JFrog · Rate Limits
Jfrog Rate Limits
JFrog Cloud applies per-instance / per-tenant fair-use throttling on the Artifactory, Xray, Distribution, Pipelines, and Curation REST APIs; numeric request-per-second limits are not published at the platform level. Self-managed Artifactory has no provider-side rate limit and is bounded by the customer's hardware. Public download endpoints (e.g., the JFrog public registry mirror) enforce anonymous and authenticated download caps to protect shared bandwidth.
3 Limits
Throttle: 429
Rate LimitingDevOpsArtifactoryContainer RegistrySoftware Supply Chain
Limits
JFrog Cloud — REST API (per tenant) account
per-tenant fair use (raise via support)
Cloud tenants share rate-limit pools sized to their subscription tier (Pro, Enterprise X, Enterprise+). Sustained throughput beyond fair-use returns 429.
JFrog Self-Managed server
bounded by self-hosted capacity
No platform-imposed rate limit on self-managed deployments; throughput is governed by your hardware and database.
Public mirror — anonymous download IP
see public registry policy
Anonymous pulls from JFrog-hosted public mirrors (e.g., jfrog.io public registries) are throttled per IP to prevent abuse; authenticate to lift.
Policies
Backoff
Honor Retry-After on 429 / 503 responses; back off exponentially with jitter.
Tier scaling
Pro tenants share lower fair-use ceilings than Enterprise X; raise via support if sustained 429s appear.
Authenticate
Authenticate to public registry endpoints to receive higher per-token limits than anonymous IP-bound caps.
Self-hosted vs SaaS
Self-managed installations have no provider rate limit; SaaS tenants are subject to JFrog's gateway throttling.