API Throttling

Learn how to set a daily limit on how many API requests SaaS Security API can initiate and how your cloud app vendor’s rate limit impacts asset scanning.
SaaS Security API initiates API calls when it connects to your cloud apps and in the course of scanning your assets. Cloud app vendors (for example, Box) allow for a set amount of event updates (API calls) based on the number of API calls per minute or per second within a 24-hr period. This quota is called rate limit (also known as API throttling). PrismaSaaS does not set the rate limit, nor can it adjust this limit. The rate limit is controlled by your cloud app vendors.
API throttling ensures maximum uptime of SaaS apps, but can result in latency. To resolve scan latency, it’s recommended that you ask your cloud app vendor to increase your rate limit. SaaS Security API promptly requests event updates from cloud app vendors, but API throttling delays event delivery, depending on the amount of data being requested. This latency is most noticeable when updates occur immediately after onboarding and usually accompanies a large volume of assets.
To mitigate the impacts of API throttling, SaaS Security API uses a backlog: assets continue to be scanned and are saved to a backlog. All known assets eventually display in SaaS Security web interface after the Scan service processes your backlog. Timestamps for all events remain accurate—as of the actual event.
Irrespective of API throttling, wait 24 hours after onboarding before you remediate in bulk or, alternatively, configure automatic remediation. Waiting provides more insight into your data, potentially improving your strategic policy decisions.

Recommended For You