Rate limiting

Note

This page only applies to the pretix Hosted service at pretix.eu. APIs of custom pretix installations do not enforce any rate limiting by default.

All authenticated requests to pretix’ API are rate limited. If you exceed the limits, you will receive a response with HTTP status code 429 Too Many Requests. This response will have a Retry-After header, containing the number of seconds you are supposed to wait until you try again. We expect that all API clients respect this. If you continue to burst requests after a 429 status code, we might get in touch with you or, in extreme cases, disable your API access.

Currently, the following rate limits apply:

Authentication method Rate limit
Device authentication 360 requests per minute per device
Token-based authentication 360 requests per minute per organizer account
OAuth authentication / “Connect with pretix” 360 requests per minute per combination of accessed organizer and OAuth application
Session authentication Not an officially supported authentication method for external access

If you require a higher rate limit, please get in touch at support@pretix.eu and tell us about your use case, we are sure we can work something out.