Marketplace granular rate limiting

Marketplace General Discussion
, , ,
1

We’re assessing the impact of the updated Jira Cloud rate limiting on our Marketplace app, which currently makes a significant number of server-to-server JWT calls. We want to ensure we’re aligned with best practices and sized appropriately. Could you help clarify the points below?

1) Scope and thresholds for the “App” budget

  • What are the exact rate-limit thresholds (both burst and hourly quota) for free Marketplace apps (our app is listed as a free app currently)?

  • Are “App” limits enforced per Atlassian tenant (e.g., foo.atlassian.net vs. bar.atlassian.net) or globally across all tenants using our app?

  • Within a single tenant, are requests from our app aggregated into one “App” budget per installation or shared across multiple installations/environments?

2) App classification and options to increase limits

  • How do you determine an app’s classification (free vs. paid vs. enterprise) for rate-limit purposes?

  • If we transition our listing from free → paid (or to an enterprise tier), how would the “App” budget change?

  • Do the rate limits also depend on the edition of the Atlassian tenant where our app is installed (e.g., Free vs. Standard vs. Premium vs. Enterprise Jira)? If so, how are the limits allocated per tenant type?

  • Is there a process to request higher limits? If so, what criteria and usage data should we provide?

3) Monitoring, metrics, and alerts

  • Do you provide dashboards or APIs to monitor consumption against App, App+user, and User budgets?

  • Can we access these metrics programmatically (e.g., an API endpoint), or only via the developer console?

  • Are there proactive alerts/notifications when we approach thresholds?

4) Endpoint cost model

  • Are some endpoints weighted more heavily than others? Is there a published cost matrix or guidance?

  • Do parameters like expand, response size, or pagination affect request cost?

5) Error semantics and retry guidance

  • When limits are exceeded, are X-RateLimit-* and Retry-After headers consistently present?

  • What backoff and retry behavior do you recommend (e.g., exponential backoff with jitter, max retry windows)?

6) Reducing contention via “App + user”

  • In App + user context, is the budget tracked per end user, per tenant, or shared?

  • Are there recommended design patterns to shift eligible server-side calls from “App” to “App + user” to minimize pressure on the shared App budget?

7) Enforcement timing and notifications

  • Could you confirm the enforcement dates (burst and quota) for free apps and whether any changes are upcoming?

  • Will we receive advance notice if thresholds or policies are adjusted?

4 Likes
Jira API rate limiting