View as Markdown

Rate Limits

The Proctorio API enforces rate limits to ensure service reliability for all clients. Limits vary by endpoint based on typical usage patterns.

Default Limits

Rate limits are applied per API key per region. If you exceed the limit, the API responds with HTTP 429 Too Many Requests.

ScopeLimit
Default rate60 requests per minute
Burst10 requests per second

Endpoint-Specific Limits

Some endpoints have higher limits to accommodate real-world usage patterns.

Candidate Launch (/v2/candidate/launch)

The candidate launch endpoint supports high-volume exam starts. Large-scale testing events (e.g., certification exams, university finals) often require thousands of simultaneous launches.

ScopeLimit
Default2,500 requests per minute
Burst500 requests per second

This accommodates scenarios where 2,500+ candidates start an exam within the same minute.

Other Endpoints

All other endpoints use the default limits (60/min, 10/sec burst).

Rate Limit Headers

When rate limited, the API responds with HTTP 429 Too Many Requests and includes:

HeaderDescription
Retry-AfterSeconds to wait before retrying

Handling Rate Limits

When you receive a 429 response, implement exponential backoff:

import time
import requests

def call_api_with_retry(url, headers, payload, max_retries=3):
    for attempt in range(max_retries):
        response = requests.post(url, headers=headers, json=payload)
        if response.status_code == 429:
            retry_after = int(response.headers.get("Retry-After", 2 ** attempt))
            time.sleep(retry_after)
            continue
        return response
    raise Exception("Rate limit exceeded after retries")

Requesting Higher Limits

When to Request Higher Limits

  • Large-scale testing events: Certification exams, standardized testing, or university finals with 5,000+ concurrent candidates
  • Multi-tenant platforms: LMS providers serving multiple institutions through a single integration

How to Request

  1. Contact your account manager with:
    • Your API key identifier (first 8 characters)
    • The specific endpoint(s) requiring higher limits
    • Expected peak request volume (requests per minute)
    • Use case description and timing (e.g., "10,000 candidates starting a certification exam over 5 minutes")
  2. Provide traffic patterns: Share historical data or projections showing your typical and peak usage
  3. Plan ahead: Request limit increases at least 2 weeks before large events to ensure proper provisioning

Enterprise Limits

Enterprise customers can access higher limits based on their requirements:

TierCandidate Launch
Standard2,500/min
EnterpriseCustom

Contact [email protected] for enterprise pricing.

Best Practices

  • Cache generated URLs — they remain valid until their expire time
  • Avoid duplicate requests — don't regenerate URLs for the same user and exam
  • Pre-generate URLs — for scheduled exams, generate candidate URLs up to 5 hours ahead, reviewer/live URLs up to 1 hour ahead (max expire values)
  • Spread bulk operations — distribute requests over time rather than bursting
  • Implement circuit breakers — pause requests after receiving 429 responses
  • Use webhooks — instead of polling for results, subscribe to webhooks for async updates