APIs (PAM Self-Hosted, Privilege Cloud, Identity, Conjur) are tenant- or vault-scoped and do not publish fixed numeric rate limits. Conjur enforces a configurable throttle for token issuance; Privilege Cloud and Identity throttle abusive clients via 429.

4 Limits Throttle: 429

Identity SecurityPrivileged Access ManagementSecrets ManagementRate Limiting

Limits

PAM Self-Hosted REST API tenant

varies

depends on customer-deployed PVWA / CPM capacity (self-hosted)

Privilege Cloud REST API tenant

varies

see CyberArk Privilege Cloud documentation

Identity REST API tenant

varies

see CyberArk Identity API reference

Conjur token issuance tenant

requests_per_second

configurable per Conjur deployment (authn-throttle)

Policies

Token caching

Conjur and Identity authentication tokens should be cached and reused until expiry rather than minted per request to stay under throttles.

Backoff Strategy

Honor 429 / 503 with exponential backoff and jitter; retry idempotent reads only.

Self-hosted vs SaaS

Self-Hosted limits depend on customer-deployed PVWA / CPM sizing; SaaS limits are tenant-scoped by CyberArk.

Cyberark Rate Limits

Limits

Policies

Sources