# Rate limits

The API enforces rate-limits to protect our servers against malicious and/or mistaken use. The API keeps track of the requests on an IP-by-IP basis. Hence, if you're on a VPN, proxy or a shared network in general, the requests of other users on this network might affect you.

At first, a global limit of 5 requests per second per IP address is in effect.

This limit is enforced across multiple load-balancers, and thus is not an exact value but rather a lower-bound that we guarantee. The exact value will be somewhere in the range [5, 5*n] (with n being the number of load-balancers currently active). The exact value within this range will depend on the current traffic patterns we are experiencing.

On top of this, some endpoints are further restricted as follows:

Endpoint Requests per time period Time period in minutes
Account management
GET /account/available 60 60
POST /account/create 5 60
POST /account/activate/{code} 30 60
POST /account/activate/resend 5 60
POST /account/recover 5 60
POST /account/recover/{code} 5 60
POST /user/email 1 60
DELETE /user/{id} 5 60
Authentication
POST /auth/login 30 60
POST /auth/refresh 60 60
Manga
POST /manga 10 60
PUT /manga/{id} 10 60
DELETE /manga/{id} 10 10
POST /manga/draft/{id}/commit 10 60
GET /manga/random 60 1
Authors
POST /author 10 60
PUT /author 10 1
DELETE /author/{id} 10 10
Covers
POST /cover 100 10
PUT /cover/{id} 100 10
DELETE /cover/{id} 10 10
Chapters
POST /chapter/{id}/read 300 10
PUT /chapter/{id} 10 1
DELETE /chapter/{id} 10 1
Scanlation groups
POST /group 10 60
PUT /group/{id} 10 1
DELETE /group/{id} 10 10
CDN (i.e.: MangaDex@Home)
GET /at-home/server/{id} 40 1
Uploads
-> Sessions
GET /upload 30 1
POST /upload/begin 20 (shared) 1
POST /upload/begin/{id} 20 (shared) 1
POST /upload/{id}/commit 10 1
DELETE /upload/{id} 30 1
-> Files
POST /upload/{id} 250 (shared) 1
DELETE /upload/{id}/{id} 250 (shared) 1
DELETE /upload/{id}/batch 250 (shared) 1
reCaptcha
POST /captcha/solve 10 10
Reports
POST /report 10 1
GET /report 10 1

Calling these endpoints will further provide details via the following headers about your remaining quotas:

Header Description
X-RateLimit-Limit Maximal number of requests this endpoint allows per its time period
X-RateLimit-Remaining Remaining number of requests within your quota for the current time period
X-RateLimit-Retry-After Timestamp of the end of the current time period, as UNIX timestamp

# Result Limit

Most of our listing endpoints will return a maximum number of total results that is currently capped at 10.000 items. Beyond that you will not receive any more items no matter how far you paginate and the results will become empty instead. This is for performance reasons and a limitation we will not lift.

Note that the limit is applied to a search query and list endpoints with or without any filters are search queries. If you need to retrieve more items, use filters to narrow down your search.

# Further limitations

From time to time, we may apply undocumented limits to some endpoints if we deem the traffic patterns abusive. This can range from cache-busting attempts to persistent incorrect requests causing API error spikes.

Similarly, some specific request patterns associated with malicious intent result in instantly having your IP blocked for a period of time.

Finally, retrying requests upon rate-limit will result in a combination of the rate-limit being progressively extended until your requests are dropped entirely.