The Intruder API is rate limited on a per user / access_token basis.
The default rate limit for authenticated requests is set to 5000 requests per hour.
Unauthenticated requests are limited to 60 requests per hour.
If you exceed the rate limit, our API will start rejecting your requests and you'll receive an error response with the code
HTTP 429 "Too Many Requests".
If you're reaching the rate limit, please get in touch. The most obvious fix is normally to improve performance by restructuring the architecture of your integration, but we're happy to help where we can.
Updated about 3 years ago