NuGet · Rate Limits
Nuget Rate Limits
nuget.org does not publish numeric rate limits for the V3 HTTP API. Reads (PackageBaseAddress, RegistrationsBaseUrl, SearchQueryService) are CDN-fronted via api.nuget.org and tolerate normal client traffic; abusive or scraping traffic is throttled per-IP at the edge. The official client retries up to three times on 5xx responses. Authenticated push operations use X-NuGet-ApiKey and are throttled at the application layer.
2 Limits
Throttle: 429
Package Management.NETPackagesRegistryRate Limiting
Limits
nuget.org public reads IP
not numerically published; CDN-throttled per-IP
Authenticated push api-key
not numerically published; abuse-throttled at the application layer
Policies
Client retry behavior
The official NuGet client retries up to three times on 500-level status codes or TCP/DNS errors. Recommended for third-party clients: exponential backoff with jitter on 429/503.
Redirects
GET responses may return 301/302; clients must follow Location headers and re-issue the GET.
Authentication scope
Only the PackagePublish resource requires authentication via X-NuGet-ApiKey. All other V3 resources on nuget.org accept anonymous requests.
Bulk indexing
Use the Catalog resource (commit-driven page log) rather than scraping search to mirror the registry; this is the supported pattern for full ingestion.