MDE Entities APIs: API Rate Limiting

Copper Contributor

Hi,

 

I'm querying the Vulnerability endpoint of the MDE API family.

I'm making asynchronous request at a high rate, up to 20 API calls per second. Naturally, I'm hitting the API Rate Limit by receiving a 429 status code. However, I can't seem to be able to confirm exactly what the API Rate Limit is for this endpoint.

 

The only page that mentions Rate Limiting is the one here and it pertains to Incident API or Advanced Hunting API, but not to the Entity API Vulnerability.

 

Can someone please tell me what the API Rate Limit is for Entities under which Vulnerability falls?

 

Thank you.

 

 

2 Replies
Does the response body provide any details? Often the individual API pages (under https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-list) will mention specific limits, but I don't see any mentioned on the endpoint under 'vulnerability'. I would assume this means the global limits apply, but you are right it isn't clear what the docs mean by 'advanced hunting' versus the other APIs. But those docs also imply the response body would provide more specific information for a 429 error.

@jbmartin6 Thank you for the answer.

 

It's gonna sound silly but I did not check the response body. I saw in the doc that it contains the remaining time before the next API call can be made, but since I have to issue hundreds of thousands of request on certain days, I found it pointless to even bother checking. That's not information I can leverage at this time. I could hypothetically parse that body and infer the API Rate Limiting, but that's just silly. First because that's information that should be available in the docs, and second because I know for fact that regardless of what the current API Rate Limiting is set on, I will not be able to run 150K CVEs through that Vulnerability endpoint within a reasonable amount of time. Ultimately, I need to know the exposure for every single CVE. I know there are other ways to pull that off (cf. software vulnerabilities endpoint for full inventory + delta), but I'd like to have a definitive and documented answer to my question.

I appreciate the help though.