Buf Schema Registry (BSR)

Rate limits

The BSR limits the number of API requests you can make within a specified amount of time. These limits prevent abuse and ensures that the BSR remains available for all users.


Code generation

Unauthenticated traffic

The BSR allows 480 unauthenticated code generation requests per hour, with a burst of up to 60 requests.

Authenticated traffic

The BSR allows 960 authenticated code generation requests per hour, with a burst of up to 120 requests.


Unauthenticated traffic

Only authenticated traffic is permitted to access this endpoint.

Authenticated traffic

The BSR allows 1 authenticated request per second to this service, with a burst of up to 2 requests.


Every call to buf generate that involves remote plugins counts as one request, with a max limit of 20 plugins per request. For example, if you have a buf.gen.yaml file with 22 remote plugins, the BSR will reject your request.

If you have exactly 20 (or fewer) plugins and run buf generate, this will count as one request.

Monitoring your rate limit

Callers can check response headers to determine the current status of rate limiting.

X-RateLimit-LimitThe number of requests allowed in a window of time
X-RateLimit-RemainingThe number of requests that can still be made in the current window of time
X-RateLimit-ResetThe number of seconds until the current rate limit window completely resets
Retry-AfterWhen rate limited, the number of seconds to wait before another request will be accepted

Exceeding the rate limit

Requests that exceed a rate limit will return HTTP status code 429 and the X-RateLimit-Remaining header will be 0. You should not retry your request until after the number of seconds specified in the Retry-After header.

Increasing your rate limit

If you want a higher rate limit, consider making authenticated requests instead of unauthenticated requests. Authenticated requests have a significantly higher rate limit than unauthenticated requests. See how to authenticate the buf CLI for details on authenticating.

If you are hitting a rate limit that you don't believe you should be, please contact us.