API Usage Policy

Updated 1 month ago by TruSTAR

The TruSTAR REST API lets you submit data and retrieve reports and IOCs from our platform. To ensure quality of service for our users, TruSTAR has implemented controls for API usage. 

Company Daily API Limit.

Purpose:

  • is: protect the TruSTAR Station platform from DOS attacks.
  • is NOT: billing / up-sell tool.
  • So what?
    • If legitimate integrations / scripts are causing you to exceed your daily rate limit and preventing you from achieving what you need to:
      • please discuss with your TruSTAR account manager.
      • account manager will validate need and increase the company account's daily API quota to a level that enables user to achieve needed outcomes but also protects TruSTAR platform.

For organizations that have a company-level API quota, you can check your API quota through TruSTAR Station.

On the Navigation bar, choose User Settings, then choose Settings on the dropdown menu. Your quota resets every 24 hours at 12AM UTC. 

You can also use the API to check your quota. This call will not count towards your daily quota. 

Other exemptions that will not count towards the daily quota includes the following endpoints:

Increasing daily limit.

If your quota is insufficient, please contact us at support@trustar.co

API Submissions do not count against your API quota

Community-Plus Companies.

  • Daily API limit max 300 calls.
  • Subject to all other limits.
    • per-user / minute.
    • per-IP / 5-min.

Per-user, per-minute Rate Limit.

  • 60 API calls per minute for a user.
    • this is a platform protection measure, cannot be changed.

Per-IP, per-5-minutes Rate Limit.

  • 1,000 API calls per 5 minutes per IP address.
    • this is a platform-protection measure, cannot be changed.

Exceeding Rate Limits.

When usage exceeds one of these limits, TruSTAR returns a Too Many Requests (429) error code. The response body of the error code contain a field called waitTime, which represents the number of seconds you must wait before making another request.

{
"message": "Request limit exceeded for the current time period. Please wait 4000 milliseconds before making more requests.",
"waitTime": 4000
}

Avoiding Exceeding Rate Limits.

The TruSTAR Python SDK gracefully handles all API limits - TruSTAR strongly recommends using it for any custom code you write / run.


How Did We Do?