SailPoint · Rate Limits

Sailpoint Rate Limits

SailPoint Identity Security Cloud enforces a 100 requests / 10 seconds rate limit per access_token across V3 API calls through the API gateway. Throttled responses return HTTP 429 with a Retry-After header indicating seconds until the limit resets. Limits are scoped to the access token rather than per-tenant aggregate, so distributing across tokens is the documented scaling lever.

1 Limits Throttle: 429

Identity SecurityIAMB2BRate Limiting

Limits

V3 API gateway access_token

requests_per_window · second

100

100 requests per 10 seconds per access_token across V3 endpoints.

Policies

Retry-After signaling

Throttled responses include a Retry-After header indicating seconds to wait before retrying.

Token-scoped throttling

The 100 / 10s limit is per access_token. High-throughput integrations should mint multiple tokens (per integration / per service account) rather than share a single token.

Exponential backoff

Clients should apply exponential backoff with jitter on 429 responses, honoring the Retry-After header.

Sources

https://developer.sailpoint.com/docs/api/getting-started