Rate Limits
BSR Rate Limits
The BSR limits the number of API requests you can make within a specified amount of time. These limits prevent abuse and ensures that the BSR remains available for all users.
Limits
Code generation
Unauthenticated traffic
The BSR allows 480 unauthenticated code generation requests per hour, with a burst of up to 60 requests.
Authenticated traffic
The BSR allows 960 authenticated code generation requests per hour, with a burst of up to 120 requests.
FileDescriptorSetService
Unauthenticated traffic
Only authenticated traffic is permitted to access this endpoint.
Authenticated traffic
The BSR allows 1 authenticated request per second to this service, with a burst of up to 2 requests.
Monitoring your rate limit
Callers can check response headers to determine the current status of rate limiting.
| Header | Description |
|---|---|
| X-RateLimit-Limit | The number of requests allowed in a window of time |
| X-RateLimit-Remaining | The number requests that can still be made in the current window of time |
| X-RateLimit-Reset | The number of seconds until the current rate limit window completely resets |
| Retry-After | When rate limited, the number of seconds to wait before another request will be accepted |
Exceeding the rate limit
Requests that exceed a rate limit will return HTTP status code 429 and the
X-RateLimit-Remaining header will be 0. You should not retry your request
until after the number of seconds specified in the Retry-After header.
Increasing your rate limit
If you want a higher rate limit, consider making authenticated requests instead of unauthenticated requests. Authenticated requests have a significantly higher rate limit than unauthenticated requests. See how to authenticate the buf CLI for details on authenticating.
If you are hitting a rate limit that you don't believe you should be, please contact us.