REST API Limits
When making API calls, make sure that you take into account the allowed maximum number of calls per minute, returned objects, or total item count.
Important
Any tooling that parses the HTTP headers should be changed to allow case-insensitive header name matching in order to retain compatibility with future PCE releases. Refer to RFC 7230, section 3.2, "Header Fields," which states that field names should be case insensitive.
API Rate Limits and DOS Protection
The Illumio REST API is rate-limited and allows only a maximum of 500 requests per minute per user session or API key. The rate is set to maintain the PCE performance and service availability and to prevent malicious attackers from attempting to disrupt a service (for example, DoS attacks). If the set rate limit is reached, the call returns an HTTP error 429 Too many requests.
Limits for Bulk Operations
In addition to the rate limits described above that are counted for all requests, the unpair workloads and delete traffic flows APIs have a rate limit of 10 calls per minute. There are also two limits on the number of resources that can be operated per call.
API Call and Endpoint | Request Rate Limit | Item Limit | Exposure |
|---|---|---|---|
Unpair Workloads
| 10 per minute | 1000 workloads per request | Public Stable |
Note
Illumio reserves the right to adjust the rate limit on the Illumio Secure Cloud for given endpoints at any time to ensure all clients receive a high-quality service.
Ruleset Rules Display Limit
The PCE web console supports up to 500 rules per ruleset. Rulesets with more than 500 rules cannot be fully displayed in the PCE web console.
GET Collection Request Limits
By default, when you perform a synchronous GET request with this API, the maximum number of objects returned is 500.
Some GET APIs provide query parameters to help restrict the number of results, depending on the API. For example, the workloads API provides multiple query parameters for GET collections, such as label, ip_address, policy_health, and more.
If you want to get more than 500 objects from a GET collection, use which runs the request as an offline job. Job results can be downloaded after the job finishes.
Checking Total Item Count
To find out how many items exist for a given resource, such as whether there are more than 500 workloads in the PCE, first check the number of items using the max_results query parameter on a GET collection and then view the header of the response for the total item count for the resource.
If the total item count is less than 500, you can perform a regular GET collection for the results. If the total item count is more than 500, use Asynchronous GET Collections.
For example, make the following GET call on a collection of workloads with the max_results query parameter set equal to 1, then check the header to see how many workloads exist in your organization.
Note
When using multiple query parameters, enclose the URI, endpoint, and query_params in single or double quotes.
GET 'https://pce.mycompany.com:8443/api/v2/orgs/7/workloads?max_results=1&managed=true'
You can check the HTTP response header for the 'X-Total-Count' field, which indicates the total number of workloads. In this example, the total count shows 71 (highlighted in blue font), so a regular GET collection is appropriate. An asynchronous GET collection would be used if the value were more than 500.
Cache-Control →no-store Content-Encoding →gzip Content-Type →application/json Date →Wed, 07 Sep 2016 14:01:00 GMT ETag →W/"025cc8bfcXXXXXXXXXX7900081e7c6cb" Status →200 OK Transfer-Encoding →chunked Vary →Accept-Encoding X-Matched-Count →71 X-Request-Id →d43a8ce9-XXXX-4453-XXXX-dde79XXX0fa8 X-Total-Count →71
Character Limits on Resource Names
The PCE has a 255-character limit for each name string when naming resources. This JSON property is listed as name in the API.
For example, this 255-character limit applies to naming workloads, labels, IP lists, and services.
However, the PCE does not have a character limit for the description field, which typically follows a resource's name.