Snyk · Rate Limits
Snyk Rate Limits
Snyk applies a per-token request-rate limit to both the REST and V1 APIs. Numeric ceilings are not exhaustively published; documented behaviour is that 429 Too Many Requests is returned when the bucket is exhausted, with Retry-After indicating when the caller may resume. Free and Team tier API access varies - per Snyk auth docs Free and Team users cannot use personal access tokens for API calls; Enterprise/Ignite use service accounts for automation. Regional endpoints serve US, EU, and AU traffic.
3 Limits
Throttle: 429
SecurityDevSecOpsVulnerability ManagementApplication SecurityRate LimitingThrottling
Limits
Per-Token Throttle token
dynamic
Snyk applies per-token rate limits. The numeric ceiling is not published; 429 is returned when exceeded.
Free / Team Personal Token API Access token
restricted
Free and Team plans do not permit personal access tokens to call the API for automation. Use of the API is gated to Enterprise (and Ignite) plans, with service accounts recommended for non-interactive use.
Bulk Export Job Concurrency organization
dynamic
Issue and dependency exports are processed asynchronously; only a small number of concurrent exports per organization are accepted before subsequent jobs queue.
Policies
429 Throttling
When the per-token bucket is exhausted Snyk returns 429 Too Many Requests with a Retry-After header indicating the wait time.
Backoff Strategy
Implement exponential backoff with jitter on 429 and 5xx responses. Cache idempotent reads (org list, project list) and prefer the bulk Export API for large exports rather than paginating individual issue lists.
Service Accounts For Automation
Use a service account scoped to an organization or group for CI/CD and automation flows; reserve personal tokens for interactive CLI/IDE use.
Regional Endpoint Selection
Use the regional endpoint matching your tenant's region - api.snyk.io (US), api.eu.snyk.io (EU), or api.au.snyk.io (AU) - to comply with data residency.