| Type | Limit |
|---|---|
| Client API per user/account token | 1200/5 minutes |
| Client API per IP | 200/second |
| GraphQL | Varies by query cost. Max 320/5 min |
| User API token quota | 50 |
| Account API token quota | 500 |
The global rate limit for the Cloudflare API is 1,200 requests per five minute period per user, and applies cumulatively regardless of whether the request is made via the dashboard, API key, or API token.
If you exceed this limit, all API calls for the next five minutes will be blocked, receiving aHTTP 429 - Too Many Requests response.
Some specific API calls have their own limits and are documented separately, such as the following:
Enterprise customers can alsocontact Cloudflare Support to raise the Client API per user, GraphQL, or API token limits to a higher value.
The following headers are returned when calling REST APIs:
Ratelimit: List of service limit items, composed of the limit name, the remaining quota (r) and the time next window resets (t). For example:"default";r=50;t=30Ratelimit-Policy: List of quota policy items, composed of the policy name, the total quota (q) and the time window the quota applies to (w). For example:"burst";q=100;w=60retry-after: The number of seconds, rounded up, until more capacity is available. Note, this header is only returned when the request has exceeded the rate limit.
Cloudflare's SDKs will also automatically work with the headers and back off in response to rate limits.
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
