Resolving API Rate Limiting

Veracode APIs

If your automations appear to be experiencing rate limiting, you can review them for these issues or configuration settings in an attempt to remove the limiting and restore your API requests to normal performance:

  • Any bugs, for example, that might be causing the APIs to send unnecessary requests.
  • Any hard-coded API frequencies that you can reduce to ensure that they are under 250 API requests per minute.
  • Teams that are using the same API credentials for a large number of scans, such as running several scans with the same credentials in more than one development pipeline, and sending an excessive number of requests. Veracode recommends using separate API credentials for each project particularly for teams that need to run a high number of scans.
  • The interval value for the retry-after header is sufficient for your requests. Do not retry your requests until after this interval has expired.